The critical-severity unauthenticated remote code execution flaw is now being actively exploited, according to CISA.
Attackers are eyeing known vulnerabilities in the Zimbra collaboration suite to target government and private sector organizations.
The flaws could lead to denial-of-service attacks, information disclosure, privilege escalation, and in some cases, code execution.
Weeks after the disclosure of the vulnerability (CVE-2022-29464) in WSO2 products, attackers are leveraging the flaw to install Linux-compatible Cobalt Strike beacons, cryptocurrency miners and more.
Cisco has patched a flaw in IOS XR that can allow an attacker to write arbitrary files to the Redis instance.