CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog.
Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw.
Microsoft fixed two zero-day bugs exploited in malware attacks.
HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks.
Threat actors actively exploit JetBrains TeamCity flaws to deliver malware.
BianLian group exploits JetBrains TeamCity bugs in ransomware attacks.
Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws.
CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks.
Multiple malware used in attacks exploiting Ivanti VPN flaws.
Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware.
Phemedrone info stealer campaign exploits Windows smartScreen bypass.
Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies.
Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware.
Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies.
Critical Confluence flaw exploited in ransomware attacks.
iLeakage attack exploits Safari to steal data from Apple devices.
Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks.
Apple fixed the 17th zero-day flaw exploited in attacks.
Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks.
Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks.
This Cyber News was published on securityaffairs.com. Publication date: Sun, 26 May 2024 19:13:08 +0000