Atlassian has recently notified defenders of a critical privilege escalation vulnerability in its Confluence software. The uncovered issue identified as CVE-2023-22515 poses severe risks to impacted Confluence installations as it is actively weaponized by attackers. Detect CVE-2023-22515 Exploits With the ever-increasing numbers of CVEs leveraged in real-world attacks, proactive detection of vulnerability exploitation remains one […]
Hot on the heels of the adversary campaigns abusing the CVE-2023-29357 vulnerability in Microsoft SharePoint Server causing a pre-auth RCE chain, another security flaw that can enable attackers to perform RCE causes a stir in the cyber threatscape. A critical vulnerability in the JetBrains TeamCity CI/CD server tracked as CVE-2023-42793 allows adversaries to gain RCE on […]
Threat actors frequently set eyes on Microsoft SharePoint Server products by weaponizing a set of RCE vulnerabilities, such as CVE-2022-29108 and CVE-2022-26923. In the early summer of 2023, Microsoft issued a patch for the newly discovered SharePoint Server elevation of privilege vulnerability known as CVE-2023-29357 and considered critical. With the CVE-2023-29357 PoC exploit recently released, […]
The new Microsoft Windows Themes security bug tracked as CVE-2023-38146, which enables attackers to perform RCE, emerges in the cyber threat arena. The proof-of-concept (PoC) exploit for this vulnerability, also known as “ThemeBleed,” has recently been released on GitHub, posing a threat to potentially infected Windows instances and arresting the attention of defenders. CVE-2023-38146 Detection […]
Security researchers have issued a stark warning about a critical vulnerability, designated as CVE-2023-4634, which is affecting an alarming number of over 70,000 WordPress sites globally. This vulnerability originates from a security flaw in the WordPress Media Library Assistant Plugin, an extremely popular and widely used plugin within the WordPress community. With this vulnerability already […]
The UAC-0057 hacking collective, aka GhostWriter, reemerges in the cyber threat arena by abusing a WinRAR zero-day tracked as CVE-2023-38831 that has been exploited in the wild since April through August 2023. The successful exploitation of CVE-2023-38831 enables attackers to infect the targeted systems with a PicassoLoader variant and Cobalt Strike Beacon malware. Notably, both […]
Adversaries weaponize four newly discovered RCE security flaws in the J-Web component of Junos OS tracked as CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-3684. The identified vulnerabilities can be chained together, enabling attackers to execute arbitrary code on the compromised instances. After the disclosure of a PoC exploit for chaining the Juniper JunOS flaws, cyber defenders are […]
In February 2023, SOC Prime launched its Discord server community connecting aspiring cybersecurity enthusiasts and seasoned experts in a single place. The community serves as the world’s largest open-source hub for Threat Hunters, CTI and SOC Analysts, and Detection Engineers — anyone having a genuine passion for cybersecurity. Currently, our Discord server hosts over 1,500 […]
Heads up! Cybersecurity experts notify defenders of a zero-day flaw compromising Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Appliances. The flaw tracked as CVE-2023-3519 can lead to RCE and is observed to be actively leveraged by adversaries in the wild with the PoC exploit released to GitHub. Detect CVE-2023-3519 Exploitation Attempts The growing […]
Cybersecurity heads up! After a series of security holes in Pulse Connect Secure SSL VPN appliance affected multiple organizations back in 2021, a new critical zero-day has been recently revealed in Ivanti products. The novel security issue impacting Ivanti Endpoint Manager Mobile (EPMM) enables remote unauthenticated API access to specific paths. By exploiting the flaw, […]