Advisories (TLP:CLEAR)
2024 October¶
- Progress Telerik Critical Vulnerability - 20241010004
- Palo Alto Critical Vulnerabilities - 20241010003
- Fortinet Critical Vulnerabilities - 20241010002
- Mozilla Firefox Critical Vulnerability - 20241010001
- Siemens Publishes ICS Advisory - 20241009004
- SAP Critical Vulnerability - 20241009003
- TeamViewer Publishes Important Updates - 20241009002
- Microsoft Releases Critical Security Updates - 20241009001
- GitLab Critical SAML Vulnerability - 20241008001
- Apple Releases Critical Updates - 20241007001
- CISA Releases New ICS Advisories and OT Guidance - 20241004002
- Microsoft Office Critical ZeroDay Vulnerability - 20241004001
- CISA Releases New ICS Advisories - 20241002001
- SolarWinds Critical Vulnerability - 20241001001
2024 September¶
- Progress WhatsUp Gold Critical Updates - 20240930002
- Common UNIX Printing System (CUPS) Critical Vulnerabilities - 20240930001
- CISA Releases New ICS Advisories - 20240927003
- GitLab Critical Vulnerability - 20240927002
- ASD Publishes Joint Advisory - 20240927001
- CISA Releases OT and ICS Security Advisory - 20240926002
- SQL-based Critical Vulnerabilities - 20240926001
- CISA Publishes New ICS Advisories - 20240925001
- GeoServer Critical Vulnerability - 20240924002
- Grafana Plugin SDK Information Leakage Vulnerabilty - 20240924001
- Broadcom VMware Critical Update - 20240919002
- ASD Publishes Joint Advisory on China Linked Botnet Operations - 20240919001
- CISA Releases New ICS Advisories - 20240918001
- CISA and Siemens Release New ICS Advisories - 20240913004
- GitLab Publishes Critical Update - 20240913003
- WordPress Plugin Critical Update - 20240913002
- SolarWinds Critical Update - 20240913001
- CISA Publishes ICS Advisory - 20240911003
- Ivanti Publishes Critical Security Updates - 20240911002
- Microsoft Publishes Critical Updates - 20240911001
- Veeam Releases Critical Updates - 20240909001
- Cisco Publishes Critical Update - 20240906003
- Microsoft Vulnerability Known Exploitation - 20240906002
- CISA Releases New Joint Advisory - 20240906001
- WinRAR Vulnerability Active Exploitation - 20240904002
- Ivanti Critical Vulnerability PoC Published - 20240904001
- CISA Releases New ICS Advisories - 20240903002
- Zabbix Server Critical Vulnerability - 20240903001
2024 August¶
- CISA Releases Joint Advisory on RansomHub Ransomware - 20240830001
- SonicWall Publishes Critical Updates - 20240827001
- Progress WhatsUp Gold Critical Update - 20240826002
- Chromium Vulnerability Known Exploitation - 20240826001
- CISA Releases New ICS Advisories - 20240823002
- SolarWinds Releases Critical Update - 20240823001
- Microsoft Publishes Critical CVE Advisory - 20240822002
- WordPress Plugins Critical Vulnerabilities- 20240822001
- WPS Office Releases Critical Update - 20240819002
- WordPress Plugin Critical Vulnerabilities - 20240819001
- CISA Releases New ICS Advisories - 20240816001
- SAP Releases Critical Updates - 20240814003
- SolarWinds Releases Critical Update - 20240814002
- Microsoft Discloses Multiple ZeroDay Vulnerabilities - 20240814001
- RunZero Demonstrates Numerous SSH Vulnerabilities - 20240813001
- Cisco Releases Critical Update - 20240809001
- CISA Releases New ICS Advisories - 20240802002
- Bitdefender Releases Critical Security Updates - 20240802001
- Multiple SMTP Servers Vulnerable to Spoofing Attacks - 20240801004
- Progress Software Releases Security Advisory - 20240801003
- CISA Releases New ICS Advisories - 20240801002
- CISA Releases Advisory Addressing DigiCert Certificate Revocations - 20240801001
2024 July
- Apple Releases Multiple Product Updates - 20240731004
- Langflow Privilege Escalation - 20240731002
- Cisco Critical RADIUS Protocol Vulnerability - 20240730002
- VMWare ESXi Active Exploitation Campaigns - 20240730001
- OpenStack Releases Critical Security Advisory - 20240729002
- Acronis Releases Critical Security Advisory - 20240729001
- ServiceNow Public Exploitation Campaigns - 20240726005
- CISA Publishes New ICS Advisories - 20240726004
- GitLab Releases Security Advisory - 20240726003
- Telerik Releases Security Advisory - 20240726002
- CISA Releases Joint Advisory for North Korean Cyber Espionage Activity - 20240726001
- Google Releases New Chrome Stable Version - 20240725003
- Docker Releases Critical Security Advisory - 20240725002
- ISC Releases Multiple BIND 9 Security Advisories - 20240725001
- CISA Publishes New ICS Advisories - 20240724003
- CISA Updates Known Exploited Catalog - 20240724001
- Okta Releases Browser Plugin Advisory - 20240723002
- AWS Security Advisory for Flaws in AWS Client VPN - 20240723001
- SonicWall Releases New Security Advisory - 20240722003
- Microsoft DSVM Proof of Concept Published - 20240722002
- IrfanView Plugin Vulnerability - 20240722001
- Oracle Publishes Quarterly Critical Patch Advisory - 20240719001
- SolarWinds Patches Critical Vulnerabilities - 20240718006
- Atlassian July 2024 Security Advisory - 20240718005
- Ivanti Releases New Security Advisories - 20240718004
- Cisco Releases New Security Advisories - 20240718003
- Chromium Browsers Release Updates - 20240718002
- CISA Adds items to known exploited catalog - 20240718001
- CISA Releases Critical Infrastructure Related Advisory - 20240717001
- GeoServer Critical Vulnerability Added to Known Exploited Catalog - 20240716001
- Junos OS Evolved: Privilege Escalation Vulnerability Resolved - 20240715001
- CISA Releases Multiple Critical Infrastructure Related Advisories - 20240712005
- LightTPD Critical Vulnerability - 20240712004
- PHP Vulnerability Active Exploitation - 20240712003
- GitLab Critical Advisory - 20240712002
- Palo Alto Expedition - Admin Account Takeover Vulnerability - 20240712001
- Citrix Updates Multiple Products - 20240710005
- Adobe Updates Multiple Products - 20240710004
- CISA Releases APT40 Advisory - 20240710003
- Microsoft Azure Network Watcher VM Vulnerability - 20240710002
- Windows Vulnerabilities Added to CISA Known Exploited Catalog - 20240710001
- Synology Camera Advisory - 20240709002
- Cisco Affected by OpenSSH Vulnerability - 20240709001
- Apache HTTP Server Critical Source Code Disclosure Vulnerability - 20240708001
- Splunk RCE Advisory - 20240705001
- GeoServer Urgent Advisory - 20240704002
- Juniper Security Advisory - 20240704001
- CISA Releases New ICS Advisories - 20240703002
- Apache Security Advisory - 20240703001
