remote code execution

Microsoft fixes three zero-days, eight critical flaws in May Patch Tuesday update

Threats and Risks

Microsoft fixes three zero-days, eight critical flaws in May Patch Tuesday update

One zero-day is being actively exploited

clock 11 May 2022 • 3 min read
SpringShell: Patches released for critical zero-day

Threats and Risks

SpringShell: Patches released for critical zero-day

Initial analysis indicates that the bug may not be as severe as Log4Shell

clock 01 April 2022 • 3 min read
Critical H2 database vulnerability similar to Log4Shell disclosed

Threats and Risks

Critical H2 database vulnerability similar to Log4Shell disclosed

All H2 users should upgrade to the newest version 2.0.206 which is patched for the flaw

clock 11 January 2022 • 3 min read
Cisco fixes three critical bugs in IOS XE software

Threats and Risks

Cisco fixes three critical bugs in IOS XE software

The company says it is not aware of these bugs being exploited in the wild

clock 24 September 2021 • 3 min read
JavaScript NPM library with 3 million weekly downloads exposed apps to hijacking

Threats and Risks

JavaScript NPM library with 3 million weekly downloads exposed apps to hijacking

Pac-Resolver library versions older than 5.0.0 are vulnerable

clock 03 September 2021 • 2 min read
Microsoft Exchange Server: threat actors actively scanning for ProxyShell vulnerability, researchers warn

Threats and Risks

Microsoft Exchange Server: threat actors actively scanning for ProxyShell vulnerability, researchers warn

ProxyShell is a set of three security flaws that have already been addressed by Microsoft, but not all instances are patched

clock 09 August 2021 • 2 min read
Apple releases urgent security patch for zero‑day bug under active attack

Threats and Risks

Apple releases urgent security patch for zero‑day bug under active attack

The bug exists in Webkit, the browser engine which powers the Safari browser across all Apple devices

clock 29 March 2021 • 2 min read
Slack fixes a critical RCE bug in its desktop app

Threats and Risks

Slack fixes a critical RCE bug in its desktop app

The flaw could have allowed attackers to access private conversations, channels, passwords, keys and tokens, and various functions within the app

clock 01 September 2020 • 2 min read
Hackers are mass-scanning the internet to discover Microsoft Exchange servers vulnerable to RCE bug

Threats and Risks

Hackers are mass-scanning the internet to discover Microsoft Exchange servers vulnerable to RCE bug

A patch to fix this bug has already been released by Microsoft

clock 15 April 2020 •
Just 17 per cent of all internet-facing Microsoft Exchange servers are patched against CVE-2020-0688 vulnerability

Threats and Risks

Just 17 per cent of all internet-facing Microsoft Exchange servers are patched against CVE-2020-0688 vulnerability

More than 31,000 Exchange 2010 servers have received no update since 2012

clock 07 April 2020 •
Most read
01

Microsoft warns of massive surge in Linux XorDdos malware usage

23 May 2022 • 3 min read
02

Cyberattack affects Port of London website

24 May 2022 • 2 min read
03

Google Russia to file for bankruptcy after accounts seized

20 May 2022 • 2 min read
04

Application security: shift-left is necessary but insufficent

20 May 2022 • 4 min read
05

Full steam ahead for new Trainline CTO Milena Nikolic

24 May 2022 • 4 min read