An attacker has been targeting unpatched AT&T network edge devices via a brand new botnet dubbed EwDoor.
A security researcher has discovered a zero-day vulnerability CVE-2021-24084 in Windows Mobile Device Management that could allow information disclosure and local privilege escalation (LPE).
VMware has patched arbitrary file read and SSRF vCenter Server vulnerabilities (CVE-2021-21980, CVE-2021-22049) that affect VMware vSphere Web Client.
Bad actors have been exploiting a previously patched Windows Installer zero-day privileged escalation vulnerability CVE-2021-41379.
The Federal Bureau of Investigation (FBI) has issued a report of advanced persistent threat (APT) actors exploiting 0-day FatPipe MPVPN networking devices since at least May of 2021.
GitHub has fixed two node package manager (npm) registry vulnerabilities, one of those could allow an attacker to publish new versions of an npm package without proper authorization.
Iranian state-sponsored advanced persistent threat (APT) actors have been targeting and exploiting Microsoft Exchange and Fortinet vulnerabilities.
Google has released Chrome 96 security update (96.0.4664.45) for Windows, Mac and Linux with fixes for multiple High risk vulnerabilities.
Palo Alto Networks has fixed a Critical PAN-OS vulnerability (CVE-2021-3064) in GlobalProtect Portal and Gateway Interfaces.
VMware has issued a security fix for a VMware Tanzu Application Service for VMs vulnerability CVE-2021-22101.