SEARCH
ColdFusion Exploit Used to Access Federal Agency
In two separate intrusions, attackers exploited a ColdFusion vulnerability (CVE-2023-26360) to compromise an unnamed federal government agency.
Russian Group Targeting Exchange Flaw
Fancy Bear, also known as APT28 and Forest Blizzard, has been targeting a Microsoft Exchange flaw (CVE-2023-23397) against targets in Poland.
VMware Patches Critical Authentication Bypass Bug
The patch is available two weeks after the vulnerability was first disclosed on Nov. 14.
Apple Fixes Two Actively Exploited WebKit Bugs
The bugs (CVE-2023-42916 and CVE-2023-42917) enable sensitive information disclosure and arbitrary code execution.
U.S. and Allies Sanction Kimsuky Actors
The US and several allies have sanctioned eight North Korean nationals, including alleged members of the Kimsuky APT group.