961 Results for:CVE

  • Sort by: 

Horizon3.ai releases POC exploit for VMware vulnerabilities

By Alexander Culafi 31 Jan 2023

Penetration testing vendor Horizon3.ai published technical details and exploit code for three new CVEs in VMware vRealize Log Insight that can be chained for remote code execution. Read More

Microsoft fixes three zero-days in February update

By Alex Scroxton 15 Feb 2023

February’s Patch Tuesday update contains fixes for three previously unpublicised zero-days in Microsoft Office, Windows Graphics Component and Windows Common Log File System Driver Read More

Risk & Repeat: Mandiant sheds light on Barracuda ESG attacks

By Alexander Culafi 15 Jun 2023

Barracuda Networks attempted to fix the critical ESG zero-day vulnerability, but a Chinese nation-state threat actor was able to maintain access on compromised devices. Read More

U.S. federal agency hacked via 3-year-old Telerik UI flaw

By Alexander Culafi 16 Mar 2023

A CISA advisory said multiple threat actors recently exploited a Progress Telerik UI vulnerability, first disclosed in 2019, to breach an unnamed federal civilian agency. Read More

Ransomware actors exploiting MoveIt Transfer vulnerability

By Rob Wright 05 Jun 2023

Microsoft said the recently disclosed zero-day flaw in Progress Software's managed file transfer product is being exploited by threat actors connected to the Clop ransomware gang. Read More

Magniber ransomware actors exploiting Microsoft zero day

By Arielle Waldman 14 Mar 2023

Magniber ransomware actors discovered a way to bypass Microsoft's remediation for a previous SmartScreen vulnerability to attack enterprises, according to Google researchers. Read More

Microsoft mends Windows zero-day on April Patch Tuesday

By Tom Walat 11 Apr 2023

What's old is new again as multiple security updates from the past made a comeback this month to push the total number of vulnerabilities addressed to 102. Read More

Mandiant: Attacker dwell time down, ransomware up in 2023

By Rob Wright 23 Apr 2024

Mandiant's 'M-Trends' 2024 report offered positive signs for global cybersecurity but warned that threat actors are shifting to zero-day exploitation and evasion techniques. Read More

VulnCheck: CISA's KEV missing 42 vulnerabilities from 2022

By Alexander Culafi 09 Mar 2023

VulnCheck said CISA's Known Exploited Vulnerabilities catalog 'cannot be treated as the authoritative catalog of exploited vulnerabilities' in its current state. Read More

ESXiArgs attack vector unclear as infections continue

By Alexander Culafi 15 Feb 2023

This Risk & Repeat podcast episode discusses the recent developments involving ESXiArgs, the ransomware variant that has been infecting vulnerable VMware ESXi servers this month. Read More