Microsoft is warning of cyber attacks exploiting a recently patched Outlook vulnerability tracked as CVE-2023-23397 (CVSS score: 9.8). Microsoft published guidance for investigating attacks exploiting recently patched Outlook vulnerability tracked as CVE-2023-23397. The flaw is a Microsoft Outlook spoofing vulnerability that can lead to an authenticati

Researchers released a PoC exploit code for a high-severity vulnerability in Veeam Backup & Replication (VBR) software. Veeam recently addressed a high-severity flaw, tracked as CVE-2023-27532, in Veeam Backup and Replication (VBR) software. An unauthenticated user with access to the Veeam backup service (TCP 9401 by default) can exploit the flaw to r

Cisco Talos researchers published PoC exploits for vulnerabilities in Netgear Orbi 750 series router and extender satellites. Netgear Orbi is a line of mesh Wi-Fi systems designed to provide high-speed, reliable Wi-Fi coverage throughout a home or business. The Orbi system consists of a main router and one or more satellite units that work together to cre

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This i

Experts warn that 55 zero-day vulnerabilities were exploited in attacks carried out by ransomware and cyberespionage groups in 2022. Cybersecurity firm Mandiant reported that ransomware and cyberespionage groups exploited 55 zero-day flaws in attacks in the wild. Most of the zero-day vulnerabilities were in software from Microsoft, Google, and Apple.

Hitachi Energy disclosed a data breach, the Clop ransomware gang stole the company data by exploiting the recent GoAnywhere zero-day flaw. Hitachi Energy disclosed a data breach, the company was hacked by the Clop ransomware gang that stole its data by exploiting the recently disclosed zero-day vulnerability in the GoAnywhere MFT (Managed File Transfer).

On March 15, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a new vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The said vulnerability impacts Adobe ColdFusion and is actively exploited by threat actors.Details on the VulnerabilityThe flaw in question is CVE-2023-26360, with a CVSS score of 8.6. The vulnerability

The cyber-research community raises concerns over an unpatched vulnerability that puts the Microsoft 365 suite at risk. Earmarked CVE-2023-23397, the vulnerability allows an unauthenticated threat actor to obtain the user’s credentials by passing along a crafted email package. Research suggests that the bug, which was formally attributed to a Microsoft Outlo

Multiple threat actors exploited a critical flaw in Progress Telerik to breach an unnamed US federal agency, said the US government. A joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) revealed that multiple threat a

US CISA added an actively exploited vulnerability in Adobe ColdFusion to its Known Exploited Vulnerabilities Catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Adobe ColdFusion, tracked as CVE-2023-26360 (CVSS score: 8.6), to its Known Exploited Vulnerabilities Catalog. This week Adobe released s

Data security firm Rubrik discloses a data breach, attackers exploited recent GoAnywhere zero-day to steal its data. Cybersecurity firm Rubrik disclosed a data breach, a ransomware group stolen compeny data by exploiting the recently disclosed zero-day vulnerability in the Fortra GoAnywhere secure file transfer platform. The company was the victim of a

Microsoft Patch Tuesday updates for March 2023 addressed 74 vulnerabilities, including a Windows zero-day exploited in ransomware attacks. Microsoft Patch Tuesday security updates for March 2023 addressed 74 new vulnerabilities in Microsoft Windows and Windows Components; Office and Office Components; Edge (Chromium-based); Microsoft Dynamics; Visual Stud

Adobe is warning that a critical zero-day flaw in ColdFusion web app development platform was exploited in very limited attacks. Software giant Adobe released security updates for ColdFusion versions 2021 and 2018 to resolve a critical flaw, tracked as CVE-2023-26360 (CVSS base score 8.6), that was exploited in very limited attacks. “Adobe is awa

US CISA added remote code execution vulnerability in Plex Media Server to its Known Exploited Vulnerabilities Catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a remote code execution (RCE) vulnerability in the Plex Media Server, tracked as CVE-2020-5741 (CVSS score: 7.2), to its Known Exploited Vulnerabilities Catalog. Th

Researchers observed threat actors deploying PlugX malware by exploiting flaws in Chinese remote control programs Sunlogin and Awesun. Researchers at ASEC (AhnLab Security Emergency response Center) observed threat actors deploying the PlugX malware by exploiting vulnerabilities in the Chinese remote control software Sunlogin and Awesun. Sunlogin RCE v