Trending Vulnerabilities
If it's trending, then it's probably important. Patch quicker!
CVE-2023-50428
CVE-2023-42793
CVE-2023-50164
CVE-2023-45124
CVE-2023-48777
Cyber Security News
Read about it, before you get ransomwared!
The Hacker News CVE-2023-42793Russian SVR-Linked APT29 Targets JetBrains TeamCity Servers in Ongoing Attacks
Russian SVR-linked APT29 targets unpatched JetBrains TeamCity servers using CVE-2023-42793, a vulnerability enabling remote code execution by unauthen
1 hour ago
The Hacker News CVE-2023-42793Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans
Lazarus Group launched a new global campaign involves exploiting security flaws in Log4j to deploy previously undocumented RAT on compromised hosts.
2 days ago
Help Net Security CVE-2023-50164Attackers are trying to exploit Apache Struts vulnerability (CVE-2023-50164) - Help Net Security
Attackers are trying to leverage public PoC exploit code for CVE-2023-50164, a path traversal vulnerability in Apache Struts 2.
2 days ago
Russian Cyber Actors are Exploiting a Known Vulnerability with Worldwide Impact
The CSA notes that SVR actors exploit a known vulnerability, CVE-2023-42793, to gain initial access to the TeamCity servers and then perform malicious...
2 days ago
CISA CVE-2023-42793CISA and Partners Release Advisory on Russian SVR-affiliated Cyber Actors Exploiting CVE-2023-42793 | CISA
CISA and Partners Release Advisory on Russian SVR-affiliated Cyber Actors Exploiting CVE-2023-42793. Release Date. December 13, 2023. Today, CISA—along with...
2 days ago
The Hacker News CVE-2023-36019Microsoft's Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical
Microsoft's final Patch Tuesday of 2023 is here, addressing 33 software flaws. This release includes 4 Critical and 29 Important fixes.
3 days ago
The Hacker News CVE-2023-45866Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws
Apple has released patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address multiple vulnerabilities.
3 days ago
Microsoft Patch Tuesday, December 2023 Edition – Krebs on ...
While CVE-2023-35641 earned a high vulnerability severity score (a CVSS rating of 8.8), the threat from this flaw may be limited somewhat because an attacker...
3 days ago
Sophos News CVE-2023-36019From Microsoft to you, 33 packages
CVE-2023-35628, Windows MSHTML Platform Remote Code Execution Vulnerability ; CVE-2023-35630, Internet Connection Sharing (ICS) Remote Code Execution...
4 days ago
50K WordPress sites exposed to RCE attacks by critical bug in backup plugin
A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites.
5 days ago
The Hacker News CVE-2023-22518Experts Warn of Ransomware Hackers Exploiting Atlassian and Apache Flaws
Ransomware groups are actively exploiting critical flaws in Atlassian Confluence & Apache ActiveMQ.
1 month ago
The Hacker News CVE-2023-38548Critical Flaws Discovered in Veeam ONE IT Monitoring Software – Patch Now
Veeam ONE faces security crisis! Four vulnerabilities exposed. Learn how to protect your IT monitoring and analytics platform now.
1 month ago
Help Net Security CVE-2023-22518Atlassian Confluence data-wiping vulnerability exploited - Help Net Security
Threat actors are trying to exploit a critical Atlassian Confluence flaw (CVE-2023-22518) to reset vulnerable instances' database.
1 month ago
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online
Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution (RCE) vulnerability.
1 month ago
Theregister CVE-2023-4966'Mass exploitation' of Citrix Bleed as ransomware moves in
At least two extortion gangs abusing CVE-2023-4966, we're told ... Citrix Bleed, the critical information-disclosure bug that affects NetScaler ADC and NetScaler...
1 month ago
Exploit released for critical Cisco IOS XE flaw, many hosts still hacked
Public exploit code is now available for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198 that was leveraged as a zero-day to hack tens of thousands of devices.
2 months ago
Ars Technica CVE-2023-20198“Cisco buried the lede.” >10,000 network devices backdoored through unpatched 0-day
An unknown threat actor is exploiting the vulnerability to create admin accounts.
2 months ago
Critical, Unpatched Cisco Zero-Day Bug Is Under Active Exploit
No patch or workaround is currently available for the maximum severity flaw, which allows attackers to gain complete administrator privilege on affected devices remotely and without authentication.
2 months ago