EHA
Hackers launched 250,000+ Attacks to Exploit Ivanti VPN 0-Day

Hackers launched 250,000+ Attacks to Exploit Ivanti VPN 0-Day

Ivanti Connect Secure vulnerabilities were disclosed in January 2024 as a potential gateway for threat actors to penetrate corporate networks. The two vulnerabilities, CVE-2023-46805 and CVE-2024-21887 were associated with authentication bypass and arbitrary command...
Google Chrome Zero-day Exploited in the Wild: Patch Now!

Google Chrome Zero-day Exploited in the Wild: Patch Now!

Google has released urgent upgrades to fix the Chrome zero-day high-severity vulnerability that has been widely exploited, which could lead to software crashes or arbitrary code execution. To address the actively exploited zero-day vulnerability, the...
Apple Urgently Patches Zero-day Flaw Exploited in the Wild

Apple Urgently Patches Zero-day Flaw Exploited in the Wild

Apple has released an emergency security update for patching two actively exploited zero-day vulnerabilities on iOS. The vulnerabilities were discovered earlier this month and are tracked as CVE-2023-42916, and CVE-2023-42917 affected many Apple products. The...
Hackers Exploiting Zimbra 0-day to Attack Government Organizations

Hackers Exploiting Zimbra 0-day to Attack Government Organizations

Zimbra Collaboration is an open-source solution software suite with an email server and web client for collaboration.  Over 5,000 companies and public sector users, along with hundreds of millions of end-users in more than 140...
SysAid Server Zero-Day

MOVEit Hackers Turn to SysAid Servers Zero-Day Vulnerability

As previously reported, SysAid disclosed a zero-day issue affecting on-premises SysAid servers. The vulnerability was found to be a path traversal vulnerability and was given CVE-2023-47426. Additionally, SysAid stated that there were reports of Lace...
SideCopy APT group Exploiting WinRAR Zero-Day to Deliver Ares RAT

SideCopy APT group Exploiting WinRAR Zero-Day to Deliver Ares RAT

SideCopy, the Pakistani-based threat actor, has been using the WinRAR vulnerability (CVE-2023-38831) to target Indian government entities for delivering multiple RATs (Remote Access Trojans) like AllaKore RAT, Ares RAT, and DRat. The threat actor has...
Exploit Cisco IOS Zero-day

Exploit Released for Cisco IOS XE Zero-day Vulnerability

Cisco was reported with a critical vulnerability last week, which has been actively exploited by threat actors in the wild. The vulnerability was assigned with the CVE-2023-20198 and was given a severity rating of...
Zero-Day Vulnerabilities

Over 700 Zero-Day Vulnerabilities Identified in Q3 2023: Mitigation Methods on WAAP 

The term "zero-day" indicates no time between developers discovering a vulnerability and attackers exploiting it.    According to the Indusface zero-day vulnerability report, over 700 0-day vulnerabilities were identified in Q3, 2023.   This blog outlines the risks...
Hackers Exploit Roundcube Zero-day to Attack Government Email Servers

Hackers Exploit Roundcube Zero-day to Attack Government Email Servers

Hackers usually opt for zero-day vulnerabilities because they are not publicly known, making them more difficult for defenders to patch or protect against.  This gives hackers an advantage by exploiting a flaw before it's discovered...
Atlassian Zero-Day Flaw Under Attack

CISA, FBI Warns of Critical Atlassian Zero-Day Flaw Under Active Attack

A serious security flaw in some versions of Atlassian Confluence Data Center and Server has been exploited by hackers.  They have used this flaw to create fake admin accounts and access Confluence servers. This flaw is...

Managed WAF

Website

Latest News