Take action on the latest cybersecurity events

Cybersecurity advisories and events as they happen, with a clear action you can take.

The "InfectedSlurs" botnet exploits a critical zero-day vulnerability (CVE-2023-49897) in FXC wireless LAN routers, models AE1021 and AE1021PE, leading to remote command execution, and FXC has released a firmware update (version 2.0.10) to mitigate this issue.
The Fancy Bear group, also known as Forest Blizzard by Microsoft and linked to Russia's GRU, is exploiting a nine-month-old Microsoft Outlook vulnerability (CVE-2023-23397) to gain control of Microsoft Exchange mailboxes, primarily targeting government, energy, and transportation sectors.
The Cactus ransomware group is exploiting critical vulnerabilities in Qlik Sense's Windows version, notably two major flaws (CVE-2023-41266 and CVE-2023-41265 - reissued as CVE-2023-48365), to infiltrate corporate networks, using techniques like PowerShell, BITS, and RDP for persistence, remote access, and data exfiltration.
Security experts have detected active attempts to exploit a critical vulnerability in OwnCloud's Graph API app, through severe issue, CVE-2023-49103. Urgent mitigation is needed due to its high CVSS score and ease of exploitation noted by the Shadowserver Foundation.
CISA reports active exploitation of CVE-2023-1671, a critical command injection vulnerability in Sophos Web Appliance's warn-proceed handler, which has been patched but still targeted due to some systems having disabled auto-updates, even as the product passed its end of service.
Google TAG has revealed that a cross-site scripting (XSS) vulnerability (CVE-2023-37580) in Zimbra Collaboration email software is being exploited by four different threat actors to target government entities to steal emails and login data. Most attacks are occurring after the vulnerability patch was disclosed with campaigns targeting government organizations in Greece, Moldova, Tunisia, Vietnam, and Pakistan.
The newly discovered backdoor "Effluence" is injected via exploiting the CVE-2023-22518 vulnerability in Atlassian Confluence servers, allowing remote control even after patching. It evades detection with its stealthy nature, and requiring extensive manual review for removal due to its lack of digital traces.
A critical security flaw in Atlassian's Confluence Server and Data Center, CVE-2023-22518, has been actively exploited by attackers deploying Cerber ransomware, prompting Atlassian to release urgent patches.
F5 Networks has disclosed two critical vulnerabilities in their BIG-IP systems, CVE-2023-46747 allowing remote code execution and CVE-2023-46748 enabling SQL injection, which have been exploited in the wild. Time to patch NOW.
The HelloKitty ransomware group has been exploiting a critical Apache ActiveMQ vulnerability (CVE-2023-46604) affecting thousands of unpatched servers, mainly in China, the USA, and Germany.