Active Exploitation – TheCyberThrone

Microsoft Sharepoint Server CVE-2024-38094 Exploited

Threat actors have exploited a vulnerability in Microsoft SharePoint Server, identified as CVE-2024-38094, allowing them to gain complete domain access and compromise critical systems. The Rapid7 incident response team has…

PravinKarthik November 1, 2024

Microsoft Flaw CVE-2024-38193 exploited by Lazarus Group

During this month patch Tuesday, microsoft addressed nearly 90 flaws, some of which have already been exploited by hackers. One specific vulnerability, CVE-2024-38193 with a CVSS score of 7.8, is…

PravinKarthik August 20, 2024

Cisco Semi-annual Security Advisory Summary

Cisco has released its latest semi-annual Security Advisory Bundled Publication. It detailed eight vulnerabilities affecting its IOS and IOS XE operating systems, among them CVE-2023-20109, an out-of-bounds write issue which…

PravinKarthik September 29, 2023

Paper Cut Vulnerability New Explotation Method

Researchers have found a method to exploit a recently disclosed critical flaw in PaperCut servers in a manner that bypasses all current detections. The vulnerability tracked as CVE-2023-27350, the issue affects…

PravinKarthik May 7, 2023

CISA KEV Update Part IV – March 2023

The U.S. CISA has added a critical vulnerability in Adobe ColdFusion, tracked as CVE-2023-26360 with a CVSS score: 8.6, to its Known Exploited Vulnerabilities Catalog. Adobe as a part of routine patch tuesday, released…

PravinKarthik March 16, 2023

Recently patched VMware Bug exploited in wild

Security researchers at Barracuda discovered series of attempts were made to exploit the recent vulnerabilities CVE-2022-22954 and CVE-2022-22960, both reported last month. PoC exploitation that available in GitHub recently announced VMware bugs is being…

PravinKarthik May 18, 2022

CISA Known Exploited Vulnerability Catalog Update

CISA has added thirteen new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of…

PravinKarthik December 11, 2021

CISA “Must Patch” List Updation

The U.S. CISA has updated its catalog of “known exploited vulnerabilities” and set deadlines for federal agencies to apply fixes for security defects in software made by Qualcomm, Mikrotik, Zoho…

PravinKarthik December 6, 2021