Why Microsoft? Why?
A vulnerability in IE (yes! IE!) has been used for over a year as a zero-day to plant infostealers on…
3 minutes
Pieter Arntz
Get patching! Old vCenter vulnerability actively abused
CISA has added a two-year-old vulnerability in vCenter to its catalog of known exploited vulnerabilities
1 minute
22 minutes from PoC exploit to attacks—would you have patched in time?
The speed at which you need to apply patches is increasing. Are you prepared?
2 minutes
GeoServer vulnerability actively abused, CISA warns
CISA has added CVE-2024-36401 to its catalog of known exploited vulnerabilities.
2 minutes
Watch out for CRYSTALRAY, an open source aficionado with a hunger for crypto
The CRYSTALRAY group, tracked by Sysdig, is using a suite of open source tools to find and compromise targets for…
1 minute
Patch now! July Patch Tuesday fixes two actively exploited vulnerabilities
Microsoft's Patch Tuesday covers two actively exploited vulnerabilities, one Office Remote Code Execution (RCE) flaw, and many other CVEs
2 minutes
South Africa’s NHLS is recovering from a ransomware attack quickly, it just doesn’t feel that way
It's estimated that the NHLS handles diagnostic tests for about 80% of South Africa's population. Ransomware groups don't care.
2 minutes
Alabama State Department of Education stops ransomware attack but the assault on US education continues
More than 60% of global ransomware attacks on education happen in the USA.
2 minutes
Ransomware increases hospital deaths significantly
New research shows that you don't want to be in a hospital when ransomware strikes.
1 minute
Law enforcement takes out hundreds of malicious Cobalt Strike servers
International law enforcement agencies have revealed a three-year operation to combat Cobalt Strike servers used by cybercriminals.
1 minute
Patch, but don’t be scared! OpenSSH bug is back from the dead
A vulnerability from 2006 has come back to life to haunt installations of the widely-used secure shell.
2 minutes
Cisco warns about actively exploited vulnerability in switches
A vulnerability in routers that could allow a local authenticated attacker to execute arbitrary commands as root is reportedly under…
2 minutes
Upgrade now! Juniper releases patch for critical authentication bypass
Juniper Networks has released an out-of-cycle upgrade for a CVSS 10 vulnerability.
1 minute
Old, critical Firefox updates STILL need patching
It isn't just Chrome that organizations are struggling to keep updated.
2 minutes
Upgrade now! Critical Fortra FileCatalyst Workflow vulnerability needs your attention
An SQL injection vulnerability in Forta’s FileCatalyst Workflow has a CVSS score of 9.8 and a working proof-of-concept exploit.
1 minute
Upgrade now! New MOVEit Transfer vulnerability under active exploitation
A new vulnerability in MOVEit Transfer is already under active exploitation, just a day after a patch was released.
2 minutes
GrimResource MSC attack uses 5-year-old vulnerability
Cybercriminals' search for an alternative to Office macros has brought them to MSC files used by the Microsoft Management Console.
2 minutes
UEFI vulnerability for Intel processors opens the doors for a bootkit
Researchers have disclosed details of a vulnerability in Phoenix Technologies' firmware for Intel processors.
2 minutes
Microsoft 365 users targeted in 2FA-busting phishing campaigns
Researchers have uncovered a Phishing-as-a-Service platform that enables criminals to bypass some forms of 2FA.
2 minutes
Patch now! VMWare releases fix for critical vulnerabilities
Broadcom notified VMWare users about an update for VMware vCenter Server which addresses three critical vulnerabilities.
2 minutes
