Microsoft has released the April 2021 Security updates that includes patches for 114 vulnerabilities, 19 of those rated Critical. The updates also include fixes for multiple Microsoft Exchange flaws that have a higher likelihood of being exploited.
Google has released Chrome 89 security update 89.0.4389.128) for Windows, Mac and Linux with fixes for 2 vulnerabilities exploited in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) has published reports on DearCry ransomware and China Chopper Web Shell malware linked to recent Exchange Server exploits. Attackers can use this malware to further compromise on-premise Microsoft Exchange servers and launch other attacks.
Cisco has patched multiple vulnerabilities in Cisco SD-WAN, Small Business routers, Unified Communications Products and Advanced Malware Protection. Two of those vulnerabilities (CVE-2021-1479, CVE-2021-1459) are rated Critical.
PHP maintainer Nikita Popov has published new details regarding the likely cause of a recent PHP source code compromise and insert of malicious code.
Security researchers have warned legacy QNAP NAS devices are vulnerable to zero-day cyberattacks. Although QNAP patched two vulnerabilities in recent firmware updates, the company acknowledged patches were not yet available for certain legacy devices.
Security experts from Onapsis and SAP have released a new threat intel report for SAP customers that warns of cyber threat actors targeting unprotected SAP applications.
Cybersecurity experts from the FBI and CISA have issued a joint cybersecurity advisory warning of APT exploits of Fortinet FortiOS vulnerabilities CVE-2018-13379, CVE-2019-5591 and CVE-2020-12812.
Citrix has released patches for Citrix Hypervisor that address two vulnerabilities. If exploited, an attacker could exploit privileged code in a guest VM and cause the host to crash or become unresponsive.
Google has released Chrome 89 security update (89.0.4389.114) for Windows, Mac and Linux with fixes for 8 vulnerabilities.