Please turn on your JavaScript for this page to function normally.
arcserve
PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800)

Arcserve has fixed critical security vulnerabilities (CVE-2024-0799, CVE-2024-0800) in its Unified Data Protection (UDP) solution that can be chained to upload malicious files …

malware
Hackers leverage 1-day vulnerabilities to deliver custom Linux malware

A financially motivated threat actor is using known vulnerabilities to target public-facing services and deliver custom malware to unpatched Windows and Linux systems. Among …

ConnectWise
ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708)

The recently patched vulnerabilities (CVE-2024-1709, CVE-2024-1708) in ConnectWise ScreenConnect software are being exploited by numerous attackers to deliver a variety of …

CVE
CVE count set to rise by 25% in 2024

The report from Coalition indicates an anticipated 25% rise in the total count of published common vulnerabilities and exposures (CVEs) for 2024, reaching 34,888 …

botnet
The old, not the new: Basic security issues still biggest threat to enterprises

In 2023, cybercriminals saw more opportunities to “log in” versus hack into corporate networks through valid accounts – making this tactic a preferred weapon for …

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708)

The two ScreenConnect vulnerabilities ConnectWise has recently urged customers to patch have finally been assigned CVE numbers: CVE-2024-1709 for the authentication bypass, …

attack
Attack velocity surges with average breakout time down to only 62 minutes

The speed of cyberattacks continues to accelerate at an alarming rate, according to CrowdStrike. Adversaries increasingly exploit stolen credentials The speed of cyberattacks …

Ivanti
Attackers injected novel DSLog backdoor into 670 vulnerable Ivanti devices (CVE-2024-21893)

Hackers are actively exploiting a vulnerability (CVE-2024-21893) in Ivanti Connect Secure, Policy Secure and Neurons for ZTA to inject a “previously unknown and …

SiCAT
SiCat: Open-source exploit finder

SiCat is an open-source tool for exploit research designed to source and compile information about exploits from open channels and internal databases. Its primary aim is to …

Cisco ASA 5500-X
Akira, LockBit actively searching for vulnerable Cisco ASA devices

Akira and Lockbit ransomware groups are trying to breach Cisco ASA SSL VPN devices by exploiting several older vulnerabilities, security researcher Kevin Beaumont is warning. …

Ivanti
Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893)

CVE-2024-21893, a server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure (a network access control solution), is being …

botnet
FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities

The FritzFrog cryptomining botnet has new potential for growth: a recently analyzed variant of the bot is exploiting the Log4Shell (CVE-2021-44228) and PwnKit (CVE-2021-4034) …

Don't miss

Cybersecurity news