Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw.
Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor.
Microsoft fixed two zero-day bugs exploited in malware attacks.
HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks.
Recent DarkGate campaign exploited Microsoft Windows zero-day.
BianLian group exploits JetBrains TeamCity bugs in ransomware attacks.
Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws.
CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks.
Multiple malware used in attacks exploiting Ivanti VPN flaws.
Google addressed a new actively exploited Chrome zero-day.
Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies.
Critical Confluence flaw exploited in ransomware attacks.
Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks.
North Korea-linked APT groups actively exploit JetBrains TeamCity flaw.
Multiple experts released exploits for Linux local privilege escalation flaw Looney Tunables.
Apple fixed the 17th zero-day flaw exploited in attacks.
Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks.
Apple rolled out emergency updates to address 3 new actively exploited zero-day flaws.
Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks.
Apple discloses 2 new actively exploited zero-day flaws in iPhones, Macs.
This Cyber News was published on securityaffairs.com. Publication date: Sun, 19 May 2024 12:43:06 +0000