Cisco issued an updated advisory warning of active exploits in the wild against a Cisco security appliance XSS vulnerability CVE-2020-3580. Proof of concept (PoC) exploit code has also been released to the public.
Threat actors from suspected North Korea APT group Kimsuky breached a South Korean atomic research institute via a VPN vulnerability.
Juniper Networks has released an out-of-cycle emergency patch that fixes a "FragAttack" WiFi vulnerability in Juniper Networks Mist Access Points (APs).
Cisco has patched multiple vulnerabilities in HyperFlex HX, Cisco SD-WAN, Small Business routers and other network products. Two of the advisories are rated Critical.
Ivanti has discovered three new Pulse Connect Secure (PCS) Critical vulnerabilities CVE-2021-22894, CVE-2021-22899 and CVE-2021-22900, nearly two weeks after reported active exploits against other PCS vulnerabilities.
Security researchers have discovered a KDC Spoofing Vulnerability in F5 Big-IP CVE-2021-23008. As a result, an attacker could could exploit the vulnerability to bypass authentication and take control of impacted systems.
CISA warned attackers continue to exploit Pulse Connect Secure vulnerabilities. The alert was issued after CISA confirmed malicious activity on public and private entity networks. Additional detection methods were also added on April 30.
Security researchers from Microsoft have discovered a collection of vulnerabilities dubbed "BadAlloc" that affect a broad range of IoT and OT devices in industrial, medical and consumer sectors.
The Cybersecurity and Infrastructure Security Agency (CISA) has published a new analysis report on Supernova malware used in a cyberattack and long term compromise of an entity's network and SolarWinds systems.
SonicWall has released urgent patches for Critical Email Security product zero-day vulnerabilities CVE-2021-20021, CVE-2021-20022 and CVE-2021-20023.