CISA: Progress Software Releases Security Advisory for MOVEit Transfer
Progress Software Releases Security Advisory for MOVEit Transfer Progress Software has released a security advisory(link is external) for a SQL injection...
CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Adds Two Known Exploited Vulnerabilities to Catalog CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog,...
US-CERT Vulnerability Summary for the Week of May 22, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of...
DCVC2 – A Golang Discord C2 Unlike Any Other
This multi operating system compatible tool was created to leverage Discord's voice channels for command and control operations. This tool...
Dell Secure Connect Gateway information disclosure | CVE-2023-28043
NAME__________Dell Secure Connect Gateway information disclosurePlatforms Affected:Dell Secure Connect Gateway 5.14.00.16Risk Level:6.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Dell Secure Connect Gateway could allow a...
Kramer VIA GO² file upload | CVE-2023-33508
NAME__________Kramer VIA GO² file uploadPlatforms Affected:Kramer VIA GO² 3.8.0Risk Level:5.3Exploitability:UnprovenConsequences:File Manipulation DESCRIPTION__________Kramer VIA GO² could allow a remote attacker to...
Dell OS Recovery Tool privilege escalation | CVE-2023-28066
NAME__________Dell OS Recovery Tool privilege escalationPlatforms Affected:Dell OS Recovery Tool 2.2.4013 Dell OS Recovery Tool 2.3.7012.0Risk Level:7.3Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Dell OS...
Kramer VIA GO² SQL injection | CVE-2023-33509
NAME__________Kramer VIA GO² SQL injectionPlatforms Affected:Kramer VIA GO² 3.8.0Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Kramer VIA GO² is vulnerable to SQL injection. A...
Atlassian Inline Table Editing application for Confluence cross-site scripting | CVE-2023-33287
NAME__________Atlassian Inline Table Editing application for Confluence cross-site scriptingPlatforms Affected:Atlassian Inline Table Editing application for ConfluenceRisk Level:6.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Atlassian Inline...
Kramer VIA GO² file disclosure | CVE-2023-33507
NAME__________Kramer VIA GO² file disclosurePlatforms Affected:Kramer VIA GO² 3.8.0Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Kramer VIA GO² could allow a remote attacker to...
IBM Maximo Application Suite information disclosure | CVE-2023-27861
NAME__________IBM Maximo Application Suite information disclosurePlatforms Affected:IBM Maximo Application Suite 8.8.0 IBM Maximo Application Suite 8.9.0Risk Level:5.9Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________IBM Maximo...
Mitsubishi Electric MELSEC iQ-R default account | CVE-2023-2061
NAME__________Mitsubishi Electric MELSEC iQ-R default accountPlatforms Affected:Mitsubishi Electric MELSEC iQ-F iQ-R SeriesRisk Level:6.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Mitsubishi Electric MELSEC iQ-R contains default...
Mitsubishi Electric MELSEC iQ-R information disclosure | CVE-2023-2060
NAME__________Mitsubishi Electric MELSEC iQ-R information disclosurePlatforms Affected:Mitsubishi Electric MELSEC iQ-F iQ-R SeriesRisk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Mitsubishi Electric MELSEC iQ-R could allow...
IBM Maximo Asset Management information disclosure | CVE-2023-32334
NAME__________IBM Maximo Asset Management information disclosurePlatforms Affected:IBM Maximo Asset Management 7.6.1.2 IBM Maximo Asset Management 7.6.1.3 IBM Maximo Application Suite...
IBM Security Guardium session fixation | CVE-2023-0041
NAME__________IBM Security Guardium session fixationPlatforms Affected:IBM Security Guardium 11.5Risk Level:6.3Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________IBM Security Guardium 11.5 could allow a user to...
Advantech WebAccss/SCADA code execution | CVE-2023-32628
NAME__________Advantech WebAccss/SCADA code executionPlatforms Affected:Advantech WebAccess/SCADA 9.1.3Risk Level:7.2Exploitability:UnprovenConsequences:File Manipulation DESCRIPTION__________Advantech WebAccss/SCADA could allow a remote attacker to upload arbitrary files,...
Mitsubishi Electric MELSEC iQ-R file upload | CVE-2023-2063
NAME__________Mitsubishi Electric MELSEC iQ-R file uploadPlatforms Affected:Mitsubishi Electric MELSEC iQ-F iQ-R SeriesRisk Level:6.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Mitsubishi Electric MELSEC iQ-R could allow...
Advantech WebAccss/SCADA code execution | CVE-2023-22450
NAME__________Advantech WebAccss/SCADA code executionPlatforms Affected:Advantech WebAccess/SCADA 9.1.3Risk Level:7.2Exploitability:UnprovenConsequences:File Manipulation DESCRIPTION__________Advantech WebAccss/SCADA could allow a remote attacker to upload arbitrary files,...
IBM Aspera information disclosure | CVE-2023-22862
NAME__________IBM Aspera information disclosurePlatforms Affected:IBM Aspera Connect 4.2.5 IBM Aspera Cargo 4.2.5Risk Level:5.9Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________IBM Aspera Connect 4.2.5 and IBM...
Mitsubishi Electric MELSEC iQ-R information disclosure | CVE-2023-2062
NAME__________Mitsubishi Electric MELSEC iQ-R information disclosurePlatforms Affected:Mitsubishi Electric MELSEC iQ-F iQ-R SeriesRisk Level:6.2Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Mitsubishi Electric MELSEC iQ-R could allow...
Advantech WebAccss/SCADA code execution | CVE-2023-32540
NAME__________Advantech WebAccss/SCADA code executionPlatforms Affected:Advantech WebAccess/SCADA 9.1.3Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Advantech WebAccss/SCADA could allow a remote attacker to execute arbitrary code...
Brazilian Cybercriminals Using LOLBaS and CMD Scripts to Drain Bank Accounts
An unknown cybercrime threat actor has been observed targeting Spanish- and Portuguese-speaking victims to compromise online banking accounts in Mexico,...
Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors
A surge in TrueBot activity was observed in May 2023, cybersecurity researchers disclosed. "TrueBot is a downloader trojan botnet that...
Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack
Cybersecurity researchers have unearthed a new ongoing Magecart-style web skimmer campaign that's designed to steal personally identifiable information (PII) and...
