Merav Bar

CVE-2022-44877, critical RCE in CentOS Control Web Panel exploited in the wild: everything you need to know

Detect and mitigate CVE-2022-44877, a CentOS Control Web Panel (CWP) unauthenticated RCE exploited in the wild. Security teams are advised to patch urgently.

Malicious PyTorch dependency 'torchtriton' on PyPI: everything you need to know

The developers of PyTorch (a popular machine-learning framework) recently identified a malicious dependency confusion attack on the open-source project. Security teams are advised to check for infected resources and rotate any exposed keys.

CVE-2022-47939 critical vulnerability in Linux kernel `ksmbd` module: everything you need to know

Critical RCE vulnerability found in Linux kernel's `ksmbd` module: remote attackers can execute code without authentication. The module is not enabled by default on most operating systems.

OWASSRF, a new exploit for Exchange vulnerabilities, exploited in the wild: everything you need to know

A new exploit method targeting CVE-2022-41080 and CVE-2022-41082 vulnerabilities in Exchange servers, which can bypass previous workarounds, has been discovered and exploited in the wild. Organizations should patch urgently.