This November, a set of new zero-days in the popular software products are emerging in the cyber domain, like CVE-2023-22518 affecting all versions of Confluence Data Center and Server. Shortly after its disclosure, another zero-day flaw in SysAid IT software tracked under CVE-2023-47246 comes to the scene. Microsoft revealed traces of vulnerability exploitation, with the […]
Just over a month after the disclosure of a critical Confluence zero-day tracked as CVE-2023-22515, a novel vulnerability emerges in the cyber threat arena impacting Atlassian products. Adversaries are setting eyes on a recently fixed and maximum severity vulnerability known as CVE-2023-22518 in all versions of Confluence Data Center and Confluence Server, which enables them […]
At the turn of November, hot over the heels of disclosing CVE-2023-43208, the Mirth Connect vulnerability, another security bug comes to the scene. Defenders notify the global community of a newly uncovered the highest severity RCE bug that affects Apache ActiveMQ products. Detect CVE-2023-46604 With emerging vulnerabilities being a juicy target for adversaries seeking to […]
Vulnerabilities affecting popular software expose thousands of organizations in diverse industry sectors to severe threats. October has been rich in uncovering critical security flaws in widely used software products, like CVE-2023-4966, a hazardous Citrix NetScaler vulnerability, and CVE-2023-20198 zero-day affecting Cisco IOS XE. In the last decade of October 2023, defenders warned the global community […]
Adding to the list of critical Citrix NetScaler zero-days, security researchers warn of a new dangerous vulnerability (CVE-2023-4966) continuously exploited in the wild despite a patch issued in October. Marked as an information-disclosure flaw, CVE-2023-4966 enables threat actors to hijack existing authenticated sessions and potentially result in a multifactor authentication (MFA) bypass. According to security […]
Hard on the heels of a new surge in the long-running Balada Injector campaign exploiting CVE-2023-3169, another critical security bug in popular software products comes to the spotlight. A new privilege escalation vulnerability affecting Cisco IOS XE software is actively exploited in the wild to help install implants on the impacted devices. The uncovered zero-day […]
Over a month ago, defenders warned the peer community of CVE-2023-4634, a critical WordPress vulnerability actively exploited in the wild and impacting an overwhelming number of WordPress sites across the globe. Following that campaign, another malicious operation comes to the forefront. A fresh surge in the long-lasting Balada Injector malware campaign has already impacted over […]
Atlassian has recently notified defenders of a critical privilege escalation vulnerability in its Confluence software. The uncovered issue identified as CVE-2023-22515 poses severe risks to impacted Confluence installations as it is actively weaponized by attackers. Detect CVE-2023-22515 Exploits With the ever-increasing numbers of CVEs leveraged in real-world attacks, proactive detection of vulnerability exploitation remains one […]
Hot on the heels of the adversary campaigns abusing the CVE-2023-29357 vulnerability in Microsoft SharePoint Server causing a pre-auth RCE chain, another security flaw that can enable attackers to perform RCE causes a stir in the cyber threatscape. A critical vulnerability in the JetBrains TeamCity CI/CD server tracked as CVE-2023-42793Ā allows adversaries to gain RCE on […]
Threat actors frequently set eyes on Microsoft SharePoint Server products by weaponizing a set of RCE vulnerabilities, such as CVE-2022-29108 and CVE-2022-26923. In the early summer of 2023, Microsoft issued a patch for the newly discovered SharePoint Server elevation of privilege vulnerability known as CVE-2023-29357 and considered critical. With the CVE-2023-29357 PoC exploit recently released, […]