Apple has released security updates to fix vulnerabilities in iOS 14.5.1, macOS Big Sur 11.3.1, Safari 14.1, watchOS 7.4.1, and other products under active exploit in the wild.
Ivanti has discovered three new Pulse Connect Secure (PCS) Critical vulnerabilities CVE-2021-22894, CVE-2021-22899 and CVE-2021-22900, nearly two weeks after reported active exploits against other PCS vulnerabilities.
Security researchers have discovered a KDC Spoofing Vulnerability in F5 Big-IP CVE-2021-23008. As a result, an attacker could could exploit the vulnerability to bypass authentication and take control of impacted systems.
CISA warned attackers continue to exploit Pulse Connect Secure vulnerabilities. The alert was issued after CISA confirmed malicious activity on public and private entity networks. Additional detection methods were also added on April 30.
Security researchers from Microsoft have discovered a collection of vulnerabilities dubbed "BadAlloc" that affect a broad range of IoT and OT devices in industrial, medical and consumer sectors.
Samba has released a software update to fix a vulnerability (CVE-2021-20254) that could allow an attacker unauthorized access to files. A remote attacker could take advantage of this bug and exploit unpatched systems.
Security researchers from Jamf have uncovered a new strain of mac-based malware dubbed Shlayer that bypasses some of macOS built-in protections to include Gatekeeper, Notarization and File Quarantine.
Apple has released security updates to fix vulnerabilities in iOS 14.5, macOS Big Sur 11.3, Safari 14.1, tvOS 14.5, watchOS 7.4, Xcode 12.5 and other products.
Google has released Chrome 90 security update (90.0.4430.93) for Windows, Mac and Linux with fixes for 9 vulnerabilities.
Security experts from UK's National Cyber Security Centre (NCSC) warned of a new malware strain FlyBot, an Andoid password-stealing malware.