Take action on the latest cybersecurity events

Cybersecurity advisories and events as they happen, with a clear action you can take.

The newly discovered backdoor "Effluence" is injected via exploiting the CVE-2023-22518 vulnerability in Atlassian Confluence servers, allowing remote control even after patching. It evades detection with its stealthy nature, and requiring extensive manual review for removal due to its lack of digital traces.
A critical security flaw in Atlassian's Confluence Server and Data Center, CVE-2023-22518, has been actively exploited by attackers deploying Cerber ransomware, prompting Atlassian to release urgent patches.
F5 Networks has disclosed two critical vulnerabilities in their BIG-IP systems, CVE-2023-46747 allowing remote code execution and CVE-2023-46748 enabling SQL injection, which have been exploited in the wild. Time to patch NOW.
The HelloKitty ransomware group has been exploiting a critical Apache ActiveMQ vulnerability (CVE-2023-46604) affecting thousands of unpatched servers, mainly in China, the USA, and Germany.
The Winter Vivern hacking group has actively targeted European government entities and think tanks by exploiting a zero-day vulnerability (CVE-2023-5631) in Roundcube Webmail, allowing them to inject malicious JavaScript code and steal emails.
VMware has warned customers of an authentication bypass vulnerability in vRealize Log Insight (now VMware Aria Operations for Logs) with published exploit code enabling remote code execution. Albeit requiring specific conditions this vulnerability also serves as a bypass for a chain of critical flaws patched in January, allowing attackers to inject malicious files into unpatched VMware appliances.
Google's Threat Analysis Group warns of an actively exploited vulnerability (CVE-2023-3883) in WinRAR, affecting versions prior to 6.23, allowing attackers to execute arbitrary code when attempting to view a benign file within a ZIP archive. State-sponsored and financially motivated hackers are targeting the vulnerability because too many users haven't updated their WinRAR.
North Korean state-sponsored hacker groups, Diamond Sleet and Onyx Sleet, are actively exploiting a critical remote code execution vulnerability (CVE-2023-42793) in JetBrains TeamCity CI/CD server tool. The attack is potentially leading to source code theft and exposure of service secrets, with the attack putting at risk major organizations that use this tool.
The CVE-2023-4966 vulnerability in Citrix NetScaler ADC and NetScaler Gateway, exploited by hackers since August, allows them to bypass multifactor authentication through session hijacking, potentially compromising sensitive information.
Microsoft identified a nation-state actor, possibly linked to China's Ministry of State Security, exploiting a zero-day vulnerability in Atlassian's Confluence products, prompting urgent patches and inspection recommendations.