Siemens has issued patches after a set of 13 vulnerabilities was discovered in the Nucleus TCP/IP stack.
A known, critical-severity flaw in ManageEngine ADSelfService Plus is under attack by bad actors who are leveraging it to execute a novel credential-theft tool on victims' networks.
Some proof-of-concept exploits have begun circulating for CVE-2021-40444 and no patch is yet available.
Attackers are exploiting an authentication bypass flaw in Zoho's ManageEngine ADSelfService Plus password management app.
Researchers uncovered a flaw in macOS that could allow attackers to access permissions, like screen recording, on victim devices - without their approval.