ConnectWise Fixes XSS Vulnerability that Could Lead to Remote Code Execution
Threat actors could exploit the flaw to take complete control of the ConnectWise platform
Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.
Search across headline titles and summaries.
Background for this topic.
A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.
Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.
Threat actors could exploit the flaw to take complete control of the ConnectWise platform
The high-severity vulnerability refers to a heap buffer overflow in the GPU component
The discovered vulnerabilities could have been exploited to target almost 1000 systems
Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser
Google has released an emergency security update for the desktop version of the Chrome web browser, addressing the eighth zero-day vulnerability exploited in attacks this year. [...]
Massive growth in cloud use has increased the enterprise attack surface. Addressing the risks with specialized point solutions is unwieldy, complex and can leave vulnerability gaps—driving many companies to seek a unified cyber security platform.
Months after a fix was issued by a vendor, downstream Android device manufacturers still haven't patched, highlighting a troubling trend.
Chinese threat actors have already used the vulnerable and pervasive Boa server to infiltrate the electrical grid in India, in spate of malicious incidents.
A set of five exploitable vulnerabilities in Arm's Mali GPU driver remain unfixed months after the chip maker patched them, leaving potentially millions of Android devices exposed to attacks. [...]
Microsoft on Tuesday disclosed the intrusion activity aimed at Indian power grid entities earlier this year likely involved the exploitation of security flaws in a now-discontinued web server called Boa
As the open source social media network blows up due to Twitter's troubles, researchers caution about vulnerabilities within the application.
Datadog security researchers found the flaw before miscreants did Amazon Web Services (AWS) fixed a cross-tenant flaw in AWS AppSync that could allow miscreants to abuse that cloud service to assume identity and access management roles in other AWS accounts, and then gain access to and control over those resources. …
Microsoft said today that security vulnerabilities found to impact a web server discontinued since 2005 have been used to target and compromise organizations in the energy sector. [...]
The best line of defense against holiday hacking schemes is a comprehensive incident response strategy that focuses on end-user vulnerabilities. The holiday season is upon us and with it a slew of cybersecurity scams preying on end-user vulnerabilities