Drupal has released security updates that fix a Critical XSS bug and 4 other vulnerabilities in multiple versions of Drupal. A remote attacker could exploit these vulnerabilities to compromise an affected system.
Apple has released security updates to address vulnerabilities in iOS 14.0, iPadOS 14.0, watchOS 7.0, Safari 14.0, tvOS 14.0 and Xcode 12.0. Apple also added new Privacy features for iOS 14.0.
The Cybersecurity and Infrastructure Security Agency (CISA) issued a new security advisory warning of publicly available exploit code for a Microsoft Netlogon vulnerability CVE-2020-1472. Researchers have dubbed the vulnerability 'Netlogon' that could allow attackers to hijack Windows domain controllers.
Chinese Ministry of State Security (MSS)-affiliated cyber threat actors are targeting U.S. government agencies, as well as exploiting four popular vulnerabilities over the past 12 months.
Palo Alto Networks has fixed a Critical buffer overflow vulnerability that could allow an attacker to execute remote code as root on PAN-OS devices, along with multiple other High severity issues.
Microsoft has released the September 2020 Security updates that includes patches for 129 vulnerabilities, 24 of them rated Critical. Adobe also released updates for Experience Manager, Framemaker and InDesign.
Google has released Chrome 85.0.4183.102 security update for Windows, Mac and Linux. An attacker could exploit these vulnerabilities to take control of impacted systems.
Developers have updated the WordPress plugin File Manager to fix a critical vulnerability that could have allowed hackers to gain complete access to nearly 700 thousand WordPress websites.
Cisco issued a security advisory and patch for a new Cisco Jabber software RCE vulnerability CVE-2020-3495, as well as security fixes for multiple other products.
Cisco issued a security advisory warning of a new Cisco IOS XR software zero-day vulnerability CVE-2020-3566 under active exploit in the wild.