CVE-2023-29357, CVE-2023-24955: Exploit Chain Released for Microsoft SharePoint Server VulnerabilitiesSeptember 27, 2023
A proof-of-concept exploit chain has been released for two vulnerabilities in Microsoft SharePoint Server that can be exploited to achieve unauthenticated remote code execution.
Microsoft addresses 61 CVEs including two vulnerabilities that were exploited in the wild
A joint Cybersecurity Advisory examines the exploitation of two critical vulnerabilities by nation-state threat actors.
A joint Cybersecurity Advisory collaborated on by multiple international agencies highlights the top routinely exploited vulnerabilities of 2022.
CVE-2023-35078: Ivanti Endpoint Manager Mobile (EPMM) / MobileIron Core Unauthenticated API Access VulnerabilityJuly 25, 2023
Critical vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks
Frequently asked questions relating to vulnerabilities in MOVEit Transfer, including one that was exploited by the prolific CL0P ransomware gang.
VMware issues advisory to address three flaws in its VMware Aria Operations for Networks solution, including a critical command injection flaw assigned a CVSSv3 score of 9.8.
Microsoft addresses 70 CVEs in its June 2023 Patch Tuesday update including six rated as critical.
Volt Typhoon: International Cybersecurity Authorities Detail Activity Linked to Chinese-State Sponsored Threat ActorMay 25, 2023
Several international cybersecurity authorities from the United States, United Kingdom, Australia, Canada and New Zealand issue a joint advisory detailing tactics, techniques and procedures used in recent attacks by a Chinese state-sponsored threat actor.
Microsoft addresses 38 CVEs including three zero-day vulnerabilities, two of which were exploited in the wild.
VMware issues advisory to address two flaws in its VMware Aria Operations for Logs solution, including a critical deserialization flaw assigned a CVSSv3 score of 9.8.
Microsoft addresses 97 CVEs, including one that was exploited in the wild as a zero day.