Network SecurityUpdate delays to NIST vulnerability database alarms researchersCrucial enrichment data is not being added to NVD entries as NIST works through a “transition” process.
Application securityAkamai offers POC and Open Policy Agent to block Kubernetes bugVulnerability allows remote code execution with System privileges on all Windows endpoints within a Kubernetes cluster.
Vulnerability ManagementFortra FileCatalyst RCE bug disclosed; full PoC exploit availableFirst patched in August, the critical vulnerability enables unauthenticated web shell deployment.
IdentityRedLine malware top credential stealer of last 6 monthsRedLine was used to steal over 170 million passwords in the last six months, or nearly half of all stolen passwords.
API securityMarch Patch Tuesday: Microsoft fixes two critical Hyper-V flawsThe software giant urged users to prioritize patching the RCE and DoS vulnerabilities but said neither had been actively exploited.
Application securityFake Google Docs on Google Sites launch AZORult infostealer campaignAzorult infostealer aims to steal user credentials and credit card information via HTML smuggling.
Network SecurityBianLian ransomware crew exploiting bugs in JetBrains’ TeamCity platformKnown for its adaptability, the threat group is once again taking advantage of recent vulnerabilities organizations may not have patched yet.
Network SecurityQNAP fixes three bugs on NAS devices, one critical authentication flawThe critical flaw is an authentication bug could let users compromise the security of the system.
Network SecurityJetBrains TeamCity critical flaw exploited; 1.4k servers compromisedAttackers are creating hundreds of admin accounts, with a high potential for supply chain attacks.