On January 30, 2023, QNAP Systems Inc. disclosed a new critical vulnerability that could allow remote attackers to inject malicious code on QNAP NAS devices
On Tuesday, January 24th, 2023, VMware disclosed two critical vulnerabilities in VMware vRealize Log Insight that could result in remote code execution (RCE). CVE-2022-31706
Later this week, Horizon3 researchers plan to release a Proof of Concept (PoC) exploit for CVE-2022-47966, a critical unauthenticated, remote code execution vulnerability in multiple
Between the 28th –30th of December 2022, Zoho released security updates to address a SQL injection vulnerability that they identified, designated as CVE-2022-47523. An advisory
Arctic Wolf has observed an increase in exploitation of CVE-2022-41080 and CVE-2022-41082 in recent Incident Response engagements where the vulnerabilities were chained together to achieve remote code
Updated: Dec 18, 2022 On the 12th of December 2022, we sent out a security bulletin about a Fortinet security advisory involving an actively exploited
In a coordinated disclosure with Microsoft on December 13th, 2022, security researchers with Mandiant, SentinelOne, and Sophos published evidence of a threat actor technique where
As part of Microsoft’s September 2022 Security Update, Microsoft released security updates to remediate CVE-2022-37958–an information disclosure vulnerability in SPNEGO NEGOEX that impacted all Windows
On December 13th, 2022, Citrix disclosed a critical remote code execution vulnerability (CVE-2022-27518) affecting several versions of Citrix ADC and Citrix Gateway. Citrix strongly advises
On Friday, September 23rd, 2022, Sophos disclosed a critical code injection vulnerability impacting Sophos Firewall. This vulnerability, assigned CVE-2022-3236, affects Sophos Firewall versions v19.0 MR1
In a widespread campaign, threat actors chained two Zimbra Collaboration Suite vulnerabilities to obtain remote code execution and deploy a variety of webshells. As CVE-2022-27925,
On November 8th, 2022, Citrix disclosed a critical authentication bypass (CVE-2022-27510), a remote desktop takeover (CVE-2022-27513), and a user login brute force protection functionality bypass
On October 25, 2022, the OpenSSL project announced the existence of a critical vulnerability in the OpenSSL library affecting OpenSSL versions 3.0.0 and above, as
On October 28th, 2022, ConnectWise disclosed a critical remote code execution (RCE) vulnerability affecting ConnectWise Recover (version 2.9.7 and earlier) and R1Soft Server Backup Manager
On Tuesday, October 25th 2022, VMware disclosed a critical remote code execution vulnerability (CVE-2021-39144, CVSS 9.8) in VMware Cloud Foundation NSX-V versions 3.x and older.
