Infosecurity-magazine.com

SAP Fixes Critical Vulnerability After Evidence of Exploitation

German software company SAP has finally disclosed and fixed a highly critical vulnerability in the NetWeaver Visual Composer development server after evidence of exploitation in the wild. NetWeaver ...
CSOonline

Attackers exploit zero-day RCE flaw in Cleo managed file transfer

The exploit takes advantage of a known file upload vulnerability that was not efficiently patched and can still be exploited in up-to-date versions of Cleo LexiCom, VLTrader and Harmony products.
Infosecurity-magazine.com

Vulnerability Exploitation on the Rise as Attackers Ditch Phishing

In a move away from traditional phishing scams, attackers are increasingly exploiting vulnerabilities in computer systems to gain initial network access, according to Mandiant’s M-Trends 2024 Report.
CSOonline

SAP NetWeaver customers urged to deploy patch for critical zero-day vulnerability

The unrestricted file upload flaw is likely being exploited by an initial access broker to deploy JSP web shells that grant full access to servers and allow installing additional malware payloads.
Threat Post

Recently-Patched Adobe ColdFusion Flaw Exploited By APT

The critical vulnerability, which was patched earlier in September, has put ColdFusion servers at risk. An Adobe ColdFusion vulnerability, patched two months ago, was being exploited in the wild by a ...
Threat Post

Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers

A stored XSS and arbitrary file-upload bug can be paired with an authorization bypass to wreak havoc. Vulnerabilities in the Brizy Page Builder plugin for WordPress sites could be chained together to ...