Advisories (TLP:CLEAR)

2024 November

• Apache OfBiz Critical Update - 20241121001
• CISA Releases New ICS Advisories - 20241120002
• Apple Releases Urgent Updates - 20241120001
• Paloalto Publishes Critical Advisory - 20241119001
• New ICS Advisories - 20241118001
• Siemens Releases New ICS Advisories - 20241113003
• Microsoft Monthly Updates - 20241113002
• ACSC Publishes Routinely Exploited Vulnerability Advisory - 20241113001
• CISA Releases New ICS Advisories - 20241108001
• Cisco Releases Critical Updates - 20241107001
• Ricoh Critical Updates - 20241105001
• New ICS Advisories - 20241101002
• ServiceNow Critical Vulnerability - 20241101001

2024 October

• IBM Critical Update - 20241031002
• Google Chrome Critical Updates - 20241031001
• New ICS Advisories - 20241030004
• Spring WebFlux Critical Advisory - 20241030003
• QNAP Zero-Day Vulnerability - 20241030002
• Apple Critical Update - 20241030001
• Progress WhatsUp Critical Update - 20241029001
• New ICS Advisories - 20241028001
• CISA Releases New ICS Advisories - 20241025002
• Cisco Addresses Critical Vulnerabilities - 20241025001
• Microsoft SharePoint Vulnerability Added in CISA Known Exploits - 20241024002
• Fortinet FortiManager Critical Vulnerability - 20241024001
• CISA Releases New ICS Advisories - 20241021003
• Grafana Releases Critical Update - 20241021002
• Trend Releases Critical Update - 20241021001
• Oracle Publishes Quarterly Critical Patch Advisory - 20241018001
• Kubernetes Image Builder Vulnerability - 20241016002
• Oracle WebLogic Server Vulnerability - 20241016001
• Java deserialization vulnerability - 20241015001
• GitLab CI/CD pipeline Vulnerability - 20241014001
• CISA Publishes New ICS Advisories - 20241011002
• CISA Publishes F5 BIG-IP Advisory - 20241011001
• Progress Telerik Critical Vulnerability - 20241010004
• Palo Alto Critical Vulnerabilities - 20241010003
• Fortinet Critical Vulnerabilities - 20241010002
• Mozilla Firefox Critical Vulnerability - 20241010001
• Siemens Publishes ICS Advisory - 20241009004
• SAP Critical Vulnerability - 20241009003
• TeamViewer Publishes Important Updates - 20241009002
• Microsoft Releases Critical Security Updates - 20241009001
• GitLab Critical SAML Vulnerability - 20241008001
• Apple Releases Critical Updates - 20241007001
• CISA Releases New ICS Advisories and OT Guidance - 20241004002
• Microsoft Office Critical ZeroDay Vulnerability - 20241004001
• CISA Releases New ICS Advisories - 20241002001
• SolarWinds Critical Vulnerability - 20241001001

2024 September

• Progress WhatsUp Gold Critical Updates - 20240930002
• Common UNIX Printing System (CUPS) Critical Vulnerabilities - 20240930001
• CISA Releases New ICS Advisories - 20240927003
• GitLab Critical Vulnerability - 20240927002
• ASD Publishes Joint Advisory - 20240927001
• CISA Releases OT and ICS Security Advisory - 20240926002
• SQL-based Critical Vulnerabilities - 20240926001
• CISA Publishes New ICS Advisories - 20240925001
• GeoServer Critical Vulnerability - 20240924002
• Grafana Plugin SDK Information Leakage Vulnerabilty - 20240924001
• Broadcom VMware Critical Update - 20240919002
• ASD Publishes Joint Advisory on China Linked Botnet Operations - 20240919001
• CISA Releases New ICS Advisories - 20240918001
• CISA and Siemens Release New ICS Advisories - 20240913004
• GitLab Publishes Critical Update - 20240913003
• WordPress Plugin Critical Update - 20240913002
• SolarWinds Critical Update - 20240913001
• CISA Publishes ICS Advisory - 20240911003
• Ivanti Publishes Critical Security Updates - 20240911002
• Microsoft Publishes Critical Updates - 20240911001
• Veeam Releases Critical Updates - 20240909001
• Cisco Publishes Critical Update - 20240906003
• Microsoft Vulnerability Known Exploitation - 20240906002
• CISA Releases New Joint Advisory - 20240906001
• WinRAR Vulnerability Active Exploitation - 20240904002
• Ivanti Critical Vulnerability PoC Published - 20240904001
• CISA Releases New ICS Advisories - 20240903002
• Zabbix Server Critical Vulnerability - 20240903001

2024 August

• CISA Releases Joint Advisory on RansomHub Ransomware - 20240830001
• SonicWall Publishes Critical Updates - 20240827001
• Progress WhatsUp Gold Critical Update - 20240826002
• Chromium Vulnerability Known Exploitation - 20240826001
• CISA Releases New ICS Advisories - 20240823002
• SolarWinds Releases Critical Update - 20240823001
• Microsoft Publishes Critical CVE Advisory - 20240822002
• WordPress Plugins Critical Vulnerabilities- 20240822001
• WPS Office Releases Critical Update - 20240819002
• WordPress Plugin Critical Vulnerabilities - 20240819001
• CISA Releases New ICS Advisories - 20240816001
• SAP Releases Critical Updates - 20240814003
• SolarWinds Releases Critical Update - 20240814002
• Microsoft Discloses Multiple ZeroDay Vulnerabilities - 20240814001
• RunZero Demonstrates Numerous SSH Vulnerabilities - 20240813001
• Cisco Releases Critical Update - 20240809001
• CISA Releases New ICS Advisories - 20240802002
• Bitdefender Releases Critical Security Updates - 20240802001
• Multiple SMTP Servers Vulnerable to Spoofing Attacks - 20240801004
• Progress Software Releases Security Advisory - 20240801003
• CISA Releases New ICS Advisories - 20240801002
• CISA Releases Advisory Addressing DigiCert Certificate Revocations - 20240801001