- LibreOffice Patches Critical Vulnerability in LibreOfficeKit - 20240702003
- Cisco NX-OS Software CLI Command Injection Vulnerability - 20240702002
- OpenSSH Critical Advisory - 20240702001
- Oracle WebLogic Server Exploitation - 20240701004
- Rockwell Urgent Advisory - 20240701003
- HubSpot Investigating Potential Breach - 20240701002
- Juniper Releases Urgent Advisory - 20240701001
2024 June
- CISA Releases Multiple Critical Infrastructure Related Advisories - 20240628002
- GitLab Vulnerabilities June 2024 - 20240628001
- Windows Kernel Elevation of Privilege PoC Released - 20240627001
- JavaScript Polyfill Supply Chain Attack - 20240626004
- WordPress Plugin Vulnerabilities - 20240626003
- Windows Bluetooth Service Exploit PoC Published - 20240626002
- VMware ESXi and vCenter Server multiple vulnerabilities - 20240626001
- Linux Kernel ICMPv6 Router RCE Vulnerability - 20240624001
- Chromium OSS Vulnerabilities - 20240621001
- Deep Java Library Critical Vulnerability - 20240619003
- VMWare Multiple Vulnerabilities - 20240619002
- Tenable NNM Vulnerability - 20240619001
- Dropbox Desktop Mark-of-the-Web Bypass Vulnerability - 20240617002
- CISA Adds items to Known Exploited Catalog - 20240617001
- Ivanti EPM SQL Injection Remote Code Execution Vulnerability - 20240614001
- Adobe Updates Multiple Products - 20240613004
- Mozilla Products Multiple Vulnerabilities - 20240613003
- Apple Exploitation PoC Published - 20240613002
- Google Chrome Security Updates - 20240613001
- Fortinet Releases Security Updates for FortiOS - 20240612002
- Microsoft June 2024 Patch Fixes Critical RCE Vulnerability - 20240612001
- SolarWinds Product Advisories - 20240611004
- ARM Mali GPU vulnerability active exploitation - 20240611003
- Veeam Exploitation PoC Published - 20240611002
- Microsoft SharePoint Server Information Disclosure Vulnerability - 20240611001
- Proof of Concept Published for PHP (Windows) Vulnerability - 20240610001
- Apache RocketMQ Active Exploitation Campaign - 20240607002
- Critical Vulnerability in WordPress Plugin - 20240607001
- Google Cloud Platform (GCP) Privilege Escalation Vulnerability - 20240606001
- macOS Root Access Exploit Published - 20240605002
- MySQL2 Vulnerability - 20240605001
- SnowFlake Cyber Threat Activity Targeting Customer Accounts - 20240604004
- NGINX HTTP/3 Vulnerability Patches Released - 20240604003
- Google Chrome Arbitrary Code Execution Multiple Vulnerabilities - 20240604002
- Known Exploited Oracle WebLogic Server Injection Vulnerability - 20240604001
2024 May
- Linux Kernal Vulnerability added to CISA Known Exploited Catalog - 20240531001
- Check Point Remote Access VPN Vulnerability - 20240530002
- FortiSIEM Proof Of Concept Published - 20240530001
- Windows 10 PLUGScheduler Elevation of Privilege Vulnerability - 20240529001
- GNOME Remote Desktop Vulnerability - 20240527004
- Ivanti Endpoint Manager SQL Injection RCE Vulnerability - 20240527003
- May 2024 Cisco ASA, FMC, and FTD Software Security Advisory - 20240527002
- Google Patches Chrome Zero Day Vulnerability - 20240527001
- Cisco FMC Vulnerability - 20240524003
- GitLab Account Takeover Vulnerability - 20240524002
- WinRAR Text Vulnerability - 20240524001
- Atlassian Patches RCE Flaw in Confluence Data Center and Server - 20240523004
- Ivanti EPMM Vulnerability - 20240523002
- Broadcom Security Advisory Addresses Multiple VMware Vulnerabilities - 20240523001
- Critical Veeam Backup Enterprise Manager Vulnerability - 20240522003
- 'All in One SEO' WordPress plugin vulnerability - 20240522002
- PDF.js Code Execution Vulnerability - 20240522001
- Amazon Redshift JDBC Driver SQLi Vulnerability - 20240520002
- Zabbix SQLi Vulnerability - 20240520001
- Git Patches Critical RCE Vulnerabilities - 20240517005
- Google Chrome Arbitrary Code Execution Vulnerabilities - 20240517004
- CISA Releases Seventeen Industrial Control Systems Advisories - 20240517003
- Cisco Releases Security Updates for Multiple Products - 20240517002
- D-Link Known Exploited Vulnerabilities - 20240517001
- Cacti Command Injection and XSS Vulnerabilities - 20240516004
- SAP Critical Vulnerability Exposes Systems to Complete Takeover - 20240516003
- SolarWinds ARM Vulnerabilities - 20240516002
- HPE Aruba Networking Multiple Critical Vulnerabilities - 20240516001
- Windows Zero-Day Vulnerability Exploited To Deliver QakBot Malware - 20240515005
- Adobe Products Arbitrary Code Execution Multiple Vulnerabilities - 20240515004
- Mozilla Products Arbitrary Code Execution Multiple Vulnerabilities - 20240515003
- Microsoft Releases May 2024 Security Updates - 20240515002
- Apple Security Updates for Multiple Products - 20240515001
- SonicWall GMS Virtual Appliance Windows Multiple Vulnerabilities - 20240514003
- Android Security Advisory May 2024 - 20240514002
- Chromium Visuals Updates - 20240514001
- Oracle VM VirtualBox Vulnerability - 20240513004
- Microsoft Edge (Chromium-based) Spoofing Vulnerability - 20240513003
- Next.js Vulnerabilities - 20240513002
- New Chrome Zero-Day Vulnerability Under Active Exploitation - 20240516005
- Trend Micro Patches Multiple Vulnerability - 20240510005
- eDrawings Viewer DXF File Parsing RCE Vulnerability - 202405010004
- Deno Privilege Escalation - 20240510002
- F5 Security Advisory Addresses Multiple Vulnerabilities - 20240510001
- TunnelVision Vulnerability of VPN Traffic via DHCP Manipulation - 20240510003
- Google Chrome Arbitrary Code Execution Multiple Vulnerabilities - 20240509001
- Oracle WebLogic Server High Severity Vulnerability - 20240508004
- Mozilla PDF.js Arbitrary Code Execution Vulnerability - 20240508003
- Adobe Acrobat Updates May 2024 For Windows And MacOS - 20240508002
- Google Android Security Advisory May 2024 - 20240508001
- Xiaomi Android Devices Multiple Vulnerabilities Across Apps and System Components - 20240507002
- D-Link DIR-645 Router added to CISA Known Exploited Catalog - 20240507001
- WordPress Multiple Plugins Stored Cross-Site Scripting Vulnerability - 20240506001
- North Korean Threat Actor Email Policy Exploitation - 20240503004
- Acrobat Reader Vulnerability - 20240503003
- Cisco IP Phones Vulnerability - 20240503002
- Apache ActiveMQ Vulnerability - 20240503001
- HPE Aruba Network Products Critical RCE Vulnerabilities - 20240502001
- Foxit PDF Reader Vulnerabilities - 20240501003
- Zscaler Client Connector Vulnerability - 20240501002
- Microsoft SmartScreen Prompt Security Vulnerability - 20240501001
