Hosted on MSN

Hackers exploit zero-day Common Log File System vulnerability to plant ransomware

Microsoft said it observed a threat actor known as Storm-2460 abuse a use after free flaw in Windows Common Log File System Driver The flaw is used to deploy PipeMagic, which is then used to deliver ...
CSOonline

SAP NetWeaver customers urged to deploy patch for critical zero-day vulnerability

The unrestricted file upload flaw is likely being exploited by an initial access broker to deploy JSP web shells that grant full access to servers and allow installing additional malware payloads.