2024 July

• Apple Releases Multiple Product Updates - 20240731004
• Langflow Privilege Escalation - 20240731002
• Cisco Critical RADIUS Protocol Vulnerability - 20240730002
• VMWare ESXi Active Exploitation Campaigns - 20240730001
• OpenStack Releases Critical Security Advisory - 20240729002
• Acronis Releases Critical Security Advisory - 20240729001
• ServiceNow Public Exploitation Campaigns - 20240726005
• CISA Publishes New ICS Advisories - 20240726004
• GitLab Releases Security Advisory - 20240726003
• Telerik Releases Security Advisory - 20240726002
• CISA Releases Joint Advisory for North Korean Cyber Espionage Activity - 20240726001
• Google Releases New Chrome Stable Version - 20240725003
• Docker Releases Critical Security Advisory - 20240725002
• ISC Releases Multiple BIND 9 Security Advisories - 20240725001
• CISA Publishes New ICS Advisories - 20240724003
• CISA Updates Known Exploited Catalog - 20240724001
• Okta Releases Browser Plugin Advisory - 20240723002
• AWS Security Advisory for Flaws in AWS Client VPN - 20240723001
• SonicWall Releases New Security Advisory - 20240722003
• Microsoft DSVM Proof of Concept Published - 20240722002
• IrfanView Plugin Vulnerability - 20240722001
• Oracle Publishes Quarterly Critical Patch Advisory - 20240719001
• SolarWinds Patches Critical Vulnerabilities - 20240718006
• Atlassian July 2024 Security Advisory - 20240718005
• Ivanti Releases New Security Advisories - 20240718004
• Cisco Releases New Security Advisories - 20240718003
• Chromium Browsers Release Updates - 20240718002
• CISA Adds items to known exploited catalog - 20240718001
• CISA Releases Critical Infrastructure Related Advisory - 20240717001
• GeoServer Critical Vulnerability Added to Known Exploited Catalog - 20240716001
• Junos OS Evolved: Privilege Escalation Vulnerability Resolved - 20240715001
• CISA Releases Multiple Critical Infrastructure Related Advisories - 20240712005
• LightTPD Critical Vulnerability - 20240712004
• PHP Vulnerability Active Exploitation - 20240712003
• GitLab Critical Advisory - 20240712002
• Palo Alto Expedition - Admin Account Takeover Vulnerability - 20240712001
• Citrix Updates Multiple Products - 20240710005
• Adobe Updates Multiple Products - 20240710004
• CISA Releases APT40 Advisory - 20240710003
• Microsoft Azure Network Watcher VM Vulnerability - 20240710002
• Windows Vulnerabilities Added to CISA Known Exploited Catalog - 20240710001
• Synology Camera Advisory - 20240709002
• Cisco Affected by OpenSSH Vulnerability - 20240709001
• Apache HTTP Server Critical Source Code Disclosure Vulnerability - 20240708001
• Splunk RCE Advisory - 20240705001
• GeoServer Urgent Advisory - 20240704002
• Juniper Security Advisory - 20240704001
• CISA Releases New ICS Advisories - 20240703002
• Apache Security Advisory - 20240703001
• LibreOffice Patches Critical Vulnerability in LibreOfficeKit - 20240702003
• Cisco NX-OS Software CLI Command Injection Vulnerability - 20240702002
• OpenSSH Critical Advisory - 20240702001
• Oracle WebLogic Server Exploitation - 20240701004
• Rockwell Urgent Advisory - 20240701003
• HubSpot Investigating Potential Breach - 20240701002
• Juniper Releases Urgent Advisory - 20240701001

2024 June

• CISA Releases Multiple Critical Infrastructure Related Advisories - 20240628002
• GitLab Vulnerabilities June 2024 - 20240628001
• Windows Kernel Elevation of Privilege PoC Released - 20240627001
• JavaScript Polyfill Supply Chain Attack - 20240626004
• WordPress Plugin Vulnerabilities - 20240626003
• Windows Bluetooth Service Exploit PoC Published - 20240626002
• VMware ESXi and vCenter Server multiple vulnerabilities - 20240626001
• Linux Kernel ICMPv6 Router RCE Vulnerability - 20240624001
• Chromium OSS Vulnerabilities - 20240621001
• Deep Java Library Critical Vulnerability - 20240619003
• VMWare Multiple Vulnerabilities - 20240619002
• Tenable NNM Vulnerability - 20240619001
• Dropbox Desktop Mark-of-the-Web Bypass Vulnerability - 20240617002
• CISA Adds items to Known Exploited Catalog - 20240617001
• Ivanti EPM SQL Injection Remote Code Execution Vulnerability - 20240614001
• Adobe Updates Multiple Products - 20240613004
• Mozilla Products Multiple Vulnerabilities - 20240613003
• Apple Exploitation PoC Published - 20240613002
• Google Chrome Security Updates - 20240613001
• Fortinet Releases Security Updates for FortiOS - 20240612002
• Microsoft June 2024 Patch Fixes Critical RCE Vulnerability - 20240612001
• SolarWinds Product Advisories - 20240611004
• ARM Mali GPU vulnerability active exploitation - 20240611003
• Veeam Exploitation PoC Published - 20240611002
• Microsoft SharePoint Server Information Disclosure Vulnerability - 20240611001
• Proof of Concept Published for PHP (Windows) Vulnerability - 20240610001
• Apache RocketMQ Active Exploitation Campaign - 20240607002
• Critical Vulnerability in WordPress Plugin - 20240607001
• Google Cloud Platform (GCP) Privilege Escalation Vulnerability - 20240606001
• macOS Root Access Exploit Published - 20240605002
• MySQL2 Vulnerability - 20240605001
• SnowFlake Cyber Threat Activity Targeting Customer Accounts - 20240604004
• NGINX HTTP/3 Vulnerability Patches Released - 20240604003
• Google Chrome Arbitrary Code Execution Multiple Vulnerabilities - 20240604002
• Known Exploited Oracle WebLogic Server Injection Vulnerability - 20240604001

2024 May

• Linux Kernal Vulnerability added to CISA Known Exploited Catalog - 20240531001
• Check Point Remote Access VPN Vulnerability - 20240530002
• FortiSIEM Proof Of Concept Published - 20240530001
• Windows 10 PLUGScheduler Elevation of Privilege Vulnerability - 20240529001
• GNOME Remote Desktop Vulnerability - 20240527004
• Ivanti Endpoint Manager SQL Injection RCE Vulnerability - 20240527003
• May 2024 Cisco ASA, FMC, and FTD Software Security Advisory - 20240527002
• Google Patches Chrome Zero Day Vulnerability - 20240527001
• Cisco FMC Vulnerability - 20240524003
• GitLab Account Takeover Vulnerability - 20240524002
• WinRAR Text Vulnerability - 20240524001
• Atlassian Patches RCE Flaw in Confluence Data Center and Server - 20240523004
• Ivanti EPMM Vulnerability - 20240523002
• Broadcom Security Advisory Addresses Multiple VMware Vulnerabilities - 20240523001
• Critical Veeam Backup Enterprise Manager Vulnerability - 20240522003
• 'All in One SEO' WordPress plugin vulnerability - 20240522002
• PDF.js Code Execution Vulnerability - 20240522001
• Amazon Redshift JDBC Driver SQLi Vulnerability - 20240520002
• Zabbix SQLi Vulnerability - 20240520001
• Git Patches Critical RCE Vulnerabilities - 20240517005
• Google Chrome Arbitrary Code Execution Vulnerabilities - 20240517004
• CISA Releases Seventeen Industrial Control Systems Advisories - 20240517003
• Cisco Releases Security Updates for Multiple Products - 20240517002
• D-Link Known Exploited Vulnerabilities - 20240517001
• Cacti Command Injection and XSS Vulnerabilities - 20240516004
• SAP Critical Vulnerability Exposes Systems to Complete Takeover - 20240516003
• SolarWinds ARM Vulnerabilities - 20240516002
• HPE Aruba Networking Multiple Critical Vulnerabilities - 20240516001
• Windows Zero-Day Vulnerability Exploited To Deliver QakBot Malware - 20240515005
• Adobe Products Arbitrary Code Execution Multiple Vulnerabilities - 20240515004
• Mozilla Products Arbitrary Code Execution Multiple Vulnerabilities - 20240515003
• Microsoft Releases May 2024 Security Updates - 20240515002
• Apple Security Updates for Multiple Products - 20240515001
• SonicWall GMS Virtual Appliance Windows Multiple Vulnerabilities - 20240514003
• Android Security Advisory May 2024 - 20240514002
• Chromium Visuals Updates - 20240514001
• Oracle VM VirtualBox Vulnerability - 20240513004
• Microsoft Edge (Chromium-based) Spoofing Vulnerability - 20240513003
• Next.js Vulnerabilities - 20240513002
• New Chrome Zero-Day Vulnerability Under Active Exploitation - 20240516005
• Trend Micro Patches Multiple Vulnerability - 20240510005
• eDrawings Viewer DXF File Parsing RCE Vulnerability - 202405010004
• Deno Privilege Escalation - 20240510002
• F5 Security Advisory Addresses Multiple Vulnerabilities - 20240510001
• TunnelVision Vulnerability of VPN Traffic via DHCP Manipulation - 20240510003
• Google Chrome Arbitrary Code Execution Multiple Vulnerabilities - 20240509001
• Oracle WebLogic Server High Severity Vulnerability - 20240508004
• Mozilla PDF.js Arbitrary Code Execution Vulnerability - 20240508003
• Adobe Acrobat Updates May 2024 For Windows And MacOS - 20240508002
• Google Android Security Advisory May 2024 - 20240508001
• Xiaomi Android Devices Multiple Vulnerabilities Across Apps and System Components - 20240507002
• D-Link DIR-645 Router added to CISA Known Exploited Catalog - 20240507001
• WordPress Multiple Plugins Stored Cross-Site Scripting Vulnerability - 20240506001
• North Korean Threat Actor Email Policy Exploitation - 20240503004
• Acrobat Reader Vulnerability - 20240503003
• Cisco IP Phones Vulnerability - 20240503002
• Apache ActiveMQ Vulnerability - 20240503001
• HPE Aruba Network Products Critical RCE Vulnerabilities - 20240502001
• Foxit PDF Reader Vulnerabilities - 20240501003
• Zscaler Client Connector Vulnerability - 20240501002
• Microsoft SmartScreen Prompt Security Vulnerability - 20240501001

