Category Archives: Vulnerabilities

Critical vulnerabilities in Microsoft Edge Chromium and Google Chrome browsers

Vulnerability detected (CVE-2021-21193) on Chromium Blink Engine that allows malicious users to execute arbitrary code, gain unauthorized access, access sensitive information, or deny service (denial -of-service). Microsoft and Google have published the following versions to patch these exploited vulnerabilities: • Edge Chromium 89.0.774.54 • Google Chrome 89.0.4389.90 More information can be found at https://securityaffairs.co/wordpress/115600/security/google-chrome-0-day.html Source: […]

Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities

Abnormal activity on Microsoft Exchange servers was detected in January 2021. In particular, an attacker exploiting a manually compromised vulnerability (SSRF) on Microsoft Exchange servers (CVE-2021-26855) could steal the full contents of a single user mailbox. This vulnerability can be exploited remotely and does not require authentication of any kind, nor does it require special […]

Critical WordPress Plugin Flaw Allows Site Takeover

A patch in the NextGen Gallery WordPress plugin fixes critical and high-severity cross-site request forgery flaws. Researchers are urging WordPress websites that utilize the NextGen Gallery plugin to apply a patch addressing critical and high-severity flaws. The NextGen Gallery plugin, which is installed on 800,000 WordPress websites, allows sites to upload photos in batch quantities, […]

Alert (AA20-352A)

Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations Summary The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor has demonstrated patience, […]

CISA Issues ICS Advisory for New Vulnerabilities in Treck TCP/IP Stack

Security updates available for the Treck TCP/IP stack address two critical vulnerabilities leading to remote code execution or denial-of-service. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory to warn organizations using industrial control systems (ICS) about the risks posed by these flaws. A low-level TCP/IP software library, the Treck TCP/IP stack […]