Saturday, December 2, 2023

15 More Vulnerabilities Added to 2023 CWE Top 25 Most Dangerous Software

The CVE MITRE foundation has released the list of “On the Cusp” in which many of the CWEs (Common Weakness Enumerations) have increased as...

Maintainers of a Popular Open Source Tool Warns of Critical Curl Vulnerability

Two new vulnerabilities have been discovered in the widely used Curl tool. These two vulnerabilities are identified as CVE-2023-38545 and CVE-2023-38546. One of these...

Hackers Exploit Atlassian Confluence Zero-day Flaw to Create Admin Account

The widely adopted Atlassian Confluence has been discovered with a zero-day vulnerability, which could allow threat actors to create an admin account on the...

MacOS “DirtyNIB” Vulnerability: Let Attackers Execute Malicious Code

A new zero-day vulnerability has been discovered in Apple’s macOS systems, which allows threat actors to execute code on behalf of a legitimate Apple...

Mirai-based DDoS Attackers Aggressively Adopted New Router Exploits

In September 2023, FortiGuard Labs' vigilant team uncovered a significant development in the IZ1H9 Mirai-based DDoS campaign. This campaign, known for its aggressive tactics, had...

D-Link Wi-Fi Range Extender Vulnerability Let Attackers Inject Remote Code

A command injection vulnerability has been discovered in the D-Link DAP-X1860 range extender, allowing threat actors to execute remote code on affected devices. The...

Hackers Exploiting Confluence Flaw to Deploy Ransomware

Hackers actively target Confluence flaws because it is a widely used collaboration and documentation platform, making it a valuable target for gaining unauthorized access...

Fortinet FortiOS Flaw Let Attacker Execute Malicious JavaScript Code

Fortinet FortiOS has been discovered with Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerabilities, which threat actors can use for malicious purposes.These vulnerabilities...

Hackers Actively Exploiting Big-IP and Citrix Vulnerabilities

Experts issued security alerts concerning the ongoing exploitation of Big-IP (CVE-2023-46747, CVE-2023-46748) and Citrix (CVE-2023-4966) vulnerabilities.The publicly available Proof of Concepts (POCs) for these...
Microsoft Office XSS Flaw

Microsoft Office XSS Flaw Let Attackers Execute Arbitrary Code

A recently discovered vulnerability in Microsoft Office Word has raised concerns over the security of the popular productivity suite. This security flaw, classified as a...

Managed WAF protection


Recent Articles