2024 April

• R Programming Language Vulnerability - 20240430003
• Network Attached Storage (NAS) Vulnerability - 20240430002
• CrushFTP systems vulnerability - 20240430001
• Delinea Secret Server Authentication Bypass Vulnerability - 20240429003
• WordPress Automatic plugin vulnerability - 20240429002
• Windows Kernel Elevation of Privilege Vulnerability - 20240429001
• Progress Software Telerik Reporting ObjectReader Vulnerability - 20240426003
• GitLab Critical Security Update - 20240426002
• ArcaneDoor Exploiting Cisco ASA Vulnerabilities - 20240426001
• Microsoft pulls fix for Outlook bug behind ICS security alerts - 20240424003
• Windows DOS-to-NT Path Conversion Process Exploited - 20240424002
• Microsoft Exchange Server Remote Code Execution Vulnerability - 20240424001
• Windows Print Spooler Elevation of Privilege Vulnerability - 20240423002
• VirtualBox Privilege Escalation Vulnerability - 20240423001
• Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability - 20240422002
• HashiCorp Vulnerability in go-getter Library - 20240422001
• Libreswan Popular VPN Software Vulnerability - 20240419004
• Critical PuTTY Vulnerability Exposes Private Keys - 20240419003
• Oracle Critical Patch Update for April 2024 - 20240419002
• Cisco Patches Vulnerabilities in Integrated Management Controller - 20240419001
• Ivanti Avalanche Multiple RCE Vulnerabilities - 20240418004
• Botnets Swarm Exploited in TP-Link Archer Routers - 20240418003
• Google Chrome Multiple RCE Vulnerabilities - 20240418002
• Microsoft QUIC Denial of Service Vulnerability - 20240417002
• Multiple Vulnerabilities in Mozilla Products - 20240417001
• Critical Rust Standard Library Vulnerability - 20240416004
• Google Chrome V8 Enum Cache Out-Of-Bounds Read RCE Vulnerability - 20240416003
• SAP Security Advisory April 2024 - 20240416002
• Node.js Security Patch for Critical Vulnerability - 20240416001
• Juniper Security Updates for Multiple Products - 20240415003
• Bitdefender Critical Vulnerabilities in GravityZone and Endpoint Security - 20240415002
• Palo Alto Networks PAN-OS Command Injection Vulnerability - 20240415001
• Chrome Security Update - 20240412001
• Adobe Releases Security Updates for Multiple Products  - 20240410004
• Microsoft Releases April Security Updates - 20240410003
• Fortinet Releases Security Updates for Multiple Products - 20240410002
• D-Link Critical Vulnerability - 20240410001
• Podman Buildah Vulnerability - 20240408004
• Google Releases Patches for Pixel Zero-Days - 20240408003
• Cisco Vulnerability in Discontinued Small Business Routers - 20240408002
• PGAdmin Remote Code Execution Vulnerability - 20240408001
• Apache HTTP Server Triple Vulnerabilities - 20240405003
• Microsoft Edge Spoofing Vulnerability - 20240405002
• Ivanti Security Update for Connect Secure and Policy Secure Gateways - 20240405001
• VMware SD-WAN Edge and SD-WAN Orchestrator Multiple Security Updates - 20240404001
• JetBrains TeamCity Cross-Site Scripting Vulnerability - 20240402006
• Linux Kernel Vulnerability - 20240402005
• WallEscape util-Linux Vulnerability - 20240402004
• GitLab Stored XSS Vulnerability - 20240402003
• Supply Chain Compromise Affecting XZ Utils Data Compression Library - 20240402002
• Cisco Security Updates for Multiple Products - 20240402001

2024 March

• Chrome Zero Days - 20240328002
• Apple Released Security Updates for Safari and macOS - 20240328001
• Firefox Patches Critical Zero-Day Vulnerabilities - 20240327003
• Apache Tomcat Denial of Service Vulnerabilities - 20240327002
• CISA Releases Multiple Critical Infrastructure Related Advisories - 20240327001
• Microsoft Edge Chromium based Security Feature Bypass Vulnerability - 20240326003
• Microsoft Edge Chromium based Security Feature Bypass Vulnerability - 20240326003
• .NET Framework Information Disclosure Vulnerability - 20240326002
• Ivanti Endpoint Manager Code Injection Vulnerability - 20240326001
• Advantech WebAccess/SCADA SQL Injection Vulnerability - 20240322003
• Ivanti Neurons for ITSM and Standalone Sentry Security Updates - 20240322002
• Chrome Security Update - 20240322001
• Xbox Gaming Services Elevation of Privilege Vulnerability - 20240321002
• Mozilla Security Updates For Multiple Products - 20240320001
• WordPress miniOrange Plugins Critical Vulnerability - 20240319002
• Directory Traversal PoC in FileCatalyst Workflow - 20240319001
• WordPress Plugin File Manager and File Manager Pro Critical Vulnerability- 20240318004
• Fortinet Critical SQLi Vulnerability in FortiClientEMS Software - 20240318003
• Akamai Kubernetes Vulnerability - 20240318002
• Arcserve UDP Software Critical Vulnerabilities - 20240318001
• CISA Releases Fifteen Industrial Control Systems Advisories - 20240315003
• Cisco Security Updates for IOS XR Software - 20240315001
• DNSSEC Verification Complexity Vulnerability - 20240313004
• Adobe Releases Security Updates for Multiple Products - 20240313003
• Fortinet Releases Security Updates for Multiple Products - 20240313002
• Microsoft Releases Security Updates for Multiple Products - 20240313001
• Word Press Plugin 3DPrint Lite Critical Vulnerability - 20240311003
• Fortinet FortiOS Critical Vulnerability - 20240311002
• Apple Multiple Products Security Advisory - 20240311001
• Veritas NetBackup Server and Client RCE Vulnerability - 20240308005
• Android security advisory -- March 2024 Monthly Rollup (AV24-119)- 20240308004
• Windows Themes Spoofing Vulnerability - 20240308003
• Microsoft Edge for Android Spoofing Vulnerability - 20240308002
• Cisco Releases Security Advisories for Multiple Products - 20240308001
• VMware Releases Security Advisory for Multiple Products - 20240307002
• Known Exploited Apple iOS and iPad Zeroday Vulnerabilities - 20240307001
• Android Pixel Vulnerability added to CISA Known Exploited Catalog - 20240306001
• JetBrains TeamCity Vulnerability Added to CISAs Known Exploited Catalog - 20240305003
• Adobe Acrobat Reader Multiple Vulnerabilities - 20240305002
• Cisco Patches NX-OS DoS Vulnerabilities - 20240305001

