Ivanti Connect Secure attacks part of deliberate espionage operation

Researchers warn the previously unknown actor has developed custom malware designed to maintain persistent access on targeted networks and evade detection.

By David Jones • Jan. 12, 2024

Ivanti Connect Secure devices face active exploitation, patch schedule staggered

Unauthenticated attackers can take control of systems by exploiting the zero days, which a suspected state-linked threat actor is chaining together. 

By David Jones • Jan. 11, 2024

Apache OFBiz critical CVE leads to surge in exploitation attempts

A patch for a prior vulnerability failed to resolve the root cause of an issue, leading to additional threat activity.

By David Jones • Jan. 5, 2024

CISA seeks comment on secure by design principles to boost global software security

The agency issued an RFI seeking industry input on costs, how to incorporate security into higher education and how to reduce recurring security vulnerabilities.

By David Jones • Dec. 21, 2023

Comcast’s Xfinity discloses massive data breach linked to CitrixBleed vulnerability

The breach, involving 35.9 million customers, took place just a week after Citrix released a patch for a critical flaw.

By David Jones • Dec. 19, 2023

State-linked cyber actors behind SolarWinds plant seeds for new malicious campaign

U.S. authorities are raising alarms that the 2020 Sunburst attack threat actors are exploiting a CVE in JetBrains TeamCity in preparation for future supply chain compromises.

By David Jones • Dec. 15, 2023

CitrixBleed isn’t going away: Security experts struggle to control critical vulnerability

While officials echo urgent mitigation steps to contain the zero-day vulnerability, high-profile organizations continue to bear the impact.

By David Jones • Dec. 14, 2023

2 years on, Log4j still haunts the security community

Research from Veracode shows nearly 2 in 5 applications are still running vulnerable versions. 

By David Jones • Dec. 8, 2023

Progress Software discloses 2 new CVEs in MOVEit

The latest set of vulnerabilities in the file-transfer service brings the total number of disclosed CVEs to eight since a zero-day was widely exploited in late May.

By Matt Kapko • Dec. 7, 2023

CISA performance goals program trims exploited CVEs

Organizations enrolled in the agency’s vulnerability scanning program are showing improved security, but the reduction in exploitable internet-facing services is incremental.

By David Jones • Dec. 6, 2023

Dozens of credit unions confront outages linked to third-party ransomware attack

CitrixBleed ensnared another industry, leading to a network incident at Ongoing Operations, which provides business continuity services.

By Matt Kapko • Dec. 4, 2023

Yet again, threat actors exploit a critical file-transfer service CVE

File-transfer services are prime targets and vulnerabilities in the open source ownCloud mark the latest in a series of critical services under attack.

By Matt Kapko • Updated Dec. 1, 2023

CitrixBleed worries mount as nation state, criminal groups launch exploits

LockBit 3.0 affiliates targeted a unit of Boeing and federal authorities have alerted almost 300 organizations they are vulnerable to attack.

By David Jones • Nov. 22, 2023

5 Juniper CVEs actively exploited in the wild

The vendor warned the Junos OS vulnerabilities can be chained to remotely execute code.

By Matt Kapko • Nov. 15, 2023

File-transfer services, rich with sensitive data, are under attack

A trio of supply-chain attacks in 2023 created turmoil for thousands of corporate victims and their customers.

By Matt Kapko • Nov. 14, 2023

CitrixBleed sparks race to patch, hunt for malicious activity

CISA urged organizations to patch, mitigate and report any positive findings as Citrix NetScaler ADC and NetScaler Gateway users remain exposed to session hijack.

By David Jones • Nov. 8, 2023

Atlassian Confluence customers confront pair of critical vulnerabilities

Back-to-back vulnerabilities in the enterprise content collaboration and management workspace remain under active attack by threat actors.

By Matt Kapko • Nov. 7, 2023

CISA targets software identification in push to boost supply chain security

The plan is part of a wider effort to boost software security using vulnerability management and SBOMs.

By David Jones • Oct. 27, 2023

Citrix urges NetScaler ADC, Gateway customers to patch

The company warned of session hijacking and targeted attacks against a critical vulnerability.

By David Jones • Oct. 24, 2023

Cisco urges IOS XE customers to patch as thousands of devices remain infected

The company released enhanced guidance after security researchers were temporarily unable to detect exploited devices.

By David Jones • Oct. 24, 2023

Microsoft extends security log retention following State Department hacks

Government and private sector customers will be able to search cloud data records for malicious threat activity by default.

By David Jones • Oct. 23, 2023

Cisco releases security fix for widely-exploited IOS XE software vulnerability

An unidentified threat actor is linked to attacks dating back to mid-September, resulting in about 42,000 exploited devices.

By David Jones • Updated Oct. 23, 2023

Critical flaw in JetBrains TeamCity exploited weeks after patch issued

State-linked actors are targeting the CI/CD platform, and the vendor warns backdoors are lingering undetected.

By David Jones • Oct. 20, 2023

Almost 42K Cisco IOS XE devices exploited, no patch available

Security researchers warn the number of infected hosts grew after a critical zero-day vulnerability was found.

By David Jones • Oct. 19, 2023

Citrix Netscaler patch for critical CVE bypassed by malicious hackers

Citrix issued the patch on Oct. 10 for critical vulnerabilities in Netscaler ADC and Netscaler Gateway, but Mandiant is urging users to terminate all sessions.

By David Jones • Updated Oct. 19, 2023