961 Results for:CVE

  • Sort by: 

Ransomware gang targets critical Progress WS_FTP Server bug

By Alexander Culafi 13 Oct 2023

The vulnerability used in the failed ransomware attack, CVE-2023-40044, is a .NET deserialization vulnerability in Progress Software's WS_FTP Server with a CVSS score of 10. Read More

Browser companies patch critical zero-day vulnerability

By Arielle Waldman 13 Sep 2023

While attack details remain unknown, Chrome, Edge and Firefox users are being urged to update their browsers as an exploit for CVE-2023-4863 lurks in the wild. Read More

FBI: Suspected Chinese actors continue Barracuda ESG attacks

By Arielle Waldman 24 Aug 2023

The alert comes after Barracuda Networks issued an advisory stating that patches for CVE-2023-2868 were insufficient and all affected ESG devices need to be replaced. Read More

Rackspace: Ransomware attack caused by zero-day exploit

By Alexander Culafi 04 Jan 2023

The exploit that led to the Rackspace ransomware attack, referred to as OWASSRF, combines two Exchange Server flaws -- CVE-2022-41080 and a ProxyNotShell flaw, CVE-2022-41082. Read More

CISA details backdoor malware used in Barracuda ESG attacks

By Alexander Culafi 31 Jul 2023

CISA said Friday that 'Submarine' is a novel persistent backdoor used in attacks against Barracuda Email Security Gateway appliances vulnerable to CVE-2023-2868. Read More

Citrix NetScaler ADC and Gateway flaw exploited in the wild

By Alexander Culafi 19 Jul 2023

Critical remote code execution flaw CVE-2023-3519 was one of three vulnerabilities in Citrix's NetScaler ADC and Gateway. Customers are urged to patch their instances. Read More

Multiple Adobe ColdFusion flaws exploited in the wild

By Alexander Culafi 18 Jul 2023

One of the Adobe ColdFusion flaws exploited in the wild, CVE-2023-38203, was a zero-day bug that security vendor Project Discovery inadvertently published. Read More

Chinese APT exploits critical CVE in Pulse Secure VPN

By Alex Scroxton 20 Apr 2021

A newly disclosed vulnerability in Pulse Secure’s VPN is being exploited by a Chinese advanced persistent threat group – assume compromise and mitigate today Read More

Google unveils 'Downfall' attacks, vulnerability in Intel chips

By Rob Wright 08 Aug 2023

Google researcher Daniel Moghimi first reported CVE-2022-40982 and the resulting data leak attacks to Intel in August 2022, but it's taken nearly 12 months to disclose the flaw. Read More

Barracuda: Replace vulnerable ESG devices 'immediately'

By Arielle Waldman 08 Jun 2023

Customers with email security gateway appliances affected by a recent zero-day flaw, CVE-2023-2868, are being urged to replace devices, even if the hardware has been patched. Read More