2024 February

• Linux Kernel Code Execution Vulnerability - 20240226003
• Junos OS RCE Vulnerability - 20240226002
• Microsoft Edge Spoofing and Information Disclosure Vulnerabilities - 20240226001
• Zero-Click Apple Shortcuts Vulnerability - 20240223002
• Critical Vulnerability in Progress Kemp products - 20240223001
• Mozilla Releases Security Updates for Firefox and Thunderbird - 20240222001
• CISA Adds ConnectWise ScreenConnect Known Exploited Vulnerability - 20240221004
• Apache Dolphinscheduler RCE Vulnerability - 20240221003
• Zyxel security advisory for multiple vulnerabilities in firewalls and APs - 20240221002
• Critical Vulnerability in Deprecated VMware EAP - 20240221001
• WordPress's Bricks Builder RCE Flaw - 20240220001
• Guidance following nation state attack on Microsoft - 20240219002
• SolarWinds Releases Patches for Vulnerabilities - 20240219001
• SolarWinds Releases Patches for Access Rights Manager vulnerabilities - 20240219001
• Cisco ASA and FTD Information Disclosure Vulnerability - 20240216001
• Zoom Critical Security Updates - 20240215001
• Adobe Releases Security Updates for Multiple Products - 20240214003
• Microsoft Releases Security Updates for Multiple Products - 20240214002
• Privilege Escalation for Ivanti Connect Secure and Ivanti Policy Secure - 20240214001
• Roundcube Webmail added to CISA Known Exploited Catalog - 20240213001
• Microsoft Streaming Service Vulnerability Exploited - 20240212001
• Google Chrome Security Updates - 20240209003
• Fortinet Multiple RCE Vulnerabilities Exploited - 20240209002
• Ivanti Critical Patch for Multiple Products - 20240209001
• Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities - 20240208003
• VMware Releases Security Advisory for Aria Operations for Networks - 20240208002
• Shim Bootloader RCE Vulnerability - 20240208002
• VMware Releases Security Advisory for Aria Operations for Networks - 20240208001
• FortiSIEM - Citical Command Injection Vulnerabilities - 20240207003
• Critical Android Security Advisory - 20240207002
• CISA Adds One Known Exploited Vulnerability to Catalog - 20240207001
• Google Chrome Security Updates - 20240205002
• Juniper Networks Security Advisory - 20240205001
• Microsoft Edge Security Updates - 20240202003
• Docker Container Runtime Component Vulnerabilities - 20240202002
• CISA Known Exploited Catalog - 20240202001
• CISA Added Known Exploited Vulnerabilities to Catalog - 20240201001

2024 January

• Microsoft Security Updates - 20240131003
• New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways - 20240131002
• Updated Mitigations to Defend Against Exploitation of Ivanti services - 20240131002
• CISA Releases Critical Infrastructure Related Advisories - 20240131001
• Atlassian Confluence Data Center Known Exploited Vulnerabilities - 20240130002
• Juniper Networks Security Advisory - 20240130001
• GitLab Critical Security Advisory - 20240129002
• GitLab Arbitrary File Write Vulnerability - 20240129002
• Microsoft Edge Elevation of Privilege Vulnerability - 20240129001
• Cisco Critical Advisory - 20240125002
• Mozilla Releases Security Updates for Thunderbird and Firefox - 20240125001
• CISA Releases Critical Infrastructure Related Advisories - 20240124003
• Frontra GoAnywhere MFT Authentication Bypass Vulnerability - 20240124002
• Splunk Enterprise Patches High-Severity Vulnerability - 20240124001
• Apple Curl Overflow added to CISA Known Exploited Catalog - 20240123002
• VMWare added to CISA Known Exploited Catalog - 20240123001
• CISA Issues Emergency Directive on Ivanti Vulnerabilities - 20240122002
• Trend Micro Deep Security Local Privilege Escalation Vulnerabilities - 20240122001
• Ivanti EPMM and MobileIron Core added to CISA Known Exploited Catalog - 20240119003
• Drupal Releases Patch for DOS Vulnerability - 20240119002
• Oracle Critical Patch Update Advisory - January 2024 - 20240119001
• Citrix Critical Security Advisory - 20240117006
• Paessler patches PRTG zero-day vulnerability - 20240117005
• VMWare Critical Security Advisory - 20240117004
• Google Chrome Zero-Day Vulnerability Patch - 20240117003
• Confluence Data Center and Confluence Server RCE Vulnerability - 20240117002
• Laravel added to CISA Known Exploited Vulnerability Catalog - 20240117001
• SonicWall next-generation firewalls (NGFW) publicly exploitable. - 20240116001
• GitLab Critical Security Advisory - 20240115002
• Blog details Microsoft Visual Studio PoC Exploit - 20240115001
• Juniper Security Bulletin for Junos OS and Junos OS Evolved - 20240112002
• CISA Releases Critical Infrastructure Related Advisories - 20240112001
• Microsoft SharePoint Server Privilege Escalation Vulnerability - 20240111003
• Cisco Unity Connection Security Advisory - 20240111002
• Ivanti Multiple Vulnerabilities Added in CISA Known Exploits List - 20240111001
• CISA Updates Known Exploited Vulnerabilities Catalog - 20240109002
• Ivanti Endpoint Manager Critical Vulnerability - 20240109001
• SSH Servers Vulnerable to New Terrapin Attacks - 20240105002
• CISA adds two known exploited vulnerabilities to catalogue - 20240105001
• Juniper Releases Security Advisory for Juniper Secure Analytics - 20240103002
• Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers - 20240103001

