Categoria: exploited

45,000 Exposed Jenkins Instances Found Amid Reports of In-the-Wild Exploitation

Shadowserver Foundation has seen 45,000 Jenkins instances affected by CVE-2024-23897, which may already be exploited in attacks.

The post 45,000 Exposed Jenkins Instances Found Amid Reports of In-the-Wild Exploitation appeared first on SecurityWeek.

Hitron DVR Zero-Day Vulnerabilities Exploited by InfectedSlurs Botnet

Akamai flags six zero-day vulnerabilities in Hitron DVRs exploited to ensnare devices in the InfectedSlurs botnet.

The post Hitron DVR Zero-Day Vulnerabilities Exploited by InfectedSlurs Botnet appeared first on SecurityWeek.

Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure

The Atlassian Confluence vulnerability CVE-2023-22527 is being exploited in the wild just days after it was disclosed.

The post Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure appeared first on SecurityWeek.

Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021

CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, had been exploited as zero-day for a year and a half.

The post Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 appeared first on SecurityWeek.

Ivanti EPMM Vulnerability Targeted in Attacks as Exploitation of VPN Flaws Increases

The number of Ivanti VPN appliances compromised through exploitation of recent flaws increases and another vulnerability is added to exploited list.

The post Ivanti EPMM Vulnerability Targeted in Attacks as Exploitation of VPN Flaws Increases appeared first on SecurityWeek.

VMware vCenter Server Vulnerability Exploited in Wild

VMware warns customers that CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, is being exploited in the wild.

The post VMware vCenter Server Vulnerability Exploited in Wild appeared first on SecurityWeek.

Citrix Warns NetScaler ADC Customers of New Zero-Day Exploitation

Citrix is aware of attacks exploiting two new NetScaler ADC and Gateway zero-day vulnerabilities tracked as CVE-2023-6548 and CVE-2023-6549.

The post Citrix Warns NetScaler ADC Customers of New Zero-Day Exploitation appeared first on SecurityWeek.

Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins

The recently disclosed Ivanti VPN zero-days have been exploited to hack at least 1,700 devices, including government, telecoms, defense, and tech.

The post Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins appeared first on SecurityWeek.

CISA Urges Patching of Exploited SharePoint Server Vulnerability

CISA has added a critical Microsoft SharePoint Server flaw (CVE-2023-29357) to its Known Exploited Vulnerabilities catalog.

The post CISA Urges Patching of Exploited SharePoint Server Vulnerability appeared first on SecurityWeek.

CISA Warns of Apache Superset Vulnerability Exploitation

CISA has added a critical-severity Apache Superset flaw (CVE-2023-27524) to its Known Exploited Vulnerabilities catalog.

The post CISA Warns of Apache Superset Vulnerability Exploitation appeared first on SecurityWeek.