Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited

Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said. Successful exploitation of these vulnerabilities could allow an authenticated

Posted from: Click here for the full article.

留言

發佈留言

此網誌的熱門文章

GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions

A new malicious campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers. "The malicious code exfiltrates the GitHub project's defined secrets to a malicious C2 server and modify any existing javascript files in the attacked project with a web-form password-stealer malware code Posted from: Click here for the full article .
閱讀更多

Microsoft Expands Free Logging Capabilities for all U.S. Federal Agencies

Microsoft has expanded free logging capabilities to all U.S. federal agencies using Microsoft Purview Audit irrespective of the license tier, more than six months after a China-linked cyber espionage campaign targeting two dozen organizations came to light. "Microsoft will automatically enable the logs in customer accounts and increase the default log retention period from 90 days to 180 days," Posted from: Click here for the full article .
閱讀更多

Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware

The threat actor known as EncryptHub is continuing to exploit a now-patched security flaw impacting Microsoft Windows to deliver malicious payloads. Trustwave SpiderLabs said it recently observed an EncryptHub campaign that brings together social engineering and the exploitation of a vulnerability in the Microsoft Management Console (MMC) framework (CVE-2025-26633, aka MSC EvilTwin) to trigger Posted from: Click here for the full article .
閱讀更多