2023 December

• Barracuda ESG Appliance Vulnerability - 20231228001
• Google Chrome Critical Security Updates - 20231221003
• Mozilla Releases Security Updates for Firefox and Thunderbird - 20231221002
• Apple Releases Security Updates for Multiple Products - 20231221001
• Cisco Remote VPN vulnerability - 20231220002
• CISA Releases Critical Infrastructure Related Advisories - 20231220001
• MongoDB Compromise - 20231218004
• CISA Releases Critical Infrastructure Related Advisories - 20231218003
• Fortinet Security Updates for Multiple Products - 20231218002
• Windows MSHTML Platform Remote Code Execution Vulnerability - 20231218001
• Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally - 20231214002
• Cisco Addresses Apache Struts 2 Critical RCE Vulnerability - 20231214001
• Adobe Releases Security Updates for Multiple Products - 20231213004
• Apple Releases Security Updates for Multiple Products - 20231213003
• Microsoft Releases Security Updates for Multiple Products - 20231213002
• Apache Struts 2 Critical RCE Vulnerability - 20231213001
• Mobile Device Unauthenticated Bluetooth Keystroke-Injection - 20231212001
• LogoFAIL attack can install UEFI bootkits through bootup logos - 20231208003
• CISA Publish Joint Advisory on Cyber Actors Exploiting Adobe ColdFusion - 20231208002
• CISA Releases Critical Infrastructure Related Advisory Affecting Multiple Sectors - 20231208001
• Atlassian releases fixes for RCE vulnerabilities in multiple products - 20231207001
• Known Exploited Vulnerability in Adobe ColdFusion - 20231206002
• Qualcomm Multiple Chipsets added to CISA Known Exploited Catalog - 20231206001
• Google Chrome Critical Security Updates - 20231205001
• CISA Publish Joint Advisory on IRGC-Affiliated Cyber Actors Exploiting PLCs - 20231204002
• Apple Releases Security Updates for Multiple Products - 20231204001
• Known Exploited Vulnerability in Google Skia Integer Overflow - 20231201001

2023 November

• Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin - 20231129003
• Several Critical Vulnerabilities associated with ownCloud - 20231129002
• CISA Releases Multiple Critical Infrastructure Related Advisories - 20231129001
• Adobe Releases Security Updates for ColdFusion - 20231124002
• Mozilla Releases Security Updates for Firefox and Thunderbird - 20231124001
• Mozilla Releases Multiple Security Updates - 20231123002
• LockBit 3.0 affiliates exploiting Citrix Bleed added to CISA #StopRansomware Catalog - 20231123001
• Known Exploited Vulnerability - GNU C Library Dynamic Loader - 20231122002
• Juniper Addresses Multiple Vulnerabilities in Secure Analytics - 20231122001
• Sophos Web Appliance Command Injection Vulnerability - 20231117002
• Oracle Fusion Middleware PHP Remote File Inclusion Vulnerability - 20231117001
• Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability - 20231116001
• Fortinet Releases Security Updates for FortiClient and FortiGate - 20231115005
• CISA Adds Three Known Exploited Vulnerabilities to Catalog - 20231115004
• Microsoft Releases October 2023 Security Updates - 20231115003
• VMware Security Update for Cloud Director Appliance - 20231115002
• Citrix Bleed ACT NOW - Ensure Citrix ADC & Netscaler have mitigations applied OR are taken offline - 20231115001
• Juniper Junos OS EX / SRX vulnerabilities - 20231114002
• SysAid Server Path Traversal Known Exploited vulnerability - 20231114001
• Sumo Logic Discovered Evidence of a Potential Security Incident - 20231109002
• Service Location Protocol (SLP) Denial-of-Service Vulnerability - 20231109001
• Known Exploited Vulnerability - Service Location Protocol (SLP) Denial-of-Service - 20231109001
• Atlassian Confluence Data Center and Server Improper Authorization Vulnerability - 20231108001
• New Microsoft Exchange zero-days allow RCE, data theft attacks - 20231106002
• Cisco Releases Security Advisories for Multiple Products - 20231106001
• Mass exploitation of CitrixBleed vulnerability - 20231102002
• Apache ActiveMQ Unauthenticated RCE via Deserialization - 20231102001
• Improper Authorization Vulnerability In Confluence Data Center and Server - 20231101002
• BIG-IP Configuration utility authenticated SQL injection - 20231101001

2023 October

• VMware Tools Local Privilege Escalation and SAML Token Signature Bypass Vulnerabilities - 20231031001
• Apple Releases Security Advisories for Multiple Products - 20231027005
• Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature - 20231027004
• BIG-IP Configuration utility unauthenticated RCE - 20231027003
• Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability - 20231027001
• Mozilla Releases Security Advisories for Multiple Products - 20231026002
• VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities - 20231026001
• Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities - 20231025001
• Three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product - 20231023005
• Oracle Critical Patch Update Advisory - 20231023004
• Juniper Junos OS authentication backdoor - 20231023003
• BIG-IP in Appliance Mode Configuration utility vulnerability - 20231023002
• Apache HTTP Server vulnerabilities fixed in latest update - 20231023001
• Cisco IOS and IOS XE HTTP WebUI - 20231018001
• Fortinet Releases Security Updates for Multiple Products - 20231013001
• Citrix Releases Security Updates for Multiple Products - 20231012003
• Increased Business Email Compromise (BEC) Activity - 20231012002
• Guidance on OSS in IT/ICS Environments - 20231012001
• Microsoft WordPad Information Disclosure Vulnerability - 20231011005
• Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability - 20231011004
• Microsoft Skype for Business Privilege Escalation Vulnerability - 20231011003
• Adobe Acrobat and Reader Use-After-Free Vulnerability - 20231011002
• Hypertext Transfer Protocol version 2 (HTTP/2) Rapid Reset Vulnerability - 20231011001
• Juniper Announce RCE Chain Vulnerability Variation - 20231009002
• Apple releases Critical Updates for Known Exploited vulnerabilities - 20231009001
• WS_FTP Server Critical Vulnerabilities - 20231006002
• Known Exploited Vulnerability - Atlassian Patches Critical Confluence Zero-Day - 20231006001
• UPDATE: Exim MTA Disclose Additional Vulnerabilities - 20231004003
• Known Exploited Vulnerability - Arm Mali GPU Kernel Driver Use-After-Free - 20231004002
• Known Exploit Vulnerability - Google Chrome libvpx Heap Buffer Overflow - 20231004001
• Cisco Releases Advisories for Multiple Products - 20231002007
• Microsoft Sharepoint Server 19 Authentication Bypass PoC - 20231002006
• Known Exploited Vulnerability - Red Hat JBoss RichFaces Framework Expression Language Injection - 20231002005
• (Zero Day) Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability - 20231002004
• Actively Exploited Chrome Zero-Day Patch Released - 20231002003
• Apple Releases Security Updates for Multiple Products - 20231002002
• Cloudflare DDoS protection bypass vulnerability - 20231002001

