USN-6618-1: Pillow vulnerabilities
It was discovered that Pillow incorrectly handled certain long text arguments. An attacker could possibly use this issue to cause Pillow to consume resources, leading...
Rust Payloads Exploiting Ivanti Zero-Days Linked to Sophisticated Sliver Toolkit
After analyzing the 12 Rust payloads exploiting Ivanti ConnectSecure vulnerabilities, Synacktiv found they all enabled a sophisticated post-exploitation toolkit Read More
USN-6617-1: libde265 vulnerabilities
It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially...
Ransomware Incidents Hit Record High, But Law Enforcement Takedowns Slow Growth
New data from Corvus found that ransomware incidents rose by 68% in 2023 compared to 2022, but law enforcement takedowns led to a fall in...
USN-6587-3: X.Org X Server regression
USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete resulting in a possible regression. This update fixes the problem. We apologize for the...
USN-6616-1: OpenLDAP vulnerability
It was discovered that OpenLDAP was not properly performing bounds checks when executing functions related to LDAP URLs. An attacker could possibly use this issue...
USN-6615-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.36...
NSA Buying Bulk Surveillance Data on Americans without a Warrant
It finally admitted to buying bulk data on Americans from data brokers, in response to a query by Senator Weyden. This is almost certainly illegal,...
DarkGate malware delivered via Microsoft Teams – detection and response
Executive summary While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a...
USN-6614-1: amanda vulnerability
It was discovered that amanda did not properly check certain arguments. A local unprivileged attacker could possibly use this issue to perform a privilege escalation...