2024 April
- R Programming Language Vulnerability - 20240430003
- Network Attached Storage (NAS) Vulnerability - 20240430002
- CrushFTP systems vulnerability - 20240430001
- Delinea Secret Server Authentication Bypass Vulnerability - 20240429003
- WordPress Automatic plugin vulnerability - 20240429002
- Windows Kernel Elevation of Privilege Vulnerability - 20240429001
- Progress Software Telerik Reporting ObjectReader Vulnerability - 20240426003
- GitLab Critical Security Update - 20240426002
- ArcaneDoor Exploiting Cisco ASA Vulnerabilities - 20240426001
- Microsoft pulls fix for Outlook bug behind ICS security alerts - 20240424003
- Windows DOS-to-NT Path Conversion Process Exploited - 20240424002
- Microsoft Exchange Server Remote Code Execution Vulnerability - 20240424001
- Windows Print Spooler Elevation of Privilege Vulnerability - 20240423002
- VirtualBox Privilege Escalation Vulnerability - 20240423001
- Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability - 20240422002
- HashiCorp Vulnerability in go-getter Library - 20240422001
- Libreswan Popular VPN Software Vulnerability - 20240419004
- Critical PuTTY Vulnerability Exposes Private Keys - 20240419003
- Oracle Critical Patch Update for April 2024 - 20240419002
- Cisco Patches Vulnerabilities in Integrated Management Controller - 20240419001
- Ivanti Avalanche Multiple RCE Vulnerabilities - 20240418004
- Botnets Swarm Exploited in TP-Link Archer Routers - 20240418003
- Google Chrome Multiple RCE Vulnerabilities - 20240418002
- Microsoft QUIC Denial of Service Vulnerability - 20240417002
- Multiple Vulnerabilities in Mozilla Products - 20240417001
- Critical Rust Standard Library Vulnerability - 20240416004
- Google Chrome V8 Enum Cache Out-Of-Bounds Read RCE Vulnerability - 20240416003
- SAP Security Advisory April 2024 - 20240416002
- Node.js Security Patch for Critical Vulnerability - 20240416001
- Juniper Security Updates for Multiple Products - 20240415003
- Bitdefender Critical Vulnerabilities in GravityZone and Endpoint Security - 20240415002
- Palo Alto Networks PAN-OS Command Injection Vulnerability - 20240415001
- Chrome Security Update - 20240412001
- Adobe Releases Security Updates for Multiple Products - 20240410004
- Microsoft Releases April Security Updates - 20240410003
- Fortinet Releases Security Updates for Multiple Products - 20240410002
- D-Link Critical Vulnerability - 20240410001
- Podman Buildah Vulnerability - 20240408004
- Google Releases Patches for Pixel Zero-Days - 20240408003
- Cisco Vulnerability in Discontinued Small Business Routers - 20240408002
- PGAdmin Remote Code Execution Vulnerability - 20240408001
- Apache HTTP Server Triple Vulnerabilities - 20240405003
- Microsoft Edge Spoofing Vulnerability - 20240405002
- Ivanti Security Update for Connect Secure and Policy Secure Gateways - 20240405001
- VMware SD-WAN Edge and SD-WAN Orchestrator Multiple Security Updates - 20240404001
- JetBrains TeamCity Cross-Site Scripting Vulnerability - 20240402006
- Linux Kernel Vulnerability - 20240402005
- WallEscape util-Linux Vulnerability - 20240402004
- GitLab Stored XSS Vulnerability - 20240402003
- Supply Chain Compromise Affecting XZ Utils Data Compression Library - 20240402002
- Cisco Security Updates for Multiple Products - 20240402001
2024 March
- Chrome Zero Days - 20240328002
- Apple Released Security Updates for Safari and macOS - 20240328001
- Firefox Patches Critical Zero-Day Vulnerabilities - 20240327003
- Apache Tomcat Denial of Service Vulnerabilities - 20240327002
- CISA Releases Multiple Critical Infrastructure Related Advisories - 20240327001
- Microsoft Edge Chromium based Security Feature Bypass Vulnerability - 20240326003
- Microsoft Edge Chromium based Security Feature Bypass Vulnerability - 20240326003
- .NET Framework Information Disclosure Vulnerability - 20240326002
- Ivanti Endpoint Manager Code Injection Vulnerability - 20240326001
- Advantech WebAccess/SCADA SQL Injection Vulnerability - 20240322003
- Ivanti Neurons for ITSM and Standalone Sentry Security Updates - 20240322002
- Chrome Security Update - 20240322001
- Xbox Gaming Services Elevation of Privilege Vulnerability - 20240321002
- Mozilla Security Updates For Multiple Products - 20240320001
- WordPress miniOrange Plugins Critical Vulnerability - 20240319002
- Directory Traversal PoC in FileCatalyst Workflow - 20240319001
- WordPress Plugin File Manager and File Manager Pro Critical Vulnerability- 20240318004
- Fortinet Critical SQLi Vulnerability in FortiClientEMS Software - 20240318003
- Akamai Kubernetes Vulnerability - 20240318002
- Arcserve UDP Software Critical Vulnerabilities - 20240318001
- CISA Releases Fifteen Industrial Control Systems Advisories - 20240315003
- Cisco Security Updates for IOS XR Software - 20240315001
- DNSSEC Verification Complexity Vulnerability - 20240313004
- Adobe Releases Security Updates for Multiple Products - 20240313003
- Fortinet Releases Security Updates for Multiple Products - 20240313002
- Microsoft Releases Security Updates for Multiple Products - 20240313001
- Word Press Plugin 3DPrint Lite Critical Vulnerability - 20240311003
- Fortinet FortiOS Critical Vulnerability - 20240311002
- Apple Multiple Products Security Advisory - 20240311001
- Veritas NetBackup Server and Client RCE Vulnerability - 20240308005
- Android security advisory -- March 2024 Monthly Rollup (AV24-119)- 20240308004
- Windows Themes Spoofing Vulnerability - 20240308003
- Microsoft Edge for Android Spoofing Vulnerability - 20240308002
- Cisco Releases Security Advisories for Multiple Products - 20240308001
- VMware Releases Security Advisory for Multiple Products - 20240307002
- Known Exploited Apple iOS and iPad Zeroday Vulnerabilities - 20240307001
- Android Pixel Vulnerability added to CISA Known Exploited Catalog - 20240306001
- JetBrains TeamCity Vulnerability Added to CISAs Known Exploited Catalog - 20240305003
- Adobe Acrobat Reader Multiple Vulnerabilities - 20240305002
- Cisco Patches NX-OS DoS Vulnerabilities - 20240305001
2024 February
- Linux Kernel Code Execution Vulnerability - 20240226003
- Junos OS RCE Vulnerability - 20240226002
- Microsoft Edge Spoofing and Information Disclosure Vulnerabilities - 20240226001
- Zero-Click Apple Shortcuts Vulnerability - 20240223002
- Critical Vulnerability in Progress Kemp products - 20240223001
- Mozilla Releases Security Updates for Firefox and Thunderbird - 20240222001
