Merav Bar
Exploitable and unpatched KeePass vulnerability: everything you need to know
Detect and mitigate CVE-2023-32784, a vulnerability in KeePass which allows the extraction of the master password in cleartext from the application's memory.
Microsoft April 2023 Patch Tuesday Highlights: everything you need to know
Detect and mitigate CVE-2023-28252, EoP vulnerability exploited in the wild, and CVE-2023-21554, a critical RCE vulnerability. Organizations should patch urgently.
CVE-2023-25610 a critical RCE vulnerability in FortiOS: everything you need to know
CVE-2023-25610 is a critical RCE vulnerability in FortiOS. This vulnerability is a buffer underwrite bug in the administrative interface which could allow a remote unauthenticated attacker to execute code using specially crafted requests. Affected customers should patch immediately.
Ransomware attacks targeting VMware ESXi servers: everything you need to know
Recent attacks leverage CVE-2021-21974 to install ransomware on VMWare ESXi servers. Security teams are advised to patch and stay vigilant for indicators of compromise.
CVE-2022-44877, critical RCE in CentOS Control Web Panel exploited in the wild: everything you need to know
Detect and mitigate CVE-2022-44877, a CentOS Control Web Panel (CWP) unauthenticated RCE exploited in the wild. Security teams are advised to patch urgently.
Malicious PyTorch dependency 'torchtriton' on PyPI: everything you need to know
The developers of PyTorch (a popular machine-learning framework) recently identified a malicious dependency confusion attack on the open-source project. Security teams are advised to check for infected resources and rotate any exposed keys.
CVE-2022-47939 critical vulnerability in Linux kernel `ksmbd` module: everything you need to know
Critical RCE vulnerability found in Linux kernel's `ksmbd` module: remote attackers can execute code without authentication. The module is not enabled by default on most operating systems.
OWASSRF, a new exploit for Exchange vulnerabilities, exploited in the wild: everything you need to know
A new exploit method targeting CVE-2022-41080 and CVE-2022-41082 vulnerabilities in Exchange servers, which can bypass previous workarounds, has been discovered and exploited in the wild. Organizations should patch urgently.