Vulnerability Risk Service

A critical zero-day security vulnerability in Pulse Secure VPN devices has been exploited by nation-state actors to launch cyberattacks against U.S. defense, finance and government targets, as well as victims in Europe, researchers said.

https://t.co/EEGhMBQqSQ

Microsoft fixes 110 vulnerabilities, with 19 classified as critical and another flaw under active attack.

https://t.co/5RtiyePHYe

Adobe has released security patches tackling four critical vulnerabilities in Adobe Bridge, along with other critical and important-rated updates for bugs in Adobe Digital Editions, Adobe Photoshop and RoboHelp.

https://t.co/It71c94CF3

A researcher has dropped working exploit code for a zero-day remote code execution (RCE) vulnerability on Twitter, which affects the current versions of Google Chrome and potentially other browsers, like Microsoft Edge, that use the Chromium framework.

https://t.co/4Eq62RYbfw

Cisco Systems said it will not fix a critical vulnerability found in three of its SOHO router models. The bug, rated severity 9.8/10, could allow unauthenticated remote users to hijack targeted equipment & gain elevated privileges within effected systems.

https://t.co/gV1wypxVD6

A privilege-escalation vulnerability Microsoft’s Azure Functions cloud container feature could allow a user to escape the container, according to researchers.

https://t.co/qcIWSO8LIt

A critical security vulnerability in the VMware Carbon Black Cloud Workload appliance would allow privilege escalation and the ability to take over the administrative rights for the solution.

https://t.co/s7yT0SlWpy

Google has released proof-of-concept (PoC) exploit code, which leverages the Spectre attack against the Chrome browser to leak data from websites.

https://t.co/Bal8CDda6Z

Public proof-of-concept (PoC) exploits for ProxyLogon could be fanning a feeding frenzy of attacks even as patching makes progress.

https://t.co/bH2M0lhElg