Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks
Tens of thousands of Microsoft Exchange email servers in Europe, the U.S., and Asia exposed on the public internet are vulnerable to remote code execution flaws. [...]
Stay updated on the latest in information security flaws. Explore news, insights, and analysis on vulnerabilities affecting digital safety.
Search across headline titles and summaries.
Background for this topic.
A flaw is a defect in software, hardware, system design, or configuration that causes unintended behavior. In security reporting, the term usually means a weakness that could violate confidentiality, integrity, or availability when reached through a particular interface, input, privilege, or operating condition. Not every flaw is exploitable, and exploitability depends on factors such as exposure, authentication requirements, affected versions, and available mitigations.
Flaws matter because they can create attack paths in applications, operating systems, devices, APIs, or administrative settings. Security teams assess their severity and exposure, prioritize remediation, apply patches or configuration changes, and use isolation or access controls when immediate fixes are unavailable. Code review, testing, vulnerability scanning, and monitoring can reveal flaws across the development and operational lifecycle. Reports should distinguish a confirmed vulnerability from a theoretical defect and provide enough technical detail to support validation without unnecessarily enabling exploitation.
Tens of thousands of Microsoft Exchange email servers in Europe, the U.S., and Asia exposed on the public internet are vulnerable to remote code execution flaws. [...]
Operators Exploit Flaws in Data Analytics Platform to Access Corporate NetworksOperators of a new ransomware strain dubbed Cactus are using critical vulnerabilities in a data analytics platform to gain access to corporate networks. Cactus ransomware operators are also getting an assist from deploying Danabot malware that is distributed through malvertising.
Two CVEs can be abused to steal sensitive info or execute code Apple has issued emergency fixes to plug security flaws in iPhones, iPads, and Macs that may already be under attack.…
Exploits bypass most secure boot solutions from the biggest chip vendors Hundreds of consumer and enterprise devices are potentially vulnerable to bootkit exploits through unsecured BIOS image parsers.…
Zyxel has released patches to address 15 security issues impacting network-attached storage (NAS), firewall, and access point (AP) devices, including three critical flaws that could lead to authentication bypass and command injection
Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software
Cactus ransomware has been exploiting critical vulnerabilities in the Qlik Sense data analytics solution to get initial access on corporate networks. [...]
A CACTUS ransomware campaign has been observed exploiting recently disclosed security flaws in a cloud analytics and business intelligence platform called Qlik Sense to obtain a foothold into targeted environments
BLUFFS spying flaw present in iPhones, ThinkPad, plenty of chipsets Multiple Bluetooth chips from major vendors such as Qualcomm, Broadcom, Intel, and Apple are vulnerable to a pair of security flaws that allow a nearby miscreant to impersonate other devices and intercept data.…
A vulnerability in the file server and collaboration platform earned a 10 in severity on the CVSS, allowing access to admin passwords, mail server credentials, and license keys.
Hunters’ Team Axon said the flaw could lead to the unauthorized access of emails in Gmail and more
The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called GoTitan as well as a .NET program known as PrCtrl Rat that's capable of remotely commandeering the infected hosts
Hackers are exploiting a critical ownCloud vulnerability tracked as CVE-2023-49103 that exposes admin passwords, mail server credentials, and license keys in containerized deployments. [...]
Google says the issue has to do with organizations ensuring they implement least-privilege principles.
Cybersecurity researchers have detailed a "severe design flaw" in Google Workspace's domain-wide delegation (DWD) feature that could be exploited by threat actors to facilitate privilege escalation and obtain unauthorized access to Workspace APIs without super admin privileges
IoT Hackers Could Inject Data to Fool 'Smart' Farmers and Vets About Animal WelfareNot even dairy cows appear to be safe from internet of things flaws, researchers report after reverse-engineering health-monitoring collars for cows and finding they could eavesdrop on and alter data. Once addressed by the manufacturer, they said the non-updateable collars would have to be replaced.