Trusted Cyber Security Experts
25+ Years Industry Experience
Ethical, Professional & Pragmatic
Zimbra Collaboration Suite Patch Zero-Day Flaw
A zero-day cross-site scripting (XSS) flaw that has been exploited in the wild has now been patched for Zimbra Collaboration Suite in version 8.8.15 patch 41. Two other vulnerabilities have
Canon Printers Retain Wi-Fi Information After Wipe
Canon Inkjet printers have been found to retain sensitive Wi-Fi information after the usual wipe that is performed in the initialisation process. Canon have released a security advisory to warn
Microsoft Key Used for Unauthorised Email Access
The threat actor tracked by Microsoft as Storm-0558 has been able to utilise a stolen consumer signing key to access accounts and emails in Exchange Online through Outlook Web Access
Ivanti Patch Actively Exploited EPMM Zero-Day Flaw
An actively exploited vulnerability has been patched in that latest updates for Ivanti Endpoint Manager Mobile (EPMM), previously known as MobileIron Core. This zero-day flaw affects all supported versions of
Unpatched Redis Servers Targeted by P2P Malware
A peer-to-peer (P2P) worm known as P2PInfect has been discovered by security researchers at Unit42 to be actively targeting Windows and Linux based Redis servers. Redis is an open-source database
Citrix ADC and Gateway RCE Vulnerability Exploited
A critical severity Citrix ADC and Citrix Gateway remote code execution (RCE) flaw has been confirmed to be exploited in the wild. Now known as NetScaler ADC and NetScaler Gateway,
Adobe ColdFusion Attack Chain Actively Exploited
Adobe ColdFusion vulnerabilities are being actively exploited by attackers to bypass authentication and execute remote commands to create a webshell on the vulnerable endpoint. ColdFusion is an Adobe product for
Mastodon Patch High and Critical Vulnerabilities
Open-source social network Mastodon has needed to address one high severity and two critical severity vulnerabilities affecting their platform and servers, as well as one moderate severity flaw. Security advisories
Android July Update Patches Actively Exploited Flaws
The new Android security update for this month has fixed a total of 46 vulnerabilities, three of which are thought to be actively exploited in what Android describe as “limited,
Zero-Day Vulnerability Exploited in WordPress Plugin
A critical zero-day vulnerability has been exploited in the WordPress plugin Ultimate Member that allows attackers to escalate their privileges and gain full control over the website. Ultimate Member is
Exploit for Critical Auth Bypass Flaw in ArcServe UDP
A critical vulnerability has been discovered in ArcServe Unified Data Protection (UDP) versions 7.0 to 9.0 that can be exploited to bypass authentication on the system. ArcServe UDP is data
OpenSSH Cryptomining Attacks on Linux and IoTs
Internet-facing Linux-based systems and Internet of Things (IoT) devices are being targeted in a recent attack that uses a patched version of OpenSSH to take over the devices and install
Subscribe to our monthly newsletter today
If you’d like to stay up-to-date with the latest cyber security news and articles from our technical team, you can sign up to our monthly newsletter.
We hate spam as much as you do, so we promise not to bombard you with emails. We’ll send you a single, curated email each month that contains all of our cyber security news and articles for that month.