-
![]()
Millions of WordPress Sites at Risk from Active Exploitation of Elementor Pro Vulnerability
Cybercriminals are taking advantage of a critical vulnerability in the Elementor Pro plugin used with WordPress, granting them the ability to seize control of sites that utilize WooCommerce. The security flaw, identified by cybersecurity experts Jerome Bruandet from NinTechNet, permits assailants to run any code they choose on the affected system. According to Jerome’s blog,…
-
![]()
CISA Issues Urgent Warning on Critical Adobe ColdFusion Vulnerability Exploited in the Wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a critical security vulnerability affecting Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, indicating evidence of active exploitation. The vulnerability, identified as CVE-2023-26360 (CVSS score: 8.6), enables a threat actor to achieve arbitrary code execution due to an improper access control issue in…
-
![]()
Rubrik confirms attack exploiting GoAnywhere zero-day vulnerability
Rubrik, a cloud data management and security provider, has confirmed that it fell victim to an attack exploiting a GoAnywhere zero-day vulnerability. Rubrik was named on the leak website of the ransomware group Cl0p. In early February, Fortra, previously known as HelpSystems, had warned its GoAnywhere managed file transfer software users about a remote code…
-
![]()
Microsoft’s Patch Tuesday Addresses Zero-Day Vulnerabilities and Notable Flaws
Microsoft Addresses Zero-Day Vulnerabilities on March 2023 Patch Tuesday On this March 2023 Patch Tuesday, Microsoft has released fixes for 74 CVE-numbered vulnerabilities, including two zero-day flaws (CVE-2023-23397, CVE-2023-24880) that are actively exploited by different threat actors. CVE-2023-23397 Microsoft has identified CVE-2023-23397 as a critical elevation of privilege (EoP) vulnerability in Microsoft Outlook. This vulnerability…
