Oracle has released its Critical Patch Update for January 2019 to include 284 vulnerability fixes across multiple products. Oracle continues to receive reports of remote attackers attempting to maliciously exploit unpatched vulnerabilities.
Attackers are using a variant of the infamous Mirai IoT botnet dubbed “Miori” to exploit a Remote Code Execution (RCE) vulnerability in ThinkPHP, a free open-source PHP framework.
A security researcher going by the name of SandboxEscaper has published online a new proof-of-concept (POC) for a new zero-day vulnerability that impacts Windows systems.
The critical zero-day “Scripting Engine Memory Corruption” vulnerability (CVE-2018-8653) is being actively exploited on Windows systems by hackers.
Cisco has patched a vulnerability in the authorization subsystem of Cisco’s Adaptive Security Appliance (ASA)Software that could allow an authenticated, unprivileged remote attacker perform privileged actions by using the ASA web management interface.