Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass

Over 10,000 Internet-exposed Fortinet firewalls are still vulnerable to attacks exploiting a five-year-old two-factor ...
ZDNet

Security warning: New zero-day in the Log4j Java library is already being exploited

A newly discovered zero-day vulnerability in the widely used Java logging library Apache Log4j is easy to exploit and enables attackers to gain full control of affected servers. Tracked as ...
Threat Post

Critical Cisco Bug in VPN Routers Allows Remote Takeover

Security researchers warned that at least 8,800 vulnerable systems are open to compromise. A critical security vulnerability in a subset of Cisco Systems’ small-business VPN routers could allow a ...
Bleeping Computer

Microsoft fixes Windows CVE-2021-40444 MSHTML zero-day bug

Microsoft today fixed a high severity zero-day vulnerability actively exploited in targeted attacks against Microsoft Office and Office 365 on Windows 10 computers. The remote code execution (RCE) ...
CSOonline

The Microsoft Exchange Server hack: A timeline

Research shows plenty of unpatched systems remain. Here's how the attacks unfolded, from discovery of vulnerabilities to today's battle to close the holes. On March 2, 2021 Microsoft detected multiple ...
ZDNet

FBI warning: Hackers are targeting this flaw in Zoho ManageEngine ServiceDesk Plus

The FBI and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) are warning about the 'active exploitation' of a bug in Zoho ManageEngine ServiceDesk Plus ...
Forbes

CVE Program Funding Reinstated—What It Means And What To Do Next

Forbes contributors publish independent expert analyses and insights. Kate O’Flaherty is a cybersecurity and privacy journalist. U.S. President Donald Trump has cut funding for the global database of ...