Zimbra Server Bugs Could Lead to Email Plundering
Two bugs, now patched except in older versions, could be chained to allow attackers to hijack Zimbra server by simply sending a malicious email.
Zimbra webmail server has two...
Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC
Microsoft releases mitigations for a Windows NT LAN Manager exploit that forces remote Windows systems to reveal password hashes that can be easily cracked.
Microsoft was quick to respond...
Critical Jira Flaw in Atlassian Could Lead to RCE
The software-engineering platform is urging users to patch the critical flaw ASAP.
Atlassian has dropped a patch for a critical vulnerability in many versions of its Jira Data Center and...
Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day
Update now: The ream of bugs includes some remotely exploitable code execution flaws. Still to come: a fix for what makes iPhones easy prey for Pegasus spyware.
iPhone users,...
Industrial Networks Exposed Through Cloud-Based Operational Tech
Critical ICS vulnerabilities can be exploited through leading cloud-management platforms.
The benefits of using a cloud-based management platform to monitor and configure industrial control systems (ICS) devices are obvious —...
Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows
Misconfigured permissions for Argo’s web-facing dashboard allow unauthenticated attackers to run code on Kubernetes targets, including cryptomining containers.
Kubernetes clusters are being attacked via misconfigured Argo Workflows instances, security researchers...
16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines
The bug could allow cyberattackers to bypass security products, tamper with data and run code in kernel mode.
Researchers have released technical details on a high-severity privilege-escalation flaw in HP...
Top CVEs Trending with Cybercriminals
An analysis of criminal forums reveal what publicly known vulnerabilities attackers are most interested in.
Criminal small talk in underground forums offer critical clues about which known Common Vulnerabilities...
Critical Juniper Bug Allows DoS, RCE Against Carrier Networks
Telecom providers, including wireless carriers, are at risk of disruption of network service if the bug in SBR Carrier is exploited.
A critical remote code-execution vulnerability in Juniper Networks’ Steel-Belted...
Safari Zero-Day Used in Malicious LinkedIn Campaign
Researchers shed light on how attackers exploited Apple web browser vulnerabilities to target government officials in Western Europe.
Threat actors used a Safari zero-day flaw to send malicious links...
