SecurityWeek

BeyondTrust Vulnerability Targeted by Hackers Within 24 Hours of PoC Release

Threat actors began targeting a recently patched BeyondTrust vulnerability shortly after a proof-of-concept (PoC) exploit was released.

Microsoft Confirms Windows Is Under Attack — Update Now

Attackers have not waited for Exploit Wednesday; the Microsoft Windows zero-day attacks have already started. Here’s what you need to know and do.
SecurityWeek

CISA Warns of Exploited SolarWinds, Notepad++, Microsoft Vulnerabilities

CISA has expanded its KEV catalog with new SolarWinds, Notepad++, and Apple flaws, including two exploited as zero-days.

CISA flags critical Microsoft SCCM flaw as exploited in attacks

CISA ordered federal agencies on Thursday to secure their systems against a critical Microsoft Configuration Manager vulnerability patched in October 2024 and now exploited in attacks.
Infosecurity Magazine

New Hacking Campaign Exploits Microsoft Windows WinRAR Vulnerability

A hacking campaign took just days to exploit a newly disclosed security vulnerability in Microsoft Windows version of WinRAR, ...
CRN

ConnectWise ScreenConnect Vulnerability Seeing Exploits: CISA

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is seeing active exploits related to the ConnectWise ScreenConnect vulnerability that was reported earlier last week. Vulnerabilities ...
Ars Technica

Critical WordPress plugin vulnerability under active exploit threatens thousands

Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ...

CrossCurve identifies 10 wallets involved in the $3M bridge exploit

Decentralised finance protocol CrossCurve has identified ten Ethereum wallet addresses involved in the exploit of its bridge ...
Engadget

Google just patched the fifth zero-day exploit for Chrome this year

Google has released a security update for the Chrome browser to fix a zero-day vulnerability exploit that has been used by threat actors. This is the fifth time this year the company has had to issue ...
Infosecurity-magazine.com

Malicious Actors Exploit ProjectSend Critical Vulnerability

Public-facing instances of ProjectSend, an open-source file-sharing web application, have been exploited by attackers, according to vulnerability intelligence provider VulnCheck. ProjectSend was ...
Ars Technica

As if 2 Ivanti vulnerabilities under exploit weren’t bad enough, now there are 3

Mass exploitation began over the weekend for yet another critical vulnerability in widely used VPN software sold by Ivanti, as hackers already targeting two previous vulnerabilities diversified, ...
TechRepublic

Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs

Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs Your email has been sent Volt Typhoon, a Chinese state-sponsored hacking group, has been caught ...