Threat Alert Center
Be the first to know about the latest vulnerabilities, attack campaigns, and highly impactful threat actor activity. Our threat advisories and bulletins provide detailed and easy to understand security guidance about current security issues, vulnerabilities, and exploits.
Ivanti Connect Secure/Policy Secure CVE-2023-46805, CVE-2024-21887 Combine for Unauthenticated RCE, and following CVEs discovered over time
Written by the Kudelski Security Threat Detection & Research Team (updated on 2024.02.12 by ...
Read MoreCVE-2023-46604 Apache ActiveMQ RCE vulnerability
Written by Joshua Cartlidge of the Kudelski Security Threat Detection & Research Team Summar...
Read MoreF5 BIG-IP Unauthenticated RCE via HTTP Request Smuggling
Written by Scott Emerson of the Kudelski Security Threat Detection & Research Team Summary R...
Read MoreVMware vCenter Server Out-of-Bounds Write Vulnerability (CVE-2023-34048)
Written by Yann Lehmann with the support of Scott Emerson of the Kudelski Security Threat Detecti...
Read MoreImage I/O & WebP/libwebp Zero-Day Vulnerabilities
Google/Heap Buffer Overflow Vulnerability in WebP (CVE-2023-4863) Written by Michal Nowakowski of...
Read MoreCitrix ADC/Gateway Triple Threat
Written by Eric Dodge and Harish Segar of the Kudelski Security Threat Detection & Research ...
Read MoreCVE-2023-36884 – Office and Windows HTML Remote Code Execution Vulnerability
Written by Yann Lehmann and Harish Segar of the Kudelski Security Threat Detection & Researc...
Read MoreCVE-2023-33308 – Critical Remote Code Execution (RCE) on FortiOS/FortiProxy
Written by Eric Dodge and Harish Segar of the Kudelski Security Threat Detection & Research ...
Read MoreCVE-2023-27997 – Pre-Authentication RCE on FortiGate SSL-VPN
Written by Harish Segar and Scott Emerson of the Kudelski Security Threat Detection & Resear...
Read More3CX Supply Chain Attack ‘SmoothOperator’
Written by Anton Jörgensson, Eric Dodge & Yann Lehmann of the Kudelski Security Threat Detec...
Read MoreCVE-2023-23397 – Microsoft Outlook Privilege Elevation Critical Vulnerability
Written by Lina Jiménez Becerra, Anton Jörgensson and Mark Stueck of the Kudelski Security Threat...
Read MoreCVE-2023-27532 – Veeam Backup & Replication Vulnerability Exposes Stored Credentials, No Auth Necessary
Written by Mark Stueck and Scott Emerson of the Kudelski Security Threat Detection & Re...
Read MoreRansomware as a Service – Nevada Ransomware campaign targeting VMWare ESXi servers
Written by Michal Nowakowski of the Kudelski Security Threat Detection & Research Team UPDAT...
Read MoreLinux Kernel ksmbd Remote Code Execution Vulnerability
Note: This bulletin was written by Eric Dodge of the Kudelski Security Threat Detection & Re...
Read MoreActive exploitation of Citrix ADC and Gateway Critical Remote Code Execution Vulnerability by Suspected Chinese APT5 (CVE-2022-27518)
Written by Harish Segar of the Kudelski Security Threat Detection & Research Team Summary On...
Read More