Category Archives: Vulnerabilities

Citrix this week announced that it has patched a local privilege escalation vulnerability in the Citrix Workspace app for Windows. Tracked as CVE-2021-22907, the vulnerability could be exploited by local attackers to escalate their privileges to SYSTEM level. All supported versions of Citrix Workspace app for Windows are affected by the security hole. The issue, […]

Vulnerability detected (CVE-2021-21193) on Chromium Blink Engine that allows malicious users to execute arbitrary code, gain unauthorized access, access sensitive information, or deny service (denial -of-service). Microsoft and Google have published the following versions to patch these exploited vulnerabilities: • Edge Chromium 89.0.774.54 • Google Chrome 89.0.4389.90 More information can be found at https://securityaffairs.co/wordpress/115600/security/google-chrome-0-day.html Source: […]

Abnormal activity on Microsoft Exchange servers was detected in January 2021. In particular, an attacker exploiting a manually compromised vulnerability (SSRF) on Microsoft Exchange servers (CVE-2021-26855) could steal the full contents of a single user mailbox. This vulnerability can be exploited remotely and does not require authentication of any kind, nor does it require special […]

A patch in the NextGen Gallery WordPress plugin fixes critical and high-severity cross-site request forgery flaws. Researchers are urging WordPress websites that utilize the NextGen Gallery plugin to apply a patch addressing critical and high-severity flaws. The NextGen Gallery plugin, which is installed on 800,000 WordPress websites, allows sites to upload photos in batch quantities, […]

Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations Summary The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor has demonstrated patience, […]