Take action on the latest cybersecurity events

Cybersecurity advisories and events as they happen, with a clear action you can take.

OpenCms, a Java framework by Alkacon Software, is impacted by a critical unauthenticated XXE vulnerability (CVE-2023-42344, CVSS 9.8) in versions 9.0.0 to 10.5.0, allowing attackers to execute remote code through manipulated file uploads, with an upgrade to version 10.5.1 recommended for mitigation.
Microsoft's Edge browser update 120.0.2210.61 addresses several vulnerabilities, including the critical CVE-2023-35618 allowing potential sandbox escape and code execution, and two less severe information disclosure issues, along with a privacy policy change enabling forwarding of search histories to third parties unless manually disabled.
The "5Ghoul" attack exploits critical vulnerabilities in Qualcomm and MediaTek 5G modems, affecting numerous 5G smartphones, routers, and USB modems, with risks including service disruptions and unauthorized network access, and responses from vendors include security bulletins and patches, though their distribution may be delayed.
The Apache Struts project has updated its framework to fix a critical remote code execution vulnerability (CVE-2023-50164) in versions 2.0.0 to 2.5.32 and 6.0.0 to, urging developers to upgrade immediately to the patched versions 2.5.33 and
The LogoFAIL cybersecurity threat, identified as a significant risk to most Windows and Linux devices, allows attackers to execute undetectable malicious code during boot-up by exploiting flaws in UEFI. The attack can affecti a wide range of devices across multiple CPU ecosystems, with patches varying by manufacturer.
WordPress's 6.4.2 update addresses a critical vulnerability in versions 6.4 and 6.4.1 related to HTML parsing, which could allow attackers to execute arbitrary PHP code on websites, particularly when combined with certain plugins in multisite installations.
Atlassian has released updates to fix four critical vulnerabilities in its software, including deserialization issues and remote code execution flaws in various products, advising users to urgently update to specified versions to prevent potential exploitation.
Security researchers have identified 21 critical vulnerabilities in Sierra OT/IoT routers, including remote code execution and unauthorized access, affecting Sierra Wireless AirLink and open-source components. Shodan search revealing over 86,000 vulnerable routers mainly in the U.S., and security researchers recommend upgrading to ALEOS version 4.17.0 and additional security measures.
The CVE-2023-6269 vulnerability in Atos Unify's OpenScape suite, rated CVSS 10, allows unauthorized root access via SSH due to an administrative web interface flaw, affecting various versions of OpenScape SBC, Branch, and BCF products, with updates and security measures recommended for mitigation.
Security experts discovered a critical vulnerability (CVE-2023-6316, CVSS3 score 9.8) in the MW WP Form plugin for WordPress, allowing unauthenticated attackers to upload and execute harmful files, impacting versions up to 5.0.1.