Cisco Talos Blog

February 13, 2024 13:59

First Microsoft Patch Tuesday zero-day of 2024 disclosed as part of group of 75 vulnerabilities

Although considered of moderate risk, one of the vulnerabilities is being actively exploited in the wild — CVE-2024-21351, a security feature bypass vulnerability in Windows SmartScreen.

January 17, 2024 12:00

Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 2024

There are also multiple vulnerabilities in AVideo, an open-source video broadcasting suite, that could lead to arbitrary code execution.

December 12, 2023 14:45

Microsoft releases lightest Patch Tuesday in three years, no zero-days disclosed

The company’s regular set of advisories has included a vulnerability that’s been actively exploited in the wild in 10 months this year.

December 6, 2023 13:33

Remote code execution vulnerabilities found in Buildroot, Foxit PDF Reader

Cisco Talos has disclosed 10 vulnerabilities over the past two weeks, including nine that exist in a popular online PDF reader that offers a browser plugin.

November 22, 2023 12:00

Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution

Adobe recently patched two use-after-free vulnerabilities in its Acrobat PDF reader that Talos discovered, both of which could lead to arbitrary code execution.

October 25, 2023 12:00

9 vulnerabilities found in VPN software, including 1 critical issue that could lead to remote code execution

Attackers could exploit these vulnerabilities in the SoftEther VPN solution for individual and enterprise users to force users to drop their connections or execute arbitrary code on the targeted machine.

October 11, 2023 12:00

10 zero-day vulnerabilities in industrial cell router could lead to code execution, buffer overflows

Attackers could exploit these vulnerabilities in the Yifan YF325 to carry out a variety of attacks, in some cases gaining the ability to execute arbitrary shell commands on the targeted device.

September 27, 2023 12:00

10 new vulnerabilities disclosed by Talos, including use-after-free issue in Google Chrome

Talos disclosed 10 vulnerabilities over the past two weeks affecting a range of software, including the popular Google Chrome web browser.

September 6, 2023 12:46

Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication

OAS Platform allows various devices, including PLCs, servers, files, databases and internet-of-things platforms to communicate with one another and share data when they otherwise would be unable to because of their various protocols.