-
![Adobe Logo]()
Adobe Releases Patches for Critical ColdFusion Vulnerabilities
In light of recently disclosed vulnerabilities, Adobe has issued a second series of patches for its ColdFusion platform, which includes flaws believed to have been exploited in cyber-attacks. On July 11, Adobe addressed CVE-2023-29298, an access control problem that could bypass security features. Three days later, the company rolled out fixes for CVE-2023-38203, a deserialization…
-
![Vulnerability Mastodon]()
Mastodon Rolls Out Urgent Security Update to Mitigate Critical Vulnerabilities Threatening Millions of Users
Mastodon, a decentralized social network with a user base exceeding 14 million, has issued a security update to address critical vulnerabilities that could expose its users to cyberattacks. The most severe vulnerability, CVE-2023-36460, allows attackers to exploit a glitch within the media attachments feature, enabling the creation and overwriting of files in any location that…
-
![]()
Cisco Releases Security Updates for Critical Vulnerabilities in Expressway Series and TelePresence VCS
Cisco has released critical software updates to address multiple vulnerabilities discovered in the Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS). According to the advisory published by Cisco on June 7, 2023, these vulnerabilities could allow an authenticated attacker with Administrator-level read-only credentials to escalate their privileges to Administrator with read-write credentials on…
-
![]()
Microsoft’s May 2023 Security Patch Addresses Critical Vulnerabilities, With Several Rated “Exploitation More Likely”
Microsoft has released its monthly security patch for May 2023, addressing several critical vulnerabilities across its products. Among the 40 vulnerabilities addressed in this update, some have been classified as “Exploitation More Likely” due to the higher possibility of being targeted by cybercriminals. This article will focus on these high-risk vulnerabilities and provide a summary…
-
![]()
WASM Vulnerability in Trust Wallet Leads to $170,000 Loss
Trust Wallet, a leading cryptocurrency wallet provider, has publicly disclosed details regarding a WebAssembly (WASM) vulnerability that affected its open-source library, Wallet Core. The vulnerability, which specifically impacted wallets created in Trust Wallet’s Browser Extension between November 14 and 23, 2022, was detected and patched within one day of its discovery in November 2022. The…
-
![]()
Google Chrome Releases Patch to Address Another Zero-Day Vulnerability
Google has announced an update to the stable and extended stable channels of its Chrome browser for desktop. The update includes version 112.0.5615.137/138 for Windows, 112.0.5615.137 for Mac, and 112.0.5615.165 for Linux. The rollout of these updates is expected to occur over the coming days and weeks, as noted in the official Chrome Releases blog…
-
![]()
Google Chrome Update Patches High-Severity Zero-Day Exploit: CVE-2023-2033
Google has released an important update for its Chrome browser to address a high-severity security vulnerability known as type confusion in the browser’s V8 engine. The flaw, designated as CVE-2023-2033, affected versions of Google Chrome prior to the latest release, version 112.0.5615.121. The vulnerability was described by the National Institute of Standards and Technology (NIST)…
-
![]()
Critical Exploitation Path Uncovered in Microsoft Azure Shared Key Authorization by Orca Security Researchers
Researchers at Orca Security have uncovered a critical exploitation path involving Microsoft Azure Shared Key authorization, which could lead to subscription privilege escalation and remote code execution (RCE). In a blog post published on April 11, 2023, Orca Security detailed their discovery and the potential impact it may have on organizations utilizing Microsoft Azure’s cloud…
-
![]()
Cisco Patches Critical Command Injection Vulnerabilities in Key Network Products
On April 5, 2023, Cisco issued an urgent security advisory to address multiple command injection vulnerabilities identified in several of its key products: the Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure. These vulnerabilities could be exploited by an authenticated, local attacker to bypass the restricted shell and…
-
![]()
Apple Issues Urgent Update to Fix Actively Exploited iOS Zero-Days
Cupertino, California – Apple has urgently released a major security update to address two zero-day vulnerabilities that were already being exploited in the wild. The company announced the rollout of the iOS 16.4.1 and iPadOS 16.4.1 updates, which include fixes for software flaws that could have exposed iPhone and iPad users to arbitrary code execution…