- CISA Adds ConnectWise ScreenConnect Known Exploited Vulnerability - 20240221004
- Apache Dolphinscheduler RCE Vulnerability - 20240221003
- Zyxel security advisory for multiple vulnerabilities in firewalls and APs - 20240221002
- Critical Vulnerability in Deprecated VMware EAP - 20240221001
- WordPress's Bricks Builder RCE Flaw - 20240220001
- Guidance following nation state attack on Microsoft - 20240219002
- SolarWinds Releases Patches for Vulnerabilities - 20240219001
- SolarWinds Releases Patches for Access Rights Manager vulnerabilities - 20240219001
- Cisco ASA and FTD Information Disclosure Vulnerability - 20240216001
- Zoom Critical Security Updates - 20240215001
- Adobe Releases Security Updates for Multiple Products - 20240214003
- Microsoft Releases Security Updates for Multiple Products - 20240214002
- Privilege Escalation for Ivanti Connect Secure and Ivanti Policy Secure - 20240214001
- Roundcube Webmail added to CISA Known Exploited Catalog - 20240213001
- Microsoft Streaming Service Vulnerability Exploited - 20240212001
- Google Chrome Security Updates - 20240209003
- Fortinet Multiple RCE Vulnerabilities Exploited - 20240209002
- Ivanti Critical Patch for Multiple Products - 20240209001
- Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities - 20240208003
- VMware Releases Security Advisory for Aria Operations for Networks - 20240208002
- Shim Bootloader RCE Vulnerability - 20240208002
- VMware Releases Security Advisory for Aria Operations for Networks - 20240208001
- FortiSIEM - Citical Command Injection Vulnerabilities - 20240207003
- Critical Android Security Advisory - 20240207002
- CISA Adds One Known Exploited Vulnerability to Catalog - 20240207001
- Google Chrome Security Updates - 20240205002
- Juniper Networks Security Advisory - 20240205001
- Microsoft Edge Security Updates - 20240202003
- Docker Container Runtime Component Vulnerabilities - 20240202002
- CISA Known Exploited Catalog - 20240202001
- CISA Added Known Exploited Vulnerabilities to Catalog - 20240201001
2024 January
- Microsoft Security Updates - 20240131003
- New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways - 20240131002
- Updated Mitigations to Defend Against Exploitation of Ivanti services - 20240131002
- CISA Releases Critical Infrastructure Related Advisories - 20240131001
- Atlassian Confluence Data Center Known Exploited Vulnerabilities - 20240130002
- Juniper Networks Security Advisory - 20240130001
- GitLab Critical Security Advisory - 20240129002
- GitLab Arbitrary File Write Vulnerability - 20240129002
- Microsoft Edge Elevation of Privilege Vulnerability - 20240129001
- Cisco Critical Advisory - 20240125002
- Mozilla Releases Security Updates for Thunderbird and Firefox - 20240125001
- CISA Releases Critical Infrastructure Related Advisories - 20240124003
- Frontra GoAnywhere MFT Authentication Bypass Vulnerability - 20240124002
- Splunk Enterprise Patches High-Severity Vulnerability - 20240124001
- Apple Curl Overflow added to CISA Known Exploited Catalog - 20240123002
- VMWare added to CISA Known Exploited Catalog - 20240123001
- CISA Issues Emergency Directive on Ivanti Vulnerabilities - 20240122002
- Trend Micro Deep Security Local Privilege Escalation Vulnerabilities - 20240122001
- Ivanti EPMM and MobileIron Core added to CISA Known Exploited Catalog - 20240119003
- Drupal Releases Patch for DOS Vulnerability - 20240119002
- Oracle Critical Patch Update Advisory - January 2024 - 20240119001
- Citrix Critical Security Advisory - 20240117006
- Paessler patches PRTG zero-day vulnerability - 20240117005
- VMWare Critical Security Advisory - 20240117004
- Google Chrome Zero-Day Vulnerability Patch - 20240117003
- Confluence Data Center and Confluence Server RCE Vulnerability - 20240117002
- Laravel added to CISA Known Exploited Vulnerability Catalog - 20240117001
- SonicWall next-generation firewalls (NGFW) publicly exploitable. - 20240116001
- GitLab Critical Security Advisory - 20240115002
- Blog details Microsoft Visual Studio PoC Exploit - 20240115001
- Juniper Security Bulletin for Junos OS and Junos OS Evolved - 20240112002
- CISA Releases Critical Infrastructure Related Advisories - 20240112001
- Microsoft SharePoint Server Privilege Escalation Vulnerability - 20240111003
- Cisco Unity Connection Security Advisory - 20240111002
- Ivanti Multiple Vulnerabilities Added in CISA Known Exploits List - 20240111001
- CISA Updates Known Exploited Vulnerabilities Catalog - 20240109002
- Ivanti Endpoint Manager Critical Vulnerability - 20240109001
- SSH Servers Vulnerable to New Terrapin Attacks - 20240105002
- CISA adds two known exploited vulnerabilities to catalogue - 20240105001
- Juniper Releases Security Advisory for Juniper Secure Analytics - 20240103002
- Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers - 20240103001
2023 December
- Barracuda ESG Appliance Vulnerability - 20231228001
- Google Chrome Critical Security Updates - 20231221003
- Mozilla Releases Security Updates for Firefox and Thunderbird - 20231221002
- Apple Releases Security Updates for Multiple Products - 20231221001
- Cisco Remote VPN vulnerability - 20231220002
- CISA Releases Critical Infrastructure Related Advisories - 20231220001
- MongoDB Compromise - 20231218004
- CISA Releases Critical Infrastructure Related Advisories - 20231218003
- Fortinet Security Updates for Multiple Products - 20231218002
- Windows MSHTML Platform Remote Code Execution Vulnerability - 20231218001
- Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally - 20231214002
- Cisco Addresses Apache Struts 2 Critical RCE Vulnerability - 20231214001
- Adobe Releases Security Updates for Multiple Products - 20231213004
- Apple Releases Security Updates for Multiple Products - 20231213003
- Microsoft Releases Security Updates for Multiple Products - 20231213002
- Apache Struts 2 Critical RCE Vulnerability - 20231213001
- Mobile Device Unauthenticated Bluetooth Keystroke-Injection - 20231212001
- LogoFAIL attack can install UEFI bootkits through bootup logos - 20231208003
- CISA Publish Joint Advisory on Cyber Actors Exploiting Adobe ColdFusion - 20231208002
- CISA Releases Critical Infrastructure Related Advisory Affecting Multiple Sectors - 20231208001
- Atlassian releases fixes for RCE vulnerabilities in multiple products - 20231207001
- Known Exploited Vulnerability in Adobe ColdFusion - 20231206002
