On July 11th, 2023, Fortinet published a security advisory detailing a remote code execution vulnerability affecting FortiOS and FortiProxy (CVE-2023-33308). This stack-based overflow vulnerability affects

On July 11, 2023, Microsoft published their July 2023 Security Update with patches for 130 vulnerabilities and 2 advisories, with 6 of these being actively

On the 6th of July 2023, a joint advisory was published by CISA, the FBI, and CCCS (Canadian Center for Cyber Security) warning of a

On July 5th, 2023, Progress Software released a security advisory for a new critical SQL injection vulnerability, CVE-2023-36934, among two other high severity vulnerabilities impacting

On June 27th 2023, Arcserve published an advisory for a critical unauthenticated remote code execution (RCE) vulnerability affecting Arcserve Unified Data Protection (UDP) for Windows.

On June 23, 2023, Fortinet disclosed a critical Remote Code Execution (RCE) vulnerability (CVE-2023-33299) affecting FortiNAC, a network access control solution utilized by organizations to

On June 13, 2023, Microsoft published their June 2023 Security Update which included patches for six vulnerabilities with a max severity of critical. According to

Update – June 15:  On June 15, 2023, Progress released a security advisory detailing a newly discovered SQL injection vulnerability impacting the MOVEit Transfer web

On Tuesday, June 6, 2023, Barracuda announced that all ESG appliances compromised via CVE-2023-2868 must be immediately replaced, regardless of the current patch version.   Barracuda

On May 31st, 2023, a working exploit has been publicly released for a remote code execution (RCE) vulnerability (CVE-2023-33733), impacting ReportLab PDF Toolkit python libraries

On May 31, 2023, Progress released a security advisory warning customers of a critical zero-day vulnerability being actively exploited in MOVEit Transfer, a managed file

On Wednesday, the 24th of May, 2023, Zyxel released a security advisory for several vulnerabilities capable of granting unauthenticated remote code execution (RCE) in their

On Wednesday, May 3, 2023, Google introduced eight new top-level domains (TLD) available for purchase and that could be used with websites and/or email addresses.

In a security advisory published on May 9th, Microsoft disclosed the existence of a Local Privilege Escalation vulnerability in Sysmon (CVE-2023-29343). The vulnerability was discovered

On May 9, 2023, Microsoft published their May 2023 Security Update which includes two actively exploited vulnerabilities. This Security Update patched multiple high to critical

Oracle recently released their Critical Patch Update addressing 433 vulnerabilities across their products, including a vulnerability in the Oracle Hospitality OPERA 5 Property Services product.

On Thursday, April 20, 2023, VMware disclosed a critical deserialization vulnerability (CVE-2023-20864) in VMware Aria Operations for Logs—formerly known as vRealize Log Insight—that could result

On April 19, 2023, PaperCut confirmed print management servers vulnerable to a critical remote code execution vulnerability (CVE-2023-27350: CVSS 9.8) are being actively exploited by

On April 11, 2023, Microsoft published their April 2023 Security Update and patched multiple high to critical vulnerabilities, with one of them being actively exploited

On Wednesday, March 29, 2023, details of unexpected malicious activity observed from the legitimate and cryptographically signed 3CX SoftPhone Desktop App application were shared in

On Saturday, March 18, 2023, Horizon3 researchers released a proof-of-concept (PoC) exploit for CVE-2023-27532, a high-severity missing authentication vulnerability impacting Veeam Backup and Replication (VBR)

On March 14, 2023, Microsoft published their March 2023 Security Update and patched multiple high to critical vulnerabilities, with two of them being actively exploited

On February 14, 2023, Microsoft released a security advisory for CVE-2023-21716, a critical remote code execution vulnerability in Microsoft Word. While CVE-2023-21716 was deemed to

On Wednesday, March 1, 2023, Cisco published an advisory of a critical severity vulnerability impacting 6800, 7800, and 8800 series IP phones. The vulnerability allows

Note: This is not a new breach of LastPass’ systems, but rather sharing of additional details from their investigation into the incident they publicly disclosed

On Thursday, February 16, 2023, Fortinet patched two critical unauthenticated remote code execution vulnerabilities, one impacting FortiNAC (CVE-2022-39952) and one impacting FortiWeb (CVE-2021-42756). Both vulnerabilities

On February 14, 2023, Microsoft published its February 2023 Security Update and patched multiple high to critical vulnerabilities, with some of them being actively exploited

Arctic Wolf has observed a significant increase in the number of malicious files delivered and opened via OneNote email attachments. Unlike malicious Word and Excel

On February 3, 2023, the developers of GoAnywhere MFT (Managed File Transfer) sent an advisory to their customers warning them of a zero-day remote code