Apple released new emergency security updates on Wednesday to patch two new zero-day vulnerabilities known to be exploited in attacks.
Australian software company Atlassian released emergency security updates to fix a maximum severity zero-day vulnerability in its Confluence Data Center and Server software, which has been exploited in attacks.
Google has released the October 2023 security updates for Android, addressing 54 unique vulnerabilities, including two known to be actively exploited.
Qualcomm is warning of three zero-day vulnerabilities in its GPU and Compute DSP drivers that hackers are actively exploiting in attacks.
Ransomware gangs are now targeting a recently patched critical vulnerability in JetBrains' TeamCity continuous integration and deployment server.
Over the weekend, security researchers released a proof-of-concept (PoC) exploit for a maximum severity remote code execution vulnerability in Progress Software's WS_FTP Server file sharing platform.
Arm in a security advisory today is warning of an actively exploited vulnerability affecting the widely-used Mali GPU drivers.
Google has patched the fifth Chrome zero-day vulnerability exploited in attacks since the start of the year in emergency security updates released today.
Hackers are actively exploiting a high-severity vulnerability in Openfire messaging servers to encrypt servers with ransomware and deploy cryptominers.
Apple released emergency security updates to patch three new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 16 zero-days patched this year.
Trend Micro fixed a remote code execution zero-day vulnerability in the Trend Micro's Apex One endpoint protection solution that was actively exploited in attacks.
Apple released security updates for older iPhones to fix a zero-day vulnerability tracked as CVE-2023-41064 that was actively exploited to infect iOS devices with NSO's Pegasus spyware.
The September 2023 Android security updates tackle 33 vulnerabilities, including a zero-day bug currently targeted in the wild.
Hackers are exploiting two recent MinIO vulnerabilities to breach object storage systems and access private information, execute arbitrary code, and potentially take over servers.
Hackers have started using a critical exploit chain to target Juniper EX switches and SRX firewalls via their Internet-exposed J-Web configuration interface.
Proof-of-concept exploit code is now available for a critical Ivanti Sentry authentication bypass vulnerability that enables attackers to execute code remotely as root on vulnerable systems.
Thousands of Openfire servers remain vulnerable to CVE-2023-32315, an actively exploited and path traversal vulnerability that allows an unauthenticated user to create new admin accounts.
A WinRar zero-day vulnerability tracked as CVE-2023-38831 was actively exploited to install malware when clicking on harmless files in an archive, allowing the hackers to breach online cryptocurrency trading accounts.
US-based IT software company Ivanti warned customers today that a critical Sentry API authentication bypass vulnerability is being exploited in the wild.
CISA is warning that a critical Citrix ShareFile secure file transfer vulnerability tracked as CVE-2023-24489 is being targeted by unknown actors and has added the flaw to its catalog of known security flaws exploited in the wild.