CISA adds Ivanti EPMM flaw to its Known Exploited Vulnerabilities catalog

US CISA added actively exploited Ivanti ‘s Endpoint Manager Mobile (EPMM) vulnerability to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added actively exploited Ivanti... Read more »

Over 500K MikroTik RouterOS systems potentially exposed to hacking due to critical flaw

Experts warn of a severe privilege escalation, tracked as CVE-2023-30799, in MikroTik RouterOS that can be exploited to hack vulnerable devices. VulnCheck researchers warn of a critical vulnerability, tracked as... Read more »

Atlassian addressed 3 flaws in Confluence and Bamboo products

Atlassian addressed three vulnerabilities in its Confluence Server, Data Center, and Bamboo Data Center products that can lead to remote code execution. Atlassian has addressed three critical and high severity vulnerabilities impacting... Read more »

VMware addressed an information disclosure flaw in VMware Tanzu Application Service for VMs and Isolation Segment

VMware fixed an information disclosure flaw in VMware Tanzu Application Service for VMs and Isolation Segment that exposed CF API admin credentials in audit logs. VMware has addressed an... Read more »

Apple addressed a new actively exploited zero-day tracked as CVE-2023-38606

Apple released security updates to address an actively exploited zero-day flaw in iOS, iPadOS, macOS, tvOS, watchOS, and Safari. Apple released urgent security updates to address multiple flaws in iOS, iPadOS,... Read more »

Twelve Norwegian ministries were hacked using a zero-day vulnerability

Threat actors exploited a zero-day flaw in third-party software in attacks against the ICT platform used by 12 Norwegian ministries. The ICT platform used by twelve ministries of the... Read more »

A flaw in OpenSSH forwarded ssh-agent allows remote code execution

A new flaw in OpenSSH could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. Researchers from the Qualys Threat Research Unit (TRU) have... Read more »

Experts warn of OSS supply chain attacks against the banking sector

Checkmark researchers have uncovered the first known targeted OSS supply chain attacks against the banking sector. In the first half of 2023, Checkmarx researchers detected multiple open-source software supply chain... Read more »

Apple could opt to stop iMessage and FaceTime services due to the government’s surveillance demands

Apple could opt to pull iMessage and FaceTime services in the U.K. in response to the government’s surveillance demands. In light of the government’s surveillance demands, Apple might consider... Read more »

Security Affairs newsletter Round 429 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new... Read more »
Subscribe to our Newsletter