Oracle October 2023 Critical Patch Update Addresses 176 CVEs
October 18, 2023Oracle addresses 176 CVEs in its fourth quarterly update of 2023 with 387 patches, including 46 critical updates.
CVE-2023-4966: Citrix NetScaler ADC and NetScaler Gateway Information Disclosure Exploited in the Wild
October 18, 2023A critical information disclosure vulnerability in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway has been exploited in the wild as a zero-day vulnerability. Organizations are urged to patch immediately.
CVE-2023-20198: Zero-Day Vulnerability in Cisco IOS XE Exploited in the Wild
October 16, 2023A maximum severity CVSS 10 zero-day vulnerability in Cisco IOS XE has been exploited in the wild. Organizations should apply the mitigation steps from Cisco as soon as possible until patches are released.
Microsoft’s October 2023 Patch Tuesday Addresses 103 CVEs (CVE-2023-36563, CVE-2023-41763)
October 10, 2023Microsoft addresses 103 CVEs including two vulnerabilities that were exploited in the wild.
CVE-2023-38545, CVE-2023-38546: Frequently Asked Questions for New Vulnerabilities in curl
October 4, 2023Frequently asked questions relating to two vulnerabilities patched in curl version 8.4.0
MrBeast Scams: Verified Accounts, DeepFakes Used in Impersonations to Promote Fake Giveaways on YouTube and TikTok
October 4, 2023MrBeast, the most popular YouTube creator as of October 2023, has been impersonated in a variety of scams on YouTube and TikTok, including a recent deepfake promoting a free iPhone giveaway
CVE-2023-22515: Zero-Day Vulnerability in Atlassian Confluence Data Center and Server Exploited in the Wild
October 4, 2023A critical zero-day vulnerability in Atlassian Confluence Data Center and Server has been exploited in the wild in a limited number of cases. Organizations should patch or apply the mitigation steps as soon as possible.
CVE-2023-40044, CVE-2023-42657: Progress Software Patches Multiple Vulnerabilities in WS_FTP Server
October 2, 2023Progress Software patches multiple flaws in its WS_FTP Server product, including a pair of critical flaws, one with a maximum CVSS rating of 10
CVE-2023-41064, CVE-2023-4863, CVE-2023-5129: Frequently Asked Questions for ImageIO and WebP/libwebp Zero-Day Vulnerabilities
September 27, 2023Frequently asked questions relating to vulnerabilities in Apple, Google and the open source libwebp library.
CVE-2023-29357, CVE-2023-24955: Exploit Chain Released for Microsoft SharePoint Server Vulnerabilities
September 27, 2023A proof-of-concept exploit chain has been released for two vulnerabilities in Microsoft SharePoint Server that can be exploited to achieve unauthenticated remote code execution.
Microsoft’s September 2023 Patch Tuesday Addresses 61 CVEs (CVE-2023-36761)
September 12, 2023Microsoft addresses 61 CVEs including two vulnerabilities that were exploited in the wild
CVE-2023-20269: Zero-Day Vulnerability in Cisco Adaptive Security Appliance and Firepower Threat Defense Reportedly Exploited by Ransomware Groups
September 11, 2023Ransomware groups including LockBit and Akira are reportedly exploiting a zero-day vulnerability in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) appliances with VPN functionality enabled.