CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution.

Ivanti has disclosed two Connect Secure (ICS) and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways.

Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs.

Google Cloud addresses medium-severity security flaw! Attackers with Kubernetes cluster access could escalate privileges.

https://asset-group.github.io/disclosures/5ghoul/

WordPress version 6.4.2 fixes a vulnerability that could allow attackers to execute arbitrary PHP code.

https://www.cyberveille-sante.gouv.fr/alertes/zyxel-cve-2023-5593-2023-11-21

MySQL servers are being targeted by the 'Ddostf' malware botnet to enslave them for a DDoS-as-a-Service platform whose firepower is rented to other cybercriminals.

VMware raises the alarm about an unpatched security flaw (CVE-2023-34060) in Cloud Director, which could allow attackers to bypass authentication.

Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations.

Risk of ‘significant data loss’ for on-prem customers

Apple has released security updates for its phones, iPads, Macs, watches and TVs.

Over the weekend rumours circulated on social networks of an unpatched security hole in the Signal messaging app that could allow a remote hacker to seize control of your smartphone.

Microsoft Threat Intelligence has revealed that it has been tracking the active exploitation of a vulnerability in Atlassian Confluence software since September 14, 2023.

Atlassian releases patch for a new zero-day vulnerability (CVE-2023-22515) in Confluence, risking admin account breaches on Data Center and Server.

Dubbed Looney Tunables by cybersecurity researchers at Qualys; the vulnerability resides within the GNU C Library's dynamic loader.

Experts warn of a critical zero-day vulnerability, tracked as CVE-2023-42115, in all versions of Exim mail transfer agent (MTA) software.

Cisco discloses a new vulnerability (CVE-2023-20109) in IOS Software and IOS XE Software with the potential for remote code execution.

En sécurité informatique, que valent les identificateurs CVE et les évaluations CVSS ?