CISA confirms active exploitation of four enterprise software bugs

The Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. warned of active exploitation of four vulnerabilities ...
SecurityWeek

Organizations Warned of Exploited Zimbra Collaboration Vulnerability

CISA has expanded the KEV list with exploited vulnerabilities in Zimbra, eslint-config-prettier, Versa Concerto, and Vite ...
Hosted on MSN

Zero-day in file-sharing software leads to RCE, and attacks are ongoing

Security research firm Huntress is warning all users of Gladinet's CentreStack and Triofox file-sharing tools to urgently apply an available mitigation, as a zero-day is being actively exploited and ...
CSO Online

Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not properly validated.
Dark Reading

Hackers 'Timthumb' Their Noses At Vulnerability To Compromise 1.2 Million Sites

A vulnerability in an obscure WordPress add-on script that was discovered in August is currently being used to compromise more than 1.2 million websites -- and could be easily used to siphon data out ...
Infosecurity-magazine.com

High-Severity Vulnerability Discovered in Popular CMS

A high-severity vulnerability has been discovered in PHPFusion, an open-source content management system (CMS) used by over 15 million websites worldwide to manage and customize their content and ...
Bleeping Computer

600K WordPress sites impacted by critical plugin RCE vulnerability

Essential Addons for Elementor, a popular WordPress plugin used in over a million sites, has been found to have a critical remote code execution (RCE) vulnerability in version 5.0.4 and older. The ...