New Confluence Vulnerability Leads to Unauthorised Access

A new CVE-2023-22518 vulnerability allows hackers to perform access data on the server without any authorization

Another vulnerability in the flagship product of Atlassian corporation, Confluence, allows hackers to access the servers and dump the data. As the company claims, the issue sits in the improper authorization within the Data Center and Server apps. The company already offers the patches for this breach. Confluence Data Center and Server Vulnerability Leads to… Continue reading New Confluence Vulnerability Leads to Unauthorised Access

Exim Vulnerability Allows RCE, No Patches Available

A massively-popular solution for establishing mailing clients appears to have a critical vulnerability

Exim Internet Mailer, a program massively used as a basis for mailing servers, appears to have a remote code execution vulnerability. By overflowing the buffer, hackers can make the program execute whatever code they need. Despite several reports to the developer, the patch is still not available. What is Exim? Exim is a mail transfer… Continue reading Exim Vulnerability Allows RCE, No Patches Available

Citrix and Adobe Vulnerabilities Under Active Exploitation

Hackers are exploiting products from Adobe and Citrix, the Cybersecurity and Infrastructure Security Agency warned this week.

Citrix was able to patch a zero-day vulnerability, while Adobe warns of attacks using ColdFusion Zero-Day and releases an urgent update that nearly fixes the issue. Nonetheless, the story is still not over, as these vulnerabilities are still exploited. Citrix and Adobe Patch 0-day Vulnerabilities Simultaneously, products of two companies were hit with critical vulnerabilities… Continue reading Citrix and Adobe Vulnerabilities Under Active Exploitation

MOVEit MFT 0-day Vulnerability is Used to Steal Corporate Data

New vulnerability can grant hackers access to the web file storage

MOVEit managed file transfer (MFT) solution appears to contain a 0-day vulnerability, already exploited by hackers. Progress, the developer of the software solution, already released a note and security advisory regarding the case. What is MOVEit MFT? MOVEit is a software solution that allows convenient and secure data transfer inside the organisation. The product under… Continue reading MOVEit MFT 0-day Vulnerability is Used to Steal Corporate Data

New iOS Vulnerability Allows “Triangulation” Attack

New zero-click exploit is used by hackers to deploy Triangulation spyware

New iOS vulnerability allows executing a zero-click malware delivery through the built-in iMessage messenger. The breach was discovered by Kaspersky analytics team, and appears to touch almost every user of Apple smartphones. Experts dubbed the malware “Triangulation”. iOS Exploit Allows Zero-Click Infection Probably, the worst case scenario for any target of cyberattack is the infection… Continue reading New iOS Vulnerability Allows “Triangulation” Attack

MSMQ Vulnerability Allows Remote Code Execution

CVE-2023-21554 allows hackers to take over the crucial MSMQ process

Recent update released by Microsoft, an April Patch Tuesday, revealed a severe vulnerability in Microsoft Message Queueing mechanism. That vulnerability allows remote code execution after sending 1 (one) package through a specific port. What is Microsoft Message Queueing? Microsoft Message Queueing, or MSMQ, is an infrastructure element for sharing messages within a local network. At… Continue reading MSMQ Vulnerability Allows Remote Code Execution

Information Security Specialists Discovered a 0-day Vulnerability in Windows Search

A new 0-day Windows Search vulnerability could be used to automatically open a search box and launch remote malware, which is easily done by simply opening a Word document. Bleeping Computer says the problem is serious because Windows supports the search-ms protocol URI handler, which allows apps and HTML links to run custom searches on… Continue reading Information Security Specialists Discovered a 0-day Vulnerability in Windows Search

F5 warns of critical BIG-IP RCE vulnerability

0-day vulnerability, Vulnerabilities, F5 Inc, Security breach, Exploit,

F5, Inc warned the users about the critical vulnerability that harms the iControl REST users. That solution is a framework offered by the F5 Corporation as an advanced tool for software developers. The detected flaw is noted as critical, since it makes the device takeover possible for non-authorised users. F5 warns its customers of a… Continue reading F5 warns of critical BIG-IP RCE vulnerability

Lapsus$ hack group stole the source codes of Microsoft products

The Lapsus$ hack group has released the source codes for Bing, Cortana, and other Microsoft products allegedly stolen from an internal Microsoft Azure DevOps server. Over the weekend, a screenshot appeared on the Lapsus$ Telegram channel demonstrating that hackers attacked the Microsoft Azure DevOps server and got to the sources of Bing, Cortana and various… Continue reading Lapsus$ hack group stole the source codes of Microsoft products

Chinese hackers use Zimbra 0-day vulnerability to hack European media and authorities

Security firm Volexity has warned that a previously unknown Chinese hack group is exploiting a 0-day vulnerability in Zimbra’s collaborative software. According to official statistics, more than 200,000 enterprises in 140 countries around the world use Zimbra, including more than 1,000 government and financial institutions. The researchers write that using the 0-day vulnerability, attackers gain… Continue reading Chinese hackers use Zimbra 0-day vulnerability to hack European media and authorities