961 Results for:CVE
- Sort by:
Horizon3.ai releases POC exploit for VMware vulnerabilities
31 Jan 2023Penetration testing vendor Horizon3.ai published technical details and exploit code for three new CVEs in VMware vRealize Log Insight that can be chained for remote code execution. Read More
Microsoft fixes three zero-days in February update
15 Feb 2023February’s Patch Tuesday update contains fixes for three previously unpublicised zero-days in Microsoft Office, Windows Graphics Component and Windows Common Log File System Driver Read More
Risk & Repeat: Mandiant sheds light on Barracuda ESG attacks
15 Jun 2023Barracuda Networks attempted to fix the critical ESG zero-day vulnerability, but a Chinese nation-state threat actor was able to maintain access on compromised devices. Read More
U.S. federal agency hacked via 3-year-old Telerik UI flaw
16 Mar 2023A CISA advisory said multiple threat actors recently exploited a Progress Telerik UI vulnerability, first disclosed in 2019, to breach an unnamed federal civilian agency. Read More
Ransomware actors exploiting MoveIt Transfer vulnerability
05 Jun 2023Microsoft said the recently disclosed zero-day flaw in Progress Software's managed file transfer product is being exploited by threat actors connected to the Clop ransomware gang. Read More
Magniber ransomware actors exploiting Microsoft zero day
14 Mar 2023Magniber ransomware actors discovered a way to bypass Microsoft's remediation for a previous SmartScreen vulnerability to attack enterprises, according to Google researchers. Read More
Microsoft mends Windows zero-day on April Patch Tuesday
11 Apr 2023What's old is new again as multiple security updates from the past made a comeback this month to push the total number of vulnerabilities addressed to 102. Read More
Mandiant: Attacker dwell time down, ransomware up in 2023
23 Apr 2024Mandiant's 'M-Trends' 2024 report offered positive signs for global cybersecurity but warned that threat actors are shifting to zero-day exploitation and evasion techniques. Read More
VulnCheck: CISA's KEV missing 42 vulnerabilities from 2022
09 Mar 2023VulnCheck said CISA's Known Exploited Vulnerabilities catalog 'cannot be treated as the authoritative catalog of exploited vulnerabilities' in its current state. Read More
ESXiArgs attack vector unclear as infections continue
15 Feb 2023This Risk & Repeat podcast episode discusses the recent developments involving ESXiArgs, the ransomware variant that has been infecting vulnerable VMware ESXi servers this month. Read More