vulnerabilitiesCVE-2024-43451 and other reasons to update ASAP
Exploitation of vulnerability CVE-2024-43451 allows an attacker to steal an NTLMv2 hash with minimal interaction from the victim.
Editorial Team
Kaspersky Daily blog editorial team
26 articles
LinuxMalicious code discovered in Linux distributions
A backdoor implanted into XZ Utils has found its way into popular Linux distributions.
Glibc library vulnerability published
A vulnerability in the glibc library affects most major Linux distributions.
CVE-2017-11882: five years of exploitation
It means that some companies still have not installed MS Office patches that were published 5 years ago.
Band-aid on a… corpse: Microsoft patches IE — again
July Microsoft Patch Tuesday: a collection of exploited vulnerabilities.
gamersMinecraft players under attack
Minecraft mods downloaded from several popular gaming websites contain dangerous malware. What we know so far.
CVE-2023-28252 zero-day vulnerability in CLFS
Kaspersky experts discover a CLFS vulnerability being exploited by cybercriminals.
supply chainSupply-chain attack on 3CX clients
Cybercriminals are attacking 3CX VoIP telephony software users via trojanized applications.
Microsoft planning to block outdated Exchange servers
Microsoft plans to throttle and block email from vulnerable Exchange servers to Exchange Online.
Newly-discovered Signal vulnerabilities — how dangerous are they?
Researchers have found vulnerabilities in the desktop client of the Signal messenger. Let’s see how dangerous they really are.
Vulnerability in Zimbra exploiting ITW
Servers with the Zimbra Collaboration suit installed are being attacked via an archive unpacking tool.
Patches for 64 vulnerabilities in Microsoft products released
It’s time to update! Microsoft patches 64 vulnerabilities in a variety of products and components — from Windows and Office to Defender and Azure.
DogWalk and other vulnerabilities
Microsoft has released patches for more than 140 vulnerabilities, some of which need to be closed as soon as possible.
Follina: office documents as an entrance
New vulnerability CVE-2022-30190, aka Follina, allows exploitation of Windows Support Diagnostic Tool via MS Office files.
DHS recommends patching VMware, probably you should too
The Department of Homeland Security is urging US federal agencies to “patch or remove” a list of VMware products within five days. Probably you should do it too.
Actively exploited vulnerability in Windows
Time to update Windows! Microsoft has released patches for several dozen vulnerabilities, one of which cybercriminals are actively exploiting.
A bunch of vulnerabilities in Windows, one already exploited
Microsoft patches 128 vulnerabilities in a list of products, including Windows and its components.
Spring4Shell: critical vulnerability in Spring Java framework
Researchers found critical vulnerability in Spring, a popular Java framework. Here’s how it works, why it’s dangerous and how to protect from it.
10 high severity vulnerabilities in Google Chrome
The recent Google Chrome update patches 10 high severity vulnerabilities and a dozen of less critical bugs. Time to update your browser!
What are the possible consequences of Okta hack?
Hackers from Lapsus$ group claim they breached Okta, a major provider of access management systems.