0-day And Hitlist Week -06-12-2024-

This week highlights a dangerous trend: Attackers are targeting the "connective tissue" of the enterprise.

The To-Do List:

Stay safe, stay patched.

Disclaimer: This post is for informational purposes only. Always verify patches in a test environment before deploying to production.

CVE: CVE-2023-22527 Status: Explosion in Activity Despite being disclosed in early 2024, scanning for this template injection vulnerability has spiked by 300% this week. Ransomware groups are specifically targeting unpatched Confluence instances to deploy encryptors. 0-day and Hitlist Week -06-12-2024-

A legacy 0-day re-emerged. Researchers published a bypass for a 2012 PHP vulnerability (CVE-2012-1823), now tracked as CVE-2024-4577.

Date: June 12, 2024 Focus: Active Exploits, Zero-Day Vulnerabilities, and Critical Intelligence This week highlights a dangerous trend: Attackers are

As we pass the midpoint of June 2024, the cybersecurity landscape is witnessing a sharp uptick in activity. This week’s bulletin highlights critical zero-day vulnerabilities currently being exploited in the wild and updates the "Hitlist"—a roster of the most targeted vulnerabilities currently facing enterprise environments.

Security teams are advised to prioritize patching and mitigation for the following issues immediately. The To-Do List:

CVE: CVE-2024-37079 Severity: Critical

VMware released urgent patches addressing a heap overflow vulnerability in the DCERPC protocol implementation.