Tag
#zero_day
WordPress Slider Revolution plugin version 4.6.5 suffers from a remote shell upload vulnerability.
Vendor patched the vulnerability in October after a red team alert
Cloud services provider Rackspace on Thursday confirmed that the ransomware gang known as Play was responsible for last month's breach. The security incident, which took place on December 2, 2022, leveraged a previously unknown security exploit to gain initial access to the Rackspace Hosted Exchange email environment. "This zero-day exploit is associated with CVE-2022-41080," the Texas-based
Security teams may be missing targeted attacks and advanced exploits if attackers are using evasive techniques to avoid detection. Defenders need to up their game.
Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors.
The hosting provider had not applied Microsoft's new patch due to publicly reported issues with the update.
SugarCRM versions up to 12.2.0 suffer from a remote shell upload vulnerability.
Plus: Patches for Apple iOS 16, Google Chrome, Windows 10, and more.
A variety of initiatives — such as memory-safe languages and software bills of materials — promise more secure applications, but sustained improvements will require that vendors do much better, researchers agree.