2023 September

• NSA, FBI, CISA, and Japanese Partners Release Advisory on PRC-Linked Cyber Actors - 20230928002
• Mozilla Releases Advisories for Multiple Products - 20230928001
• ISC Releases Security Advisories for BIND 9 - 20230926003
• Atlassian Addresses Vulnerabilities for Multiple Products - 20230926002
• Tenable Discloses an Authentication Bypass Vulnerability in D-Link D-View 8 - 20230926001
• Increase in QR Code Phishing (Quishing)- 20230922003
• Drupal Core Cache Poisoning - 20230922002
• Known Exploited Vulnerability - Apple Releases Multiple Emergency Security Patches - 20230922001
• Trend Micro Patches Apex One Critical 3rd Party Vulnerability - 20230921002
• FBI and CISA Release Advisory on Snatch Ransomware - 20230921001
• Known Exploited Vulnerability - Laravel Ignition Remote Code Execution - 20230919003
• Samsung Mobile Devices Use-After-Free Vulnerability - 20230919002
• Fortinet Releases Security Updates for Multiple Products - 20230919001
• Chromium WebP Heap-Based Buffer Overflow Critical Vulnerability - 20230918001
• Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability - 20230915001
• Google Chrome Heap-Based Buffer Overflow Vulnerability added to CISA Known Exploited Catalog - 20230914003
• Cisco Unauthorized Access Vulnerability added to CISA Known Exploited Catalog - 20230914002
• Android Privilege Escalation Vulnerability added to CISA Known Exploited Catalog - 20230914001
• Microsoft's September 2023 Patch Tuesday and fixes for two zero-day exploits - 20230913001
• Apple Addresses Zero-Day Exploits for Multiple Products - 20230908003
• Cisco BroadWorks impacted by critical authentication bypass flaw - 20230908002
• Multiple Nation-State Threat Actors Exploit ManageEngine (CVE-2022-47966) and FortiOS (CVE-2022-42475) - 20230908001
• Apache RocketMQ Command Execution Vulnerability - 20230907001
• Infamous Chisel: Mobile Device (Android) Malware Analysis Report - 20230905004
• Apache Tomcat Contains an Open Redirect Vulnerability - 20230905003
• Mozilla Releases Multiple Security Updates for Firefox ESR - 20230905002
• Spring-Kafka Contains a Java Deserialization Vulnerability When Improperly Configured - 20230905001
• CISA Releases IOCs Associated with Malicious Barracuda Activity - 20230901003
• CISA and FBI Publish Joint Advisory on QakBot Infrastructure - 20230901002
• VMware Releases Security Updates for Aria Operations for Networks - 20230901001

2023 August

• Ignite Realtime Openfire Path Traversal Vulnerability added to CISA Known Exploited Catalog - 20230829002
• RARLAB WinRAR Code Execution Vulnerability added to CISA Known Exploited Catalog - 20230829001
• Citrix Products NetScaler ADC and NetScaler Gateway Zero Day Vulnerability - 20230822004
• Ivanti Sentry Administrator Interface API Authentication Bypass - 20230822003
• Cisco Releases Security Advisories for Multiple Products - 20230822002
• Adobe ColdFusion Vulnerability Added to CISA Known Exploited Catalog - 20230822001
• Atlassian-Releases-Security-Update-for-Confluence-Server-and-Data-Center - 20230821001
• Citrix Content Collaboration ShareFile Improper Access Control Vulnerability - 20230818002
• Citrix Content Collaboration ShareFile Improper Access Control Vulnerability - 20230818001
• Sophisticated network attacks and guidance for agencies - 20230816001
• SAP Releases Security Updates for August - 20230815002
• AMD CPU vulnerable to Inception data-leak attacks - 20230815002
• Microsoft .NET Core and Visual Studio Denial of Service Vulnerability - 20230810002
• Downfall and Zenbleed - Modern Processor Attacks - 20230810001
• Secure Cloud Business Applications (SCuBA) Project - 20230809004
• Microsoft Releases Security Updates for Multiple Products - 20230809003
• FortiOS update for buffer overflow vulnerability - 20230809002
• Adobe Releases Important Security Updates For Multiple Products - 20230809001
• Zyxel P660HN-T1A Routers Command Injection Vulnerability - 20230808001
• Mozilla Releases Security Updates for Firefox, Firefox ESR and Thunderbird - 202308001
• CISA Releases IDOR Vulnerability joint Advisory - 20230801001
• Malware Analysis Reports on Barracuda Backdoors - 20230801001

2023 July

• Compromised Microsoft Key - 20230728001
• Unpatched Zyxel Devices are Being Roped Into DDoS Botnets - 20230727003
• Apple Releases Security Updates for Multiple Products - 20230726002
• Zenbleed - AMD Zen2 processors vulnerable to sensitive data leak (CVE-2023-20593)
• Vulnerability in Ivanti Endpoint Manager Mobile (EPMM) - 20230725001
• Vulnerabilities in OpenSSH before 9.3p2 - 20230724002
• On-prem Atlassian Stacks are vulnerable - 20230724001
• Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells - 20230721002
• Adobe ColdFusion Improper Access Control Vulnerability - 20230721001
• An Out-of-Cycle Security Bulletin: Junos OS and Junos OS Evolved - 20230720004
• Adobe Releases Security Updates for ColdFusion - 20230720003
• Oracle Releases Security Updates - 20230720002
• Citrix Releases Security Updates for NetScaler ADC and Gateway - 20230720001
• Citrix Releases Security Updates for NetScaler ADC and Gateway - 20230719001
• Apple security releases - 20230717005
• Cisco SD-WAN vManage Unauthenticated REST API Access Vulnerability - 20230717004
• Adobe Product Security Incident Response Team - 20230717003
• Security Update for Zimbra Collaboration Suite Version 8.8.15 - 20230717002
• Microsoft TI Report for Storm-0987 - 20230717001
• ManageEngine ADAudit Plus Advisory - 20230714003
• BD Alaris System with Guardrails Suite MX - 20230714002
• SolarView Compact Command Injection Vulnerability - 20230714001
• Joint Cybersecurity Advisory (CSA) - 20230713001
• Microsoft Releases Security Updates for Multiple Products - 20230712003
• FortiOS and FortiProxy Critical Vulnerability Patch Released - 20230712002
• Adobe Releases Security Updates for ColdFusion and InDesign - 20230712001
• Android Security Bulletin - 20230711001
• Increase-in-QR-Code-Phishing-Technique - 20230710003
• Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability - 20230710002
• Linux kernel 6.1-6.4 "Stack Rot" Kernel Privilege Escalation- 20230710001
• Mozilla-Security-Advisories - 202307002
• Newly Identified Truebot Malware Variants - 20230707001
• Samsung Mobile Devices Unspecified Vulnerability - 20230703005
• Samsung Mobile Devices Unspecified Vulnerability - 20230703005
• Samsung Mobile Devices Race Condition Vulnerability - 20230703004
• Samsung Mobile Devices Race Condition Vulnerability - 20230703003
• Samsung Mobile Devices Improper Input Validation Vulnerability - 20230703002
• Samsung Mobile Devices Out-of-Bounds Read Vulnerability - 20230703001

