Security Intelligence
3CX Supply Chain Compromise
On 30 March 2023, business communication solutions and software provider 3CX reported that their product was breached...
Security Intelligence
LastPass breach
LastPass password management service detailed new findings related to its August 2022 data breach. Read about these...
Security Intelligence
Two high-severity flaws fixed in OpenSSL
On 1 November 2022, the OpenSSL project released OpenSSL version 3.0.7 to address two high-severity security issues.
Security Intelligence
Details for a critical vulnerability in Apache Commons Text published
Apache Software Foundation published details on a critical vulnerability in the Apache Commons Text library, fixed in...
Security Intelligence
Threat actors targeting Microsoft Exchange instances that have no patch available
Microsoft published an advisory providing a workaround for two unpatched flaws in Microsoft Exchange Server 2013, 2016,...
Security Intelligence
Microsoft’s September 2022 updates include 63 fixes and one actively exploited flaw
On 13 September 2022, Microsoft released updates to address 63 vulnerabilities; five ‘Critical’, two publicly...
Security Intelligence
Apple issues August 2022 out-of-band security update
Apple issued an emergency security update for vulnerabilities affecting multiple devices, noting that they are already...
Security Intelligence
Oracle Critical Patch Update addresses 349 flaws
Oracle issued a Critical Patch Update fixing 349 vulnerabilities; many of these can be used for remote execution of...
Security Intelligence
Details on Microsoft Windows protocol handlers’ abuse publicly available
Researchers exploring how Windows protocol handlers can be abused for malicious purposes by referencing specially...
Security Intelligence
Microsoft’s May 2022 updates include 75 fixes and one actively exploited flaw
On 10 May 2022, Microsoft released updates to address 75 vulnerabilities; eight critical, three publicly disclosed, and...
Security Intelligence
Threat actors exploit 2022 Windows Print Spooler flaws
During March and April 2022, the US CISA added two Windows Print Spooler vulnerabilities to its Known Exploited...
Security Intelligence
Threat actors scanning for vulnerable spring applications
In late March 2022, open-source reporting indicated that threat actors have been targeting a critical vulnerability in...