Microsoft’s April 2024 Patch Tuesday Addresses 147 CVEs (CVE-2024-29988)
April 9, 2024Microsoft addresses 147 CVEs in its April 2024 Patch Tuesday release with three critical vulnerabilities and no zero-day or publicly disclosed vulnerabilities.
Microsoft’s February 2024 Patch Tuesday Addresses 73 CVEs (CVE-2024-21351, CVE-2024-21412)
February 13, 2024Microsoft addresses 73 CVEs, including three zero-day vulnerabilities that were exploited in the wild.
CVE-2024-21762: Critical Fortinet FortiOS Out-of-Bound Write SSL VPN Vulnerability
February 9, 2024Fortinet warns of “potentially” exploited flaw in the SSL VPN functionality of FortiOS, as government agencies warn of pre-positioning by Chinese state-sponsored threat actors in U.S. critical infrastructure through exploitation of known vulnerabilities
CVE-2023-29357, CVE-2023-24955: Exploit Chain Released for Microsoft SharePoint Server Vulnerabilities
September 27, 2023A proof-of-concept exploit chain has been released for two vulnerabilities in Microsoft SharePoint Server that can be exploited to achieve unauthenticated remote code execution.
Microsoft’s September 2023 Patch Tuesday Addresses 61 CVEs (CVE-2023-36761)
September 12, 2023Microsoft addresses 61 CVEs including two vulnerabilities that were exploited in the wild
AA23-250A: Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
September 7, 2023A joint Cybersecurity Advisory examines the exploitation of two critical vulnerabilities by nation-state threat actors.
AA23-215A: 2022's Top Routinely Exploited Vulnerabilities
August 3, 2023A joint Cybersecurity Advisory collaborated on by multiple international agencies highlights the top routinely exploited vulnerabilities of 2022.
CVE-2023-35078: Ivanti Endpoint Manager Mobile (EPMM) / MobileIron Core Unauthenticated API Access Vulnerability
July 25, 2023Critical vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks
FAQ for MOVEit Transfer Vulnerabilities and CL0P Ransomware Gang
June 16, 2023Frequently asked questions relating to vulnerabilities in MOVEit Transfer, including one that was exploited by the prolific CL0P ransomware gang.
CVE-2023-20887: VMware Aria Operations for Networks Command Injection
June 14, 2023VMware issues advisory to address three flaws in its VMware Aria Operations for Networks solution, including a critical command injection flaw assigned a CVSSv3 score of 9.8.
Microsoft’s June 2023 Patch Tuesday Addresses 70 CVEs (CVE-2023-29357)
June 13, 2023Microsoft addresses 70 CVEs in its June 2023 Patch Tuesday update including six rated as critical.
Volt Typhoon: International Cybersecurity Authorities Detail Activity Linked to Chinese-State Sponsored Threat Actor
May 25, 2023Several international cybersecurity authorities from the United States, United Kingdom, Australia, Canada and New Zealand issue a joint advisory detailing tactics, techniques and procedures used in recent attacks by a Chinese state-sponsored threat actor.