2023 June

• D-Link DWL-2600AP Access Point Command Injection Vulnerability - 20230630006
• Defending Continuous Integration/Continuous Delivery (CI/CD) Environments - 20230630005
• D-Link DIR-859 Router Command Execution Vulnerability - 20230630005
• Medtronic Paceart Optima System - 20230630004
• Microsoft Teams Vulnerability Allows External Sources to Send Files to Employees - 20230630003
• Harden Systems Against BlackLotus Bootkit Malware - 20230630-002
• iPhone bugs abused in spyware attacks - 20230630001
• Apple Releases Security Updates for Multiple Products - 20230627004
• ISC Releases Security Advisories for Multiple Versions of BIND 9 - 20230627003
• Juniper Networks Releases Security Advisory for Junos OS and Junos OS Evolved - 20230627002
• VMware Releases Security Updates for for vCenter Server and Cloud Foundation - 20230627001
• Ivanti Endpoint Manager Vulnerability - 20230626003
• Firefox SVG Animation Remote Code Execution - 20230626002
• Microsoft Win32k Privilege Escalation Vulnerability - 20230626001
• VMware Aria Operations for Networks Command Injection Vulnerability - 20230623002
• Roundcube Webmail Active Exploits - 20230623002
• Western Digital 'My Cloud' Remote Code Execution - 20230623001
• ASUS Urges Customers To Patch Critical Router Vulnerabilities - 20230622001
• FortiOS & FortiProxy - Heap buffer overflow in sslvpn pre-authentication - 20230620004
• SAP High-Severity Vulnerabilities June 2023 - 20230620003
• WooCommerce Stripe Gateway WordPress Vulnerability - 20230620001
• Threat Actors Exploit Progress Telerik Vulnerabilities in Multiple U.S. Government IIS Servers UPDATE - 20230619001
• Update: MOVEit Transfer Critical Vulnerability - 20230616002
• Barracuda Networks Releases Update to Address ESG Vulnerability - 20230616001
• Understanding Ransomware Threat Actors: LockBit - 20230615003
• Understanding Ransomware Threat Actors: LockBit - 20230615003
• CISCO Releases Security Advisories for Multiple Products - 20230615001
• SEO poisoning targeting public sector (Gootloader) Advisory - 20230615002
• Mitigating Risk from Internet-Exposed Management Interfaces - 20230615001
• Microsoft Releases June 2023 Security Updates - 20230614002
• Fortinet Releases June 2023 Vulnerability Advisories - 20230613002
• Adobe Releases Security Updates for Multiple Products - 20230613001
• Barracuda Email Security Gateway (ESG) Vulnerability Update - 20230612002
• Fortinet fixes critical RCE in Fortigate SSL-VPN devices - 20230612001
• Mozilla Releases Security Updates for Firefox Products - 20230609003
• CL0P Ransomware Campaign - 20230609002
• VMware Releases Security Update for Aria Operations for Networks - 20230609001
• Google Chrome Vulnerability - 20230607001
• HID Global SAFE Vulnerability - 20230302002
• MOVEit Transfer Critical Vulnerability - 20230602001

2023 May

• Lazarus Group Targeting Windows IIS Web Servers - 20230531003
• Advantech WebAccess/SCADA Vulnerability - 20230531002
• Mirai Variant Targeting Multiple IoT Devices - 20230531001
• WordPress Plugin 'Beautiful Cookie Consent Banner' Under Active Exploitation - 20230529002
• Barracuda Security Gateway appliance vulnerability - 20230529001
• Detection Guidance for Volt Typhoon - 20230525001
• CISA Industrial Control Systems Advisories, May 23 - 20230524001
• Three Known Exploited Apple Vulnerabilities - 20230523001
• Hunting Russian Intelligence “Snake” Malware | CISA - 20230522001
• CISA Industrial Control Systems Advisories, May 16 - 20230517001
• CISA Industrial Control Systems Advisories - 20230512001
• TechnologyOne investigates 'cyber incident' on M365 system - 20230510004
• cPanel Exploit Vulnerability - 20230510003
• Win32k Elevation of Privilege Vulnerability - 20230510002
• Microsoft has Released Security Updates for May 2023 - 20230510001
• Artificial Intelligence Usage in the Western Australian Government - 20230509001
• ALPHV (aka BlackCat) Ransomware Activity - 20230503001
• Apache Log4j2 Deserialization of Untrusted Data Vulnerability - 20230502002
• Oracle WebLogic Server Unspecified Vulnerability - 20230502001
• VMware Workstation and Fusion updates address multiple security vulnerabilities - 20230501007
• EDR Bypass Technique 'Aukill' - 20230501006
• Oracle Critical Patch Update Advisory - April 2023 20230501005
• Oracle Critical Patch Update Advisory - April 2023 20230501005
• Zyxel OS Command Injection Vulnerability - 20230501004
• Cisco Industrial Network Director Vulnerabilities - 20230501003
• Cisco Prime Collaboration Deployment Cross-Site Scripting Vulnerability - 20230501002
• Apache Superset Vulnerability Exposes Servers to RCE Attacks - 20230501001

2023 April

• ICSMA-23-117-01 Illumina Universal Copy Service - 20230428001
• Service Location Protocol (SLP) Abuse May Lead to DoS Attack - 20230427001
• SolarWinds Platform Command Injection Vulnerability - 20230426009
• Multiple VMware Aria Operations for Logs Vulnerabilities - 20230426008
• Drupal Releases Security Advisory for Bypass Vulnerability in Drupal Core - 20230426007
• Oracle Releases Security Updates - 20230426005
• MinIO Information Disclosure Vulnerability - 20230426004
• PaperCut MF/NG Improper Access Control Vulnerability - 20230426003
• Google Chrome Skia Integer Overflow Vulnerability - 20230426002
• Cisco Releases Security Advisories for Multiple Products - 20230426001
• Supply Chain Attack Against 3CXDesktopApp - 20230421003
• Schneider UPS Online Monitoring Software Vulnerability - 20230419002
• APT28 Exploits Known Vulnerability on Cisco Routers - 20230419001
• Google Chromium V8 Engine Type Confusion Vulnerability - 20230418002
• Apple macOS Use-After-Free Vulnerability - 20230418001
• Microsoft Releases Guidance for the BlackLotus Campaign - 20230413006
• Adobe Releases Security Updates for Multiple Products - 20230413005
• Microsoft Releases April 2023 Security Updates - 20230413004
• Fortinet April 2023 Vulnerability - 20230413003
• Mozilla Releases Security Advisories for Multiple Products - 20230413002
• Apple Releases Security Updates for Multiple Products - 20230413001
• Windows Common Log File System Driver Elevation of Privilege Vulnerability - 20230412001
• Sophos Vulnerability - 20230411006
• Apple Vulnerability - 20230411005
• Arm Mali GPU Kernel Driver Information Disclosure Vulnerability - 20230411004
• Windows Certificate Dialog Elevation of Privilege Vulnerability - 20230411003
• Veritas Backup Exec Agent Vulnerabilities - 20230411002
• Cisco Releases Security Advisories for Multiple Products - 20230411001
• CISA ICS Advisory: Hitachi Energy IEC 61850 MMS-Server - 20230405001
• QNAP Vulnerability in QTS and QuTS hero - 20230403001

2023 March

• Apple Releases Security Updates for Multiple Products - 20230331003
• CISA Adds Known Exploited Vulnerabilities to Catalog - 20230331002
• GoAnywhere Active Campaign - 20230331001
• 3CX Active Intrusion Campaign - 20230330001
• Adobe ColdFusion Security Updates - 20230327003
• Update for Microsoft Outlook Elevation of Privilege Vulnerability - 20230327002
• Veeam Backup & Replication Vulnerability - 20230327001
• Cisco Releases Security Advisories for Multiple Products - 20230324002
• Ransomware - LockBit 3.0 IOC's and TTP's - 20230317002
• Honeywell OneWireless Device Manager Vulnerability - 20230317001
• Drupal Core Access bypass vulnerability - 20230317001
• Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server - 20230316004
• Adobe Releases Security Updates for Multiple Products - 20230316003
• Mozilla Releases Security Updates for Firefox 111 and Firefox ESR 102.9 - 20230316002
• Microsoft March 2023 Security Updates - 20230316
• Fortinet FortiOS Path Traversal Vulnerability - 20230315004
• Windows SmartScreen Security Feature Bypass Vulnerability - 20230315003
• Microsoft Internet Control Message Protocol (ICMP) Remote Code Execution (RCE) Vulnerability- 20230315002
• Microsoft Outlook Elevation of Privilege Vulnerability - CVE-2023-23397
• XStream Remote Code Execution (RCE) Vulnerability - 20230314002
• Plex Media Server Remote Code Execution (RCE) Vulnerability - 20230314001
• Apache Spark Command Injection Vulnerability - 20230308003
• Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability - 20230308002
• Fortinet Vulnerabilities for FortiOS / FortiProxy / Buffer underflow in administrative interface - 20230308001
• Medtronic Micro Clinician and InterStim Apps - 20230303002
• Cisco IP Phone Web UI Vulnerabilities - 20230303001

2023 February

• VMware Releases Security Updates for Carbon Black App Control - 20230227005
• Cisco Security Advisories for Multiple Products - 20230227004
• Fortinet Releases Security Updates for Multiple Products - 20230227003
• Mozilla Releases Security Updates for Thunderbird 102.8 - 20230227002
• IBM Aspera Faspex 4.4.2 Patch Level 1 - 20230227001
• Cacti Command Injection Vulnerability - 20230217002
• Cisco Releases Security Advisories for Multiple Products - 20230217001
• Citrix Security Updates for Workspace Apps, Virtual Apps and Desktops - 20230215005
• Adobe Releases Security Updates for Multiple Products - 20230215004
• Microsoft February 2023 Security Updates - 20230215003
• Mozilla Releases Security Updates for Firefox 110 and Firefox ESR - 20230215002
• Apple Releases Security Updates for Multiple Products - 20230215001
• Security Patch Update for Secret Server 11.3.000003 - 20230209001
• VMware ESXiArgs Ransomware Recovery Script Release - 20230208001
• VMware ESXi servers targetted by ESXiArgs ransomware - 20230206001
• CISA Releases Oracle E-Business Suite & SugarCRM Known Vulnerabilities Updates - 20230203003
• Drupal Apigee Edge Security Vulnerability Update - 20230203002
• VMware vRealize Operations (vROps) CSRF Bypass Vulnerability - 20230203001
• Multiple Internet Systems Consortium (ISC) BIND 9 Security Advisories - 20230201001

2023 January

• Telerik UI for ASP.NET AJAX Known Vulnerability - 20230127002
• CISA Releases Eight Industrial Control Systems Advisories - 20230127001
• CISA Releases Two Industrial Control Systems Advisories - 20230125002
• Apple Releases Security Updates for Multiple Products - 20230125001
• ManageEngine RCE Vulnerability Known Exploitation - 20230124001
• Mozilla Releases Critical Security Updates - 20230123002
• Drupal Address Multiple Vulnerabilities - 20230123001
• Drupal Address Multiple Vulnerabilities - 20230123001
• UPDATE: Sophos Firewall Critical Vulnerability - 20230120001
• Resurgence of SEO Poisoning - 20230119001
• Increased Events from Threat Activity Group DEV-0867 - 20230118001
• Zoom Rooms Local Privilege Escalation Vulnerability - 20230117004
• FortiOS Heap-Based Buffer Overflow in SSL-VPN - 20230117003
• CISCO Prime DCNM File Information Disclosure Vulnerability - 20230117002
• CISCO VPN Router Web-Based Interface Vulnerability - 20230117001
• Juniper Networks Releases Security Updates for Multiple Products - 20230113002
• Drupa Private Taxonomy Vulnerability Security Update - 20230113001
• Microsoft Exchange Server and Windows Vulnerabilities - 20230111003
• Adobe Security Updates for Multiple Products - 20230111002
• Microsoft January 2023 Security Updates - 20230111001
• Number Matching in Multifactor Authentication - 20230110001
• Centos Web Panel 7 Unauthenticated Remote Code Execution (RCE) - 20230109003
• ManageEngine SQL Injection Vulnerability - 20230109002
• Synology-SA-22:25 SRM Vulnerability - 20230109001
• FortiADC Command Injection Vulnerability - 20230105001
• TIBCO JasperReports Server Vulnerability - 20230104002
• TIBCO JasperReports Library Vulnerability - 20230104001

2022 December

• UPDATED ADVISORY - Fortinet Vulnerabilities for FortiOS / FortiProxy / FortiSwitchManager - 20221228001
• Apple critical security updates - 20221223002
• New Exploit Method for Bypassing ProxyNotShell Mitigations - 20221223002
• Lastpass breach update (ACTION NEEDED: customer details and vaults accessed in November 2022) - 20221223001
• Samba Security Release Updates - 20221219001
• Apple iOS Type Confusion vulnerability - 20221216004
• Veeam Backup & Replication security updates - 20221216003
• Microsoft Defender SmartScreen Security Feature Bypass Vulnerability - 20221216002
• Drupal Security Updates for H5P and File(Field) Paths - 20221216001
• Critical vulnerabilities in Citrix Gateway and Application Delivery Controller (ADC) devices - 20221215001
• Mozilla Security Updates for Thunderbird and Firefox - 20221214002
• VMWare Critical Security Updates - 20221214001
• Fortinet Vulnerabilities for FortiOS / FortiProxy / FortiSwitchManager - 20221213001
• Cisco Releases Security Advisory for IP Phone 7800 and 8800 Series - 20221212001
• UPDATED ADVISORY - SEO poisoning targeting public sector (Gootloader) - 20221208003
• Sophos Release Patch for Seven "Sophos Firewall" CVE's - 20221208003
• Chromium V8 Type Confusion Vulnerability - 20221208001
• ACSC December 2022 ISM and E8 Updates - 20221202001

2022 November

• Google Chrome Vulnerability - 20221129003
• Fusion Middleware Vulnerability - 20221129002
• Boa Web Server Vulnerabiltiy - 20221128001
• Suspicious Gmail accounts targeting Victorian Government - 20221125001
• NSA - Software Memory Safety - 20221124001
• Cisco Security Updates for Identity Services Engine - 20221123002
• Samba Security Update - 20221123001
• Mozilla Releases Security Updates for Multiple Products - 20221122001
• F5 BIG-IP and iControl REST Vulnerabilities and Exposures - 20221117001
• Microsoft Windows: Multiple known exploited vulnerabilities - 202211100002
• Citrix Security Bulletin (Gateway and ADC) - 202211100001
• OpenSSL 3.0.x affected by two high severity vulnerabilities- 202211030001

2022 October

• VMware Cloud Foundation Unauthenticated Remote Code Execution - 20221031002
• SEO poisoning targeting public sector (Gootloader) Advisory - 20221028001

Key Sources

• Cybersecurity & Infrastructure Security Agency (US CISA) Known Exploited Vulnerabilities Catalog
• Australian Cyber Security Centre (ACSC) Alerts & Advisories
• National Cyber Security Centre (UK NCSC) Reports & Advisories