Take action on the latest cybersecurity events

Cybersecurity advisories and events as they happen, with a clear action you can take.

Google has identified a "critical security vulnerability" in Android (CVE-2023-40088) that enables remote code execution without extra privileges and plans to release a patch compatible with Android versions 11 to 14 in the next two days.
The Joomla! Project has released an update to address a vulnerability CVE-2023-40626 in versions 1.6.0-4.4.0 and 5.0.0. The flaw could allow attackers to access sensitive variables like database passwords. Joomla project is recommending an upgrade to versions 3.10.14-elts, 4.4.1, or 5.0.1.
Splunk Enterprise faces a high-severity vulnerability (CVE-2023-46214) due to inadequate sanitization of user-supplied XSLT, affecting multiple versions and possibly leading to remote code execution, with mitigation steps including upgrading to safer versions or modifying the web.conf configuration file.
VMware fixed a critical vulnerability (CVE-2023-34060) in Cloud Director Appliance 10.5, which allowed remote exploitation without user interaction and was unpatched for over two weeks. The patch is now available in version 10.5.1 and a temporary workaround was provided in the interim.
Apple issued critical security updates for iOS, MacOS and Safari, to address two new zero-day vulnerabilities CVE-2023-42916 and CVE-2023-42917 in the WebKit browser engine on IPhone, Macs and iPads.
Zyxel has issued an alert about critical security vulnerabilities in its NAS326 and NAS542 devices, which could allow unauthorized access and control, advising users to urgently update their firmware to specific versions as the primary solution.
Security researchers have released PoCs for three critical vulnerabilities (CVE-2023-41998, CVE-2023-41999, CVE-2023-42000) in Arcserve's UDP solution, which pose high risks (CVSS3 score 9.8) and can lead to unauthorized remote access and file uploads, prompting Arcserve to advise users to upgrade to or patch UDP version 9.2.
Google has released an urgent Chrome update to fix several vulnerabilities, including the actively exploited CVE-2023-6345, related to an integer overflow in the Skia graphics library, and other issues in Spellcheck, Mojo, WebAudio, and libavif, with updated versions rolling out for Mac, Linux, and Windows.
Critical Vulns Found in Ray Open Source Framework for AI/ML WorkloadsCritical Vulns Found in Ray Open Source Framework for AI/ML Workloads
Three critical vulnerabilities have been reported in ownCloud: CVE-2023-49103, which exposes sensitive data through a library flaw; CVE-2023-49105, allowing file access without authentication; and CVE-2023-49104, permitting redirection to attacker-controlled domains, with urgent remediation steps advised.