China-backed espionage group hits Ivanti customers again
UNC5221 has a knack for exploiting defects in Ivanti products. The group has exploited at least four vulnerabilities in the vendor’s products since 2023, according to Mandiant.
Advertisement
vulnerability
Researchers raise alarm about critical Next.js vulnerability
The software defect in the widely used open-source JavaScript framework allows attackers to bypass middleware-based authorization.
Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day
Trend Micro researchers discovered and reported the eight-year-old defect to Microsoft six months ago. The company hasn’t made any commitments to patch or remediate the issue.
Edge device vulnerabilities fueled attack sprees in 2024
The most consequential cyberattacks observed by Darktrace last year were linked to software defects in firewalls and perimeter network technologies.
Android warns of Qualcomm exploit in latest security bulletin
The November security bulletin includes two CVE's reportedly exploited in the wild.
GitHub patches critical vulnerability in its Enterprise Servers
The “severe” flaw could allow attackers full access to instances.
Advertisement
Malicious packages in open-source repositories are surging
The open-source ecosystem is being overrun by malicious packages, a new report from Sonatype finds.
Printer bug sends researchers into uproar, affects major Linux distros
The vulns would allow attackers to run any commands on targeted computers without user knowledge. But it would take a lot of work to get to that…
CISA warns of hackers exploiting bug for end-of-life Ivanti product
Ivanti's Cloud Service Appliance has a "high severity vulnerability" being exploited in the wild.
VMWare releases Fusion vulnerability with 8.8 rating
The company issued a patch for the high-severity bug that allows arbitrary code execution.