VMware Disputes Old Flaws at Root of ESXiArgs Ransomware Attacks
Edward Hawkins, the High-Profile Product Incident Response Manager at VMware, has refuted claims that two-year-old vulnerabilities have …
Flaws
Exploit Released for GoAnywhere File Transfer Zero-Day Flaw
A zero-day vulnerability affecting on-premise instances of Fortra’s GoAnywhere MFT-managed file transfer solution was actively exploited, …
Firmware Flaws Could Spell ‘Lights Out’ for Servers
Five vulnerabilities in the baseboard management controller (BMC) firmware used in servers of 15 major vendors could give attackers the …
Flaw in Diksha App Exposed the Data of Millions of Indian Students
The data was stored by the Digital Infrastructure for Knowledge Sharing app, or Diksha, a public education app launched in 2017. At the …
Cisco Unified CM SQL Injection Flaw Let Attackers Execute Crafted SQL Queries
Cisco released fixes for Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition to address …
Chinese Hackers Exploited Recent Fortinet Flaw as 0-Day to Drop Malware
A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks …
Microsoft Azure Services Found Vulnerable to Server-Side Request Forgery Attacks
Cyber researchers discovered last year that four of Microsoft Azure`s Services had security issues that made them vulnerable to server-side …
Experts found SSRF flaws in four different Microsoft Azure services
SSRF vulnerabilities in four Microsoft Azure services could be exploited to gain unauthorized access to cloud resources. Researchers at the …
Microsoft Azure Services Flaws Could’ve Exposed Cloud Resources to Unauthorized Access
Four different Microsoft Azure services have been found vulnerable to server-side request forgery (SSRF) attacks that could be exploited to …
CISA Warns for Flaws Affecting Industrial Control Systems from Major Manufacturers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released several Industrial Control Systems (ICS) advisories warning …
FortiOS SSL-VPN Zero-day Flaw Exploited to Attack Government Organizations
There have been a number of attacks against government organizations and government-related targets using FortiOS SSL-VPN zero-day …
FortiOS Flaw Exploited as Zero-Day in Attacks on Government and Organizations
A zero-day vulnerability in FortiOS SSL-VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting the …
Experts Detail Chromium Browser Security Flaw Putting Confidential Data at Risk
Details have emerged about a now-patched vulnerability in Google Chrome and Chromium-based browsers that, if successfully exploited, could …
Microsoft Patch Tuesday – 98 Flaws Patched Including the One Exploited in the Wild
A total of 98 vulnerabilities were fixed on January Patch Tuesday 2023 by Microsoft, including a zero-day vulnerability that was exploited …