Researchers Warn of New Microsoft Office 0-Day Vulnerability “Follina”

Nao_Sec cybersecurity researchers state the “odd-looking” MS Word document was uploaded on VirusTotal from a Belarus IP address. Independent cybersecurity research group Nao_Sec has revealed startling details of a new…

Latest Update for Google Chrome Fixes Actively Exploited 0-day Flaw

One of the two security vulnerabilities identified in the Google Chrome web browser was reportedly being actively exploited in the wild. On Thursday, Google released emergency fixes for the Chrome…

Virginia Reeling from Ransomware

Virginia Reeling from Ransomware Virginia is fighting cyber-fires on two fronts after ransomware attacks affected both its state legislature and an agency within its executive branch.  In an attack that struck on…

Technical Advisory: Zero-day critical vulnerability in Log4j2 exploited in the wild

On December 9, 2021, Apache disclosed CVE-2021-44228, a remote code execution vulnerability – assigned with a severity of 10 (the highest possible risk score). The source of the vulnerability is Log4j,…

Security company offers Log4j 'vaccine' for systems that can't be updated immediately

For those unable to patch the Apache Log4Shell vulnerability, cybersecurity firm Cybereason has released what they called a “fix” for the 0-day exploit. Cybereason urged people to patch their systems…

Hackers actively exploiting 0-day in Ubiquitous Apache Log4j tool

Apache has released Log4j version 2.15.0 to address the critical RCE vulnerability and users are urged to apply the update immediately. The Apache Foundation’s Log4j is a widely used open-source…

Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack

The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.” An excruciating, easily exploited flaw in the ubiquitous…

SMA 100 flaws in SonicWall VPN expose devices to remote takeover

If exploited, an unauthenticated, remote attacker can execute code as a “nobody user” in the device meaning attacker would get root access and gain full control of the device. SonicWall,…

FBI: FatPipe VPN Zero-Day Exploited by APT for 6 Months

The bureau’s flash alert said an APT has been exploiting the flaw to compromise FatPipe router clustering and load balancer products to breach targets’ networks. A threat actor has been…

Security company faces backlash for waiting 12 months to disclose Palo Alto 0-day

There has been considerable debate within the cybersecurity community about Randori, a security firm that waited one year before disclosing a critical buffer overflow bug it discovered in Palo Alto…