Visual Studio Bug Results in Takeover
Researchers come up with a warning about a bug in Microsoft Visual Studio installer that gives attackers a way to create and distribute malicious extensions to application developers under the…
CISA KEV Catalog Update -Part IV -February 2023
The US CISA has added another set of actively exploited flaws to its Known Exploited Vulnerabilities Catalog. CVE-2022-47986 with a CVSS score: 9.8 – IBM Aspera Faspex Code Execution Vulnerability:…
MotW Windows Exploit receives unofficial patch
0patch released an unofficial patch for an actively exploited security vulnerability in Microsoft Windows that allows bypassing Mark-of-the-Web (MotW) protections by using files signed with malformed signatures. The issue affects…
Zimbra flaw actively exploited
An unpatched code execution vulnerability in the Zimbra Collaboration software is under active exploitation by attackers using the attacks to backdoor servers. The attacks began no later than September 7,…
WPGateway -Zeroday exploit affects 2.8M sites
WPGateway a popular WordPress plugin has been under attack due to Zero-Day Vulnerability and is actively exploited potentially allowing malicious actors to completely take over affected sites. The WPGateway plugin…
WordPress BackupBuddy Plugin Exploit affects 140K Sites
Users of WordPress websites running BackupBuddy(plugin to take WordPress websites backup) have been urged to update the plugin amid reports of active exploitation of a high severity arbitrary file download/read…
Follina ZeroDay evades Microsoft Defender
Hackers are exploiting a vulnerability in Microsoft Office that enables them to fetch malicious code without detection in a multi-stage attack. The exploit, dubbed named Follina, abuses the remote template…
Unplug Sonicwall EOL
SonicWall has warned that its older Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) gateways are being attacked in the wild by crooks to spread ransomware and…