PT-2026-5123

Microsoft has issued an emergency patch for a zero-day vulnerability CVE-2021-21509 in Office, allowing attackers to bypass OLE mitigations and execute malware. CISA has included the flaw in their KEV catalog. Microsoft Office SecurityPatch ZeroDayVulnerability https://t.co/WMeToNOuIK...

Critical SharePoint Vulnerabilities Under Active Exploitation

Critical SharePoint Vulnerabilities Under Active Exploitation By Jeffrey Sman, Mo Cashman and Marc Bolz Robinson · July 23, 2025 On-premises Microsoft SharePoint servers are currently facing high-impact, ongoing threat activity due to a set of critical vulnerabilities, notably CVE-2025-49704,...

webkitgtk: type confusion may lead to arbitrary code execution

A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution due to a type confusion issue. This vulnerability is known to be actively exploited in the wild and was included in the CISA's KEV catalog...

About Cross Site Scripting – Zimbra Collaboration (CVE-2024-27443) vulnerability

About Cross Site Scripting - Zimbra Collaboration CVE-2024-27443 vulnerability. Zimbra Collaboration is a collaboration software suite that includes a mail server and a web client. An attacker can send an email containing a specially crafted calendar header with an embedded payload. If the user...

webkitgtk: type confusion may lead to arbitrary code execution

A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution due to a type confusion issue. This vulnerability is known to be actively exploited in the wild and was included in the CISA's KEV catalog...

webkitgtk: Arbitrary Remote Code Execution

A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA's KEV catalog...

Ubuntu: Security Advisory (USN-7067-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:3343-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-24816 GeoSolutionsGroup JAI-EXT Code Injection Vulnerability CVE-2022-2586 