- Qualcomm Multiple Chipsets added to CISA Known Exploited Catalog - 20231206001
- Google Chrome Critical Security Updates - 20231205001
- CISA Publish Joint Advisory on IRGC-Affiliated Cyber Actors Exploiting PLCs - 20231204002
- Apple Releases Security Updates for Multiple Products - 20231204001
- Known Exploited Vulnerability in Google Skia Integer Overflow - 20231201001
2023 November
- Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin - 20231129003
- Several Critical Vulnerabilities associated with ownCloud - 20231129002
- CISA Releases Multiple Critical Infrastructure Related Advisories - 20231129001
- Adobe Releases Security Updates for ColdFusion - 20231124002
- Mozilla Releases Security Updates for Firefox and Thunderbird - 20231124001
- Mozilla Releases Multiple Security Updates - 20231123002
- LockBit 3.0 affiliates exploiting Citrix Bleed added to CISA #StopRansomware Catalog - 20231123001
- Known Exploited Vulnerability - GNU C Library Dynamic Loader - 20231122002
- Juniper Addresses Multiple Vulnerabilities in Secure Analytics - 20231122001
- Sophos Web Appliance Command Injection Vulnerability - 20231117002
- Oracle Fusion Middleware PHP Remote File Inclusion Vulnerability - 20231117001
- Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability - 20231116001
- Fortinet Releases Security Updates for FortiClient and FortiGate - 20231115005
- CISA Adds Three Known Exploited Vulnerabilities to Catalog - 20231115004
- Microsoft Releases October 2023 Security Updates - 20231115003
- VMware Security Update for Cloud Director Appliance - 20231115002
- Citrix Bleed ACT NOW - Ensure Citrix ADC & Netscaler have mitigations applied OR are taken offline - 20231115001
- Juniper Junos OS EX / SRX vulnerabilities - 20231114002
- SysAid Server Path Traversal Known Exploited vulnerability - 20231114001
- Sumo Logic Discovered Evidence of a Potential Security Incident - 20231109002
- Service Location Protocol (SLP) Denial-of-Service Vulnerability - 20231109001
- Known Exploited Vulnerability - Service Location Protocol (SLP) Denial-of-Service - 20231109001
- Atlassian Confluence Data Center and Server Improper Authorization Vulnerability - 20231108001
- New Microsoft Exchange zero-days allow RCE, data theft attacks - 20231106002
- Cisco Releases Security Advisories for Multiple Products - 20231106001
- Mass exploitation of CitrixBleed vulnerability - 20231102002
- Apache ActiveMQ Unauthenticated RCE via Deserialization - 20231102001
- Improper Authorization Vulnerability In Confluence Data Center and Server - 20231101002
- BIG-IP Configuration utility authenticated SQL injection - 20231101001
2023 October
- VMware Tools Local Privilege Escalation and SAML Token Signature Bypass Vulnerabilities - 20231031001
- Apple Releases Security Advisories for Multiple Products - 20231027005
- Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature - 20231027004
- BIG-IP Configuration utility unauthenticated RCE - 20231027003
- Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability - 20231027001
- Mozilla Releases Security Advisories for Multiple Products - 20231026002
- VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities - 20231026001
- Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities - 20231025001
- Three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product - 20231023005
- Oracle Critical Patch Update Advisory - 20231023004
- Juniper Junos OS authentication backdoor - 20231023003
- BIG-IP in Appliance Mode Configuration utility vulnerability - 20231023002
- Apache HTTP Server vulnerabilities fixed in latest update - 20231023001
- Cisco IOS and IOS XE HTTP WebUI - 20231018001
- Fortinet Releases Security Updates for Multiple Products - 20231013001
- Citrix Releases Security Updates for Multiple Products - 20231012003
- Increased Business Email Compromise (BEC) Activity - 20231012002
- Guidance on OSS in IT/ICS Environments - 20231012001
- Microsoft WordPad Information Disclosure Vulnerability - 20231011005
- Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability - 20231011004
- Microsoft Skype for Business Privilege Escalation Vulnerability - 20231011003
- Adobe Acrobat and Reader Use-After-Free Vulnerability - 20231011002
- Hypertext Transfer Protocol version 2 (HTTP/2) Rapid Reset Vulnerability - 20231011001
- Juniper Announce RCE Chain Vulnerability Variation - 20231009002
- Apple releases Critical Updates for Known Exploited vulnerabilities - 20231009001
- WS_FTP Server Critical Vulnerabilities - 20231006002
- Known Exploited Vulnerability - Atlassian Patches Critical Confluence Zero-Day - 20231006001
- UPDATE: Exim MTA Disclose Additional Vulnerabilities - 20231004003
- Known Exploited Vulnerability - Arm Mali GPU Kernel Driver Use-After-Free - 20231004002
- Known Exploit Vulnerability - Google Chrome libvpx Heap Buffer Overflow - 20231004001
- Cisco Releases Advisories for Multiple Products - 20231002007
- Microsoft Sharepoint Server 19 Authentication Bypass PoC - 20231002006
- Known Exploited Vulnerability - Red Hat JBoss RichFaces Framework Expression Language Injection - 20231002005
- (Zero Day) Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability - 20231002004
- Actively Exploited Chrome Zero-Day Patch Released - 20231002003
- Apple Releases Security Updates for Multiple Products - 20231002002
- Cloudflare DDoS protection bypass vulnerability - 20231002001
2023 September
- NSA, FBI, CISA, and Japanese Partners Release Advisory on PRC-Linked Cyber Actors - 20230928002
- Mozilla Releases Advisories for Multiple Products - 20230928001
- ISC Releases Security Advisories for BIND 9 - 20230926003
- Atlassian Addresses Vulnerabilities for Multiple Products - 20230926002
- Tenable Discloses an Authentication Bypass Vulnerability in D-Link D-View 8 - 20230926001
- Increase in QR Code Phishing (Quishing)- 20230922003
- Drupal Core Cache Poisoning - 20230922002
- Known Exploited Vulnerability - Apple Releases Multiple Emergency Security Patches - 20230922001
- Trend Micro Patches Apex One Critical 3rd Party Vulnerability - 20230921002
- FBI and CISA Release Advisory on Snatch Ransomware - 20230921001
- Known Exploited Vulnerability - Laravel Ignition Remote Code Execution - 20230919003
- Samsung Mobile Devices Use-After-Free Vulnerability - 20230919002
- Fortinet Releases Security Updates for Multiple Products - 20230919001
- Chromium WebP Heap-Based Buffer Overflow Critical Vulnerability - 20230918001
- Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability - 20230915001
- Google Chrome Heap-Based Buffer Overflow Vulnerability added to CISA Known Exploited Catalog - 20230914003
- Cisco Unauthorized Access Vulnerability added to CISA Known Exploited Catalog - 20230914002
- Android Privilege Escalation Vulnerability added to CISA Known Exploited Catalog - 20230914001
- Microsoft's September 2023 Patch Tuesday and fixes for two zero-day exploits - 20230913001
- Apple Addresses Zero-Day Exploits for Multiple Products - 20230908003
- Cisco BroadWorks impacted by critical authentication bypass flaw - 20230908002
- Multiple Nation-State Threat Actors Exploit ManageEngine (CVE-2022-47966) and FortiOS (CVE-2022-42475) - 20230908001
- Apache RocketMQ Command Execution Vulnerability - 20230907001
- Infamous Chisel: Mobile Device (Android) Malware Analysis Report - 20230905004
- Apache Tomcat Contains an Open Redirect Vulnerability - 20230905003
- Mozilla Releases Multiple Security Updates for Firefox ESR - 20230905002
- Spring-Kafka Contains a Java Deserialization Vulnerability When Improperly Configured - 20230905001
- CISA Releases IOCs Associated with Malicious Barracuda Activity - 20230901003
- CISA and FBI Publish Joint Advisory on QakBot Infrastructure - 20230901002
- VMware Releases Security Updates for Aria Operations for Networks - 20230901001
2023 August
- Ignite Realtime Openfire Path Traversal Vulnerability added to CISA Known Exploited Catalog - 20230829002
- RARLAB WinRAR Code Execution Vulnerability added to CISA Known Exploited Catalog - 20230829001
- Citrix Products NetScaler ADC and NetScaler Gateway Zero Day Vulnerability - 20230822004
- Ivanti Sentry Administrator Interface API Authentication Bypass - 20230822003
- Cisco Releases Security Advisories for Multiple Products - 20230822002
- Adobe ColdFusion Vulnerability Added to CISA Known Exploited Catalog - 20230822001
- Atlassian-Releases-Security-Update-for-Confluence-Server-and-Data-Center - 20230821001
- Citrix Content Collaboration ShareFile Improper Access Control Vulnerability - 20230818002
- Citrix Content Collaboration ShareFile Improper Access Control Vulnerability - 20230818001
- Sophisticated network attacks and guidance for agencies - 20230816001
- SAP Releases Security Updates for August - 20230815002
- AMD CPU vulnerable to Inception data-leak attacks - 20230815002
- Microsoft .NET Core and Visual Studio Denial of Service Vulnerability - 20230810002
- Downfall and Zenbleed - Modern Processor Attacks - 20230810001
- Secure Cloud Business Applications (SCuBA) Project - 20230809004
- Microsoft Releases Security Updates for Multiple Products - 20230809003
- FortiOS update for buffer overflow vulnerability - 20230809002
- Adobe Releases Important Security Updates For Multiple Products - 20230809001
- Zyxel P660HN-T1A Routers Command Injection Vulnerability - 20230808001
- Mozilla Releases Security Updates for Firefox, Firefox ESR and Thunderbird - 202308001
- CISA Releases IDOR Vulnerability joint Advisory - 20230801001
- Malware Analysis Reports on Barracuda Backdoors - 20230801001
2023 July
- Compromised Microsoft Key - 20230728001
- Unpatched Zyxel Devices are Being Roped Into DDoS Botnets - 20230727003
- Apple Releases Security Updates for Multiple Products - 20230726002
- Zenbleed - AMD Zen2 processors vulnerable to sensitive data leak (CVE-2023-20593)
- Vulnerability in Ivanti Endpoint Manager Mobile (EPMM) - 20230725001
- Vulnerabilities in OpenSSH before 9.3p2 - 20230724002
- On-prem Atlassian Stacks are vulnerable - 20230724001
- Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells - 20230721002
- Adobe ColdFusion Improper Access Control Vulnerability - 20230721001
- An Out-of-Cycle Security Bulletin: Junos OS and Junos OS Evolved - 20230720004
- Adobe Releases Security Updates for ColdFusion - 20230720003
- Oracle Releases Security Updates - 20230720002
- Citrix Releases Security Updates for NetScaler ADC and Gateway - 20230720001
- Citrix Releases Security Updates for NetScaler ADC and Gateway - 20230719001
- Apple security releases - 20230717005
- Cisco SD-WAN vManage Unauthenticated REST API Access Vulnerability - 20230717004
- Adobe Product Security Incident Response Team - 20230717003
- Security Update for Zimbra Collaboration Suite Version 8.8.15 - 20230717002
- Microsoft TI Report for Storm-0987 - 20230717001
- ManageEngine ADAudit Plus Advisory - 20230714003
- BD Alaris System with Guardrails Suite MX - 20230714002
- SolarView Compact Command Injection Vulnerability - 20230714001
- Joint Cybersecurity Advisory (CSA) - 20230713001
- Microsoft Releases Security Updates for Multiple Products - 20230712003
- FortiOS and FortiProxy Critical Vulnerability Patch Released - 20230712002
- Adobe Releases Security Updates for ColdFusion and InDesign - 20230712001
- Android Security Bulletin - 20230711001
- Increase-in-QR-Code-Phishing-Technique - 20230710003
- Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability - 20230710002
- Linux kernel 6.1-6.4 "Stack Rot" Kernel Privilege Escalation- 20230710001
- Mozilla-Security-Advisories - 202307002
- Newly Identified Truebot Malware Variants - 20230707001
- Samsung Mobile Devices Unspecified Vulnerability - 20230703005
- Samsung Mobile Devices Unspecified Vulnerability - 20230703005
- Samsung Mobile Devices Race Condition Vulnerability - 20230703004
- Samsung Mobile Devices Race Condition Vulnerability - 20230703003
- Samsung Mobile Devices Improper Input Validation Vulnerability - 20230703002
- Samsung Mobile Devices Out-of-Bounds Read Vulnerability - 20230703001
2023 June
- D-Link DWL-2600AP Access Point Command Injection Vulnerability - 20230630006
- Defending Continuous Integration/Continuous Delivery (CI/CD) Environments - 20230630005
- D-Link DIR-859 Router Command Execution Vulnerability - 20230630005
- Medtronic Paceart Optima System - 20230630004
- Microsoft Teams Vulnerability Allows External Sources to Send Files to Employees - 20230630003
- Harden Systems Against BlackLotus Bootkit Malware - 20230630-002
- iPhone bugs abused in spyware attacks - 20230630001
- Apple Releases Security Updates for Multiple Products - 20230627004
- ISC Releases Security Advisories for Multiple Versions of BIND 9 - 20230627003
- Juniper Networks Releases Security Advisory for Junos OS and Junos OS Evolved - 20230627002
