Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could allow malicious actors to achieve remote code execution (RCE). The vulnerability in question, CVE-2024-52875, refers Read more…
CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as Read more…
Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption Microsoft has announced that it’s making an “unexpected change” to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure. “We expect that most users will not be directly Read more…
Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in the Read more…
Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. Read more…
Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect. The vulnerability in question is CVE-2023-48788 (CVSS score: Read more…
CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in Read more…
Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information. The vulnerability, tracked as CVE-2023-34990, carries a CVSS score of 9.6 out of Read more…
BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products BeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to the execution of arbitrary commands. Privileged Remote Access controls, manages, and audits privileged accounts Read more…
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. Read more…