April 2024 has compounded another record breaking month for CVE disclosure on top of the last. In this month’s threat tracking report we will investigate several new actively exploited vulnerabilities and quickly review the cyber breach of US R&D giant MITRE. The report will also uncover how end-of-life (EOL) products can have a detrimental impact […]
March 2024 was another eventful month for vulnerabilities and cybersecurity in general. It was the second consecutive month of lapsed Common Vulnerability Exposure (CVE) enrichment putting defenders in a precarious position with reduced risk visibility. The Linux kernel continued its elevated pace of vulnerability disclosures and was commissioned as a new CVE Numbering Authority (CNA). […]
In February 2024, Microsoft issued a security alert for a total of 73 security vulnerabilities. The batch included 6 critical severity vulnerabilities, 52 rated as high severity, and 15 as medium severity vulnerabilities. 30 of them are remote code execution vulnerabilities [T1210] and 16 are privilege escalation [TA0004] exploits. From that group, three stand out […]
Six high severity vulnerabilities in Atlassian Confluence have been disclosed over the past few months making it imperative for its users to upgrade with urgency. Of these, the most severe, CVE-2023-22527 has been added to CISA’s KEV (Known Exploited Vulnerabilities). Collectively, the recently disclosed vulnerabilities range in severity from CVSS 7.5 (High) to 10 (Critical). […]