- VMware Releases Security Updates for for vCenter Server and Cloud Foundation - 20230627001
- Ivanti Endpoint Manager Vulnerability - 20230626003
- Firefox SVG Animation Remote Code Execution - 20230626002
- Microsoft Win32k Privilege Escalation Vulnerability - 20230626001
- VMware Aria Operations for Networks Command Injection Vulnerability - 20230623002
- Roundcube Webmail Active Exploits - 20230623002
- Western Digital 'My Cloud' Remote Code Execution - 20230623001
- ASUS Urges Customers To Patch Critical Router Vulnerabilities - 20230622001
- FortiOS & FortiProxy - Heap buffer overflow in sslvpn pre-authentication - 20230620004
- SAP High-Severity Vulnerabilities June 2023 - 20230620003
- WooCommerce Stripe Gateway WordPress Vulnerability - 20230620001
- Threat Actors Exploit Progress Telerik Vulnerabilities in Multiple U.S. Government IIS Servers UPDATE - 20230619001
- Update: MOVEit Transfer Critical Vulnerability - 20230616002
- Barracuda Networks Releases Update to Address ESG Vulnerability - 20230616001
- Understanding Ransomware Threat Actors: LockBit - 20230615003
- Understanding Ransomware Threat Actors: LockBit - 20230615003
- CISCO Releases Security Advisories for Multiple Products - 20230615001
- SEO poisoning targeting public sector (Gootloader) Advisory - 20230615002
- Mitigating Risk from Internet-Exposed Management Interfaces - 20230615001
- Microsoft Releases June 2023 Security Updates - 20230614002
- Fortinet Releases June 2023 Vulnerability Advisories - 20230613002
- Adobe Releases Security Updates for Multiple Products - 20230613001
- Barracuda Email Security Gateway (ESG) Vulnerability Update - 20230612002
- Fortinet fixes critical RCE in Fortigate SSL-VPN devices - 20230612001
- Mozilla Releases Security Updates for Firefox Products - 20230609003
- CL0P Ransomware Campaign - 20230609002
- VMware Releases Security Update for Aria Operations for Networks - 20230609001
- Google Chrome Vulnerability - 20230607001
- HID Global SAFE Vulnerability - 20230302002
- MOVEit Transfer Critical Vulnerability - 20230602001
2023 May
- Lazarus Group Targeting Windows IIS Web Servers - 20230531003
- Advantech WebAccess/SCADA Vulnerability - 20230531002
- Mirai Variant Targeting Multiple IoT Devices - 20230531001
- WordPress Plugin 'Beautiful Cookie Consent Banner' Under Active Exploitation - 20230529002
- Barracuda Security Gateway appliance vulnerability - 20230529001
- Detection Guidance for Volt Typhoon - 20230525001
- CISA Industrial Control Systems Advisories, May 23 - 20230524001
- Three Known Exploited Apple Vulnerabilities - 20230523001
- Hunting Russian Intelligence “Snake” Malware | CISA - 20230522001
- CISA Industrial Control Systems Advisories, May 16 - 20230517001
- CISA Industrial Control Systems Advisories - 20230512001
- TechnologyOne investigates 'cyber incident' on M365 system - 20230510004
- cPanel Exploit Vulnerability - 20230510003
- Win32k Elevation of Privilege Vulnerability - 20230510002
- Microsoft has Released Security Updates for May 2023 - 20230510001
- Artificial Intelligence Usage in the Western Australian Government - 20230509001
- ALPHV (aka BlackCat) Ransomware Activity - 20230503001
- Apache Log4j2 Deserialization of Untrusted Data Vulnerability - 20230502002
- Oracle WebLogic Server Unspecified Vulnerability - 20230502001
- VMware Workstation and Fusion updates address multiple security vulnerabilities - 20230501007
- EDR Bypass Technique 'Aukill' - 20230501006
- Oracle Critical Patch Update Advisory - April 2023 20230501005
- Oracle Critical Patch Update Advisory - April 2023 20230501005
- Zyxel OS Command Injection Vulnerability - 20230501004
- Cisco Industrial Network Director Vulnerabilities - 20230501003
- Cisco Prime Collaboration Deployment Cross-Site Scripting Vulnerability - 20230501002
- Apache Superset Vulnerability Exposes Servers to RCE Attacks - 20230501001
2023 April
- ICSMA-23-117-01 Illumina Universal Copy Service - 20230428001
- Service Location Protocol (SLP) Abuse May Lead to DoS Attack - 20230427001
- SolarWinds Platform Command Injection Vulnerability - 20230426009
- Multiple VMware Aria Operations for Logs Vulnerabilities - 20230426008
- Drupal Releases Security Advisory for Bypass Vulnerability in Drupal Core - 20230426007
- Oracle Releases Security Updates - 20230426005
- MinIO Information Disclosure Vulnerability - 20230426004
- PaperCut MF/NG Improper Access Control Vulnerability - 20230426003
- Google Chrome Skia Integer Overflow Vulnerability - 20230426002
- Cisco Releases Security Advisories for Multiple Products - 20230426001
- Supply Chain Attack Against 3CXDesktopApp - 20230421003
- Schneider UPS Online Monitoring Software Vulnerability - 20230419002
- APT28 Exploits Known Vulnerability on Cisco Routers - 20230419001
- Google Chromium V8 Engine Type Confusion Vulnerability - 20230418002
- Apple macOS Use-After-Free Vulnerability - 20230418001
- Microsoft Releases Guidance for the BlackLotus Campaign - 20230413006
- Adobe Releases Security Updates for Multiple Products - 20230413005
- Microsoft Releases April 2023 Security Updates - 20230413004
- Fortinet April 2023 Vulnerability - 20230413003
- Mozilla Releases Security Advisories for Multiple Products - 20230413002
- Apple Releases Security Updates for Multiple Products - 20230413001
- Windows Common Log File System Driver Elevation of Privilege Vulnerability - 20230412001
- Sophos Vulnerability - 20230411006
- Apple Vulnerability - 20230411005
- Arm Mali GPU Kernel Driver Information Disclosure Vulnerability - 20230411004
- Windows Certificate Dialog Elevation of Privilege Vulnerability - 20230411003
- Veritas Backup Exec Agent Vulnerabilities - 20230411002
- Cisco Releases Security Advisories for Multiple Products - 20230411001
- CISA ICS Advisory: Hitachi Energy IEC 61850 MMS-Server - 20230405001
- QNAP Vulnerability in QTS and QuTS hero - 20230403001
2023 March
- Apple Releases Security Updates for Multiple Products - 20230331003
- CISA Adds Known Exploited Vulnerabilities to Catalog - 20230331002
- GoAnywhere Active Campaign - 20230331001
- 3CX Active Intrusion Campaign - 20230330001
- Adobe ColdFusion Security Updates - 20230327003
- Update for Microsoft Outlook Elevation of Privilege Vulnerability - 20230327002
- Veeam Backup & Replication Vulnerability - 20230327001
- Cisco Releases Security Advisories for Multiple Products - 20230324002
- Ransomware - LockBit 3.0 IOC's and TTP's - 20230317002
