Google TAG’s recent discovery reveals a 0-day exploit, CVE-2023-37580, targeting Zimbra Collaboration. This is a Cross-Site Scripting (XSS) vulnerability exploited in four campaigns. Zero-day discovery was patched A severe vulnerability has been discovered in the Zimbra email software. Four hacker groups exploited vulnerabilities to steal email data, user credentials, and tokens. According to the Google… Continue reading Zimbra Vulnerability Exploited in the Wild
Tag: Zero Day
Ivanti EPMM Vulnerability Patch is Vulnerable
Ivanti, the provider of a wide range of management solutions for corporations, have apparently taken up the baton from Ipswich, the vendor of an infamous MOVEit MFT. Analysts discovered 2 severe vulnerabilities in its EPMM over the last 10 days, and the company released urgent fixes. However, the patch for the CVE-2023-35078 appears to be… Continue reading Ivanti EPMM Vulnerability Patch is Vulnerable
Ivanti 0-day exploited to target Norwegian government
Software development company Ivanti (formerly MobileIron Core) has patched a zero-day vulnerability that allowed authentication bypass. This vulnerability had a maximum CVSS level and was actively exploited to gain unauthorized access. What is Ivanti Company? Ivanti is an IT software company headquartered in Utah, United States. It produces a variety of IT management and security… Continue reading Ivanti 0-day exploited to target Norwegian government
Citrix and Adobe Vulnerabilities Under Active Exploitation
Citrix was able to patch a zero-day vulnerability, while Adobe warns of attacks using ColdFusion Zero-Day and releases an urgent update that nearly fixes the issue. Nonetheless, the story is still not over, as these vulnerabilities are still exploited. Citrix and Adobe Patch 0-day Vulnerabilities Simultaneously, products of two companies were hit with critical vulnerabilities… Continue reading Citrix and Adobe Vulnerabilities Under Active Exploitation
Microsoft CVE-2023-36884 Vulnerability Exploited in the Wild
On July 11, 2023, Microsoft published an article about addressing the CVE-2023-36884 vulnerability. This breach allowed for remote code execution in Office and Windows HTML. Microsoft has acknowledged a targeted attack that exploits a vulnerability using specifically designed Microsoft Office documents. The attacker can gain control of a victim’s computer by creating a malicious Office… Continue reading Microsoft CVE-2023-36884 Vulnerability Exploited in the Wild
How to Protect Your Digital Footprint
The modern business world has been greatly advanced by the internet. Its convenience and numerous benefits have made people from all over the world reliant on the digital world. As the use of digital platforms continues to increase, businesses of all sizes should consider their digital footprint. What is Corporate Digital Footprint? Your company’s digital… Continue reading How to Protect Your Digital Footprint
Attackers Exploit MSDT Follina Bug to Drop RAT
Security specialists caution users about the exploitation of the recently disclosed Follina Bug found in all supported versions of Windows. Threat actors have actively utilized this vulnerability to install payloads such as the AsyncRAT trojan and infostealer. Understanding the Follina Vulnerability On May 27, 2022, the public became aware of a remote code execution (RCE)… Continue reading Attackers Exploit MSDT Follina Bug to Drop RAT