Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days.
Microsoft fixed two zero-day bugs exploited in malware attacks.
HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks.
BianLian group exploits JetBrains TeamCity bugs in ransomware attacks.
Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites.
Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws.
CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks.
Multiple malware used in attacks exploiting Ivanti VPN flaws.
Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies.
Critical Confluence flaw exploited in ransomware attacks.
Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748.
iLeakage attack exploits Safari to steal data from Apple devices.
Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks.
Apple fixed the 17th zero-day flaw exploited in attacks.
Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks.
Apple rolled out emergency updates to address 3 new actively exploited zero-day flaws.
Trend Micro addresses actively exploited zero-day in Apex One and other security Products.
US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog.
Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks.
Apple discloses 2 new actively exploited zero-day flaws in iPhones, Macs.
This Cyber News was published on securityaffairs.com. Publication date: Sun, 26 May 2024 19:13:08 +0000