- Honeywell OneWireless Device Manager Vulnerability - 20230317001
- Drupal Core Access bypass vulnerability - 20230317001
- Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server - 20230316004
- Adobe Releases Security Updates for Multiple Products - 20230316003
- Mozilla Releases Security Updates for Firefox 111 and Firefox ESR 102.9 - 20230316002
- Microsoft March 2023 Security Updates - 20230316
- Fortinet FortiOS Path Traversal Vulnerability - 20230315004
- Windows SmartScreen Security Feature Bypass Vulnerability - 20230315003
- Microsoft Internet Control Message Protocol (ICMP) Remote Code Execution (RCE) Vulnerability- 20230315002
- Microsoft Outlook Elevation of Privilege Vulnerability - CVE-2023-23397
- XStream Remote Code Execution (RCE) Vulnerability - 20230314002
- Plex Media Server Remote Code Execution (RCE) Vulnerability - 20230314001
- Apache Spark Command Injection Vulnerability - 20230308003
- Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability - 20230308002
- Fortinet Vulnerabilities for FortiOS / FortiProxy / Buffer underflow in administrative interface - 20230308001
- Medtronic Micro Clinician and InterStim Apps - 20230303002
- Cisco IP Phone Web UI Vulnerabilities - 20230303001
2023 February
- VMware Releases Security Updates for Carbon Black App Control - 20230227005
- Cisco Security Advisories for Multiple Products - 20230227004
- Fortinet Releases Security Updates for Multiple Products - 20230227003
- Mozilla Releases Security Updates for Thunderbird 102.8 - 20230227002
- IBM Aspera Faspex 4.4.2 Patch Level 1 - 20230227001
- Cacti Command Injection Vulnerability - 20230217002
- Cisco Releases Security Advisories for Multiple Products - 20230217001
- Citrix Security Updates for Workspace Apps, Virtual Apps and Desktops - 20230215005
- Adobe Releases Security Updates for Multiple Products - 20230215004
- Microsoft February 2023 Security Updates - 20230215003
- Mozilla Releases Security Updates for Firefox 110 and Firefox ESR - 20230215002
- Apple Releases Security Updates for Multiple Products - 20230215001
- Security Patch Update for Secret Server 11.3.000003 - 20230209001
- VMware ESXiArgs Ransomware Recovery Script Release - 20230208001
- VMware ESXi servers targetted by ESXiArgs ransomware - 20230206001
- CISA Releases Oracle E-Business Suite & SugarCRM Known Vulnerabilities Updates - 20230203003
- Drupal Apigee Edge Security Vulnerability Update - 20230203002
- VMware vRealize Operations (vROps) CSRF Bypass Vulnerability - 20230203001
- Multiple Internet Systems Consortium (ISC) BIND 9 Security Advisories - 20230201001
2023 January
- Telerik UI for ASP.NET AJAX Known Vulnerability - 20230127002
- CISA Releases Eight Industrial Control Systems Advisories - 20230127001
- CISA Releases Two Industrial Control Systems Advisories - 20230125002
- Apple Releases Security Updates for Multiple Products - 20230125001
- ManageEngine RCE Vulnerability Known Exploitation - 20230124001
- Mozilla Releases Critical Security Updates - 20230123002
- Drupal Address Multiple Vulnerabilities - 20230123001
- Drupal Address Multiple Vulnerabilities - 20230123001
- UPDATE: Sophos Firewall Critical Vulnerability - 20230120001
- Resurgence of SEO Poisoning - 20230119001
- Increased Events from Threat Activity Group DEV-0867 - 20230118001
- Zoom Rooms Local Privilege Escalation Vulnerability - 20230117004
- FortiOS Heap-Based Buffer Overflow in SSL-VPN - 20230117003
- CISCO Prime DCNM File Information Disclosure Vulnerability - 20230117002
- CISCO VPN Router Web-Based Interface Vulnerability - 20230117001
- Juniper Networks Releases Security Updates for Multiple Products - 20230113002
- Drupa Private Taxonomy Vulnerability Security Update - 20230113001
- Microsoft Exchange Server and Windows Vulnerabilities - 20230111003
- Adobe Security Updates for Multiple Products - 20230111002
- Microsoft January 2023 Security Updates - 20230111001
- Number Matching in Multifactor Authentication - 20230110001
- Centos Web Panel 7 Unauthenticated Remote Code Execution (RCE) - 20230109003
- ManageEngine SQL Injection Vulnerability - 20230109002
- Synology-SA-22:25 SRM Vulnerability - 20230109001
- FortiADC Command Injection Vulnerability - 20230105001
- TIBCO JasperReports Server Vulnerability - 20230104002
- TIBCO JasperReports Library Vulnerability - 20230104001
2022 December
- UPDATED ADVISORY - Fortinet Vulnerabilities for FortiOS / FortiProxy / FortiSwitchManager - 20221228001
- Apple critical security updates - 20221223002
- New Exploit Method for Bypassing ProxyNotShell Mitigations - 20221223002
- Lastpass breach update (ACTION NEEDED: customer details and vaults accessed in November 2022) - 20221223001
- Samba Security Release Updates - 20221219001
- Apple iOS Type Confusion vulnerability - 20221216004
- Veeam Backup & Replication security updates - 20221216003
- Microsoft Defender SmartScreen Security Feature Bypass Vulnerability - 20221216002
- Drupal Security Updates for H5P and File(Field) Paths - 20221216001
- Critical vulnerabilities in Citrix Gateway and Application Delivery Controller (ADC) devices - 20221215001
- Mozilla Security Updates for Thunderbird and Firefox - 20221214002
- VMWare Critical Security Updates - 20221214001
- Fortinet Vulnerabilities for FortiOS / FortiProxy / FortiSwitchManager - 20221213001
- Cisco Releases Security Advisory for IP Phone 7800 and 8800 Series - 20221212001
- UPDATED ADVISORY - SEO poisoning targeting public sector (Gootloader) - 20221208003
- Sophos Release Patch for Seven "Sophos Firewall" CVE's - 20221208003
- Chromium V8 Type Confusion Vulnerability - 20221208001
- ACSC December 2022 ISM and E8 Updates - 20221202001
2022 November
- Google Chrome Vulnerability - 20221129003
- Fusion Middleware Vulnerability - 20221129002
- Boa Web Server Vulnerabiltiy - 20221128001
- Suspicious Gmail accounts targeting Victorian Government - 20221125001
- NSA - Software Memory Safety - 20221124001
- Cisco Security Updates for Identity Services Engine - 20221123002
- Samba Security Update - 20221123001
- Mozilla Releases Security Updates for Multiple Products - 20221122001
- F5 BIG-IP and iControl REST Vulnerabilities and Exposures - 20221117001
- Microsoft Windows: Multiple known exploited vulnerabilities - 202211100002
- Citrix Security Bulletin (Gateway and ADC) - 202211100001
- OpenSSL 3.0.x affected by two high severity vulnerabilities- 202211030001