Attackers are targeting a pair of Windows bugs that can be exploited simply by sending a malicious email to the victim, allowing the attacker to steal the users Windows credentials. A vulnerability in the MSHTML / EdgeHTML component used in Microsoft products such as Internet Explorer (now retired), WebBrowser control, Microsoft Edge, and other legacy applications […]
Windows Security Feature Bypass Vulnerability Read More »
A vulnerability in the WordPress plugin Advanced Custom Fields and Advanced Custom Fields Pro is being actively exploited by attackers after proof of concept (PoC) code for the exploit was released. The Advanced Customs Fields plugin has been installed on over 2M WordPress sites worldwide however only 31.5% of users have installed update version 6.1
WordPress Plugin Flaw has Public Exploit Code Read More »
A vulnerability has been identified in NetFilter, a packet filtering and NAT (Network Address Translation) framework within the Linux kernel. This vulnerability can allow local users to escalate privileges to gain root level access, resulting in complete control over the vulnerable system. Multiple Linux kernel releases are affected by this flaw, including the most recent
Linux Kernel Vulnerability Allows Elevation to Root Read More »
An Android security bulletin has been released detailing the vulnerabilities patched in the May 2023 updates for patch levels 2023-05-01 and 2023-05-05. Included in this update is a fix for a high severity flaw first identified in January, found in the Linux Kernel of affected devices. This vulnerability is known to have been exploited as
Android Update Patches Exploited Kernel Flaw Read More »
Cisco Prime Collaboration Deployment software has been found to have a zero-day vulnerability that could allow for cross-site scripting attacks to take place. The Cisco Prime Collaboration Deployment application is a server management tool which can assist in the migration of older software version clusters to new virtual machines, as well as performing fresh installs,
Cisco Zero-Day Cross-Site Scripting Vulnerability Read More »
Another zero-day vulnerability has been identified in the Google Chrome desktop application, just days after the previous emergency update was released. Microsoft have determined this to be a publicly disclosed vulnerability with a verified exploit. The stable channel update for desktop version 112.0.5615.137 was released last week for Windows and Mac, with the Linux update
New Chromium OSS Zero-Day Actively Exploited Read More »
A security update has been released by VMware to patch two vulnerabilities in VMware Aria Operations for Logs products, which were previously called vRealize Log Insight. VMware vRealize Log Insight products had multiple remote code execution vulnerabilities that were addressed in January which could be exploited together in an attack chain. This new update addresses
Critical Vulnerabilities Patched by VMware Read More »
An emergency security update has been released by Google for Chrome stable channel for desktop for Windows, Mac, and Linux. This is the first emergency update released so far in 2023 to patch an actively exploited zero-day vulnerability in Google Chrome’s desktop application. The updated version v112.0.5615.121 also includes other security fixes deemed necessary from
Google Chrome Emergency Update Patches Zero-Day Read More »
A total of 97 vulnerabilities were resolved in April’s patch Tuesday updates from Microsoft this week, including 7 critical severity flaws, and an actively exploited zero-day flaw with a publicly disclosed exploit. Critical severity flaw CVE-2023-28250 has a CVSS base score of 9.8 and is found in the Windows pragmatic general multicast (PGM) protocol. This
Microsoft Fixes Critical and Publicly Disclosed Flaws Read More »
Emergency security updates have been released by Apple for macOS, iOS, iPadOS, and Safari to patch two zero-day vulnerabilities, one of which has a publicly disclosed exploit. The other zero-day flaw addressed in these updates is also reported to be actively exploited in the wild. These emergency updates by Apple have been published less than
Apple Patch Zero-Day with Publicly Disclosed Exploit Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.