March 2024 was another eventful month for vulnerabilities and cybersecurity in general. It was the second consecutive month of lapsed Common Vulnerability Exposure (CVE) enrichment putting defenders in a precarious position with reduced risk visibility. The Linux kernel continued its elevated pace of vulnerability disclosures and was commissioned as a new CVE Numbering Authority (CNA). […]
In February 2024, Microsoft issued a security alert for a total of 73 security vulnerabilities. The batch included 6 critical severity vulnerabilities, 52 rated as high severity, and 15 as medium severity vulnerabilities. 30 of them are remote code execution vulnerabilities [T1210] and 16 are privilege escalation [TA0004] exploits. From that group, three stand out […]
Six high severity vulnerabilities in Atlassian Confluence have been disclosed over the past few months making it imperative for its users to upgrade with urgency. Of these, the most severe, CVE-2023-22527 has been added to CISA’s KEV (Known Exploited Vulnerabilities). Collectively, the recently disclosed vulnerabilities range in severity from CVSS 7.5 (High) to 10 (Critical). […]
