The Cybersecurity and Infrastructure Security Agency (CISA) has added one Zimbra vulnerability to its Known Exploited Vulnerabilities Catalog based on evidence that cyber criminals are actively exploiting the vulnerabilities.
Cisco has released a Critical security update for three vulnerabilities in Small Business RV Routers. An unauthenticated, remote attacker could execute arbitrary code or cause a denial of service (DoS) condition on an unpatched device.
F5 has released fixes for 12 High severity vulnerabilities that affect BIG-IP and BIG-IQ products.
Google has released Chrome 104.0.5112.79 (Mac/Linux) and 104.0.5112.79/80/81 (Windows), with fixes for 27 vulnerabilities (7 rated High severity). Additionally, Google also published new Chrome security updates for iOS and Android.
Knotweed threat actors have exploited Microsoft and Adobe 0-day vulnerabilities in targeted attacks against European and Central American customers. The actors also developed Subzero malware used in these attacks.
The Cybersecurity and Infrastructure Security Agency (CISA) has added a Critical Questions for Confluence App Hard-coded Credentials Vulnerability (CVE-2022-26138) to its Known Exploited Vulnerabilities Catalog.
Samba has released software updates to fix five vulnerabilities in multiple Samba software products. One of the fixed issues could allow Samba AD users to forge password change requests for any user.
PrestaShop websites are reported vulnerable to a major SQL Injection vulnerability (tracked as CVE-2022-36408) and have been exploited in the wild since July 2022.
Cisco has released a Critical severity security advisory for three Nexus Dashboard unauthorized access vulnerabilities.
Oracle has released its Critical Patch Update for July 2022 to include 349 vulnerability fixes across multiple products. The updates also include fixes for Log4j and Spring Framework vulnerabilities.
