Attackers hit React defect as researchers quibble over proof
A debate over actual exploitation is muddying response efforts. Multiple researchers say they’ve observed working proof of concepts while others assert evidence of attacks is lacking.
Advertisement
watchTowr
Developers scramble as critical React flaw threatens major apps
The open-source code library is one of the most extensively used application frameworks. Wiz found vulnerable versions in around 39% of cloud environments.
Fortinet’s delayed alert on actively exploited defect put defenders at a disadvantage
The security vendor silently patched a vulnerability, but did not assign the flaw a CVE or publicly disclose its existence until 17 days later. By then, widespread…
Attackers bypass patch in deprecated Windows Server update tool
Microsoft addressed the critical vulnerability earlier this month, but had to issue an emergency update to resolve issues it previously missed.
Dozens of Oracle customers impacted by Clop data theft for extortion campaign
Researchers said malicious activity dates back to early July and active exploitation was observed two months ago.