Category Archives: Vulnerabilities

Abnormal activity on Microsoft Exchange servers was detected in January 2021. In particular, an attacker exploiting a manually compromised vulnerability (SSRF) on Microsoft Exchange servers (CVE-2021-26855) could steal the full contents of a single user mailbox. This vulnerability can be exploited remotely and does not require authentication of any kind, nor does it require special […]

A patch in the NextGen Gallery WordPress plugin fixes critical and high-severity cross-site request forgery flaws. Researchers are urging WordPress websites that utilize the NextGen Gallery plugin to apply a patch addressing critical and high-severity flaws. The NextGen Gallery plugin, which is installed on 800,000 WordPress websites, allows sites to upload photos in batch quantities, […]

Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations Summary The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor has demonstrated patience, […]

Security updates available for the Treck TCP/IP stack address two critical vulnerabilities leading to remote code execution or denial-of-service. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory to warn organizations using industrial control systems (ICS) about the risks posed by these flaws. A low-level TCP/IP software library, the Treck TCP/IP stack […]

Hewlett Packard Enterprise (HPE) has disclosed a zero-day remote code execution flaw that affects the latest versions of its HPE Systems Insight Manager (SIM) software for Windows and Linux.HPE SIM is a managementand remote support automation solution for multiple HPE solutions, including servers, storage, and networking products.The flaw stems from the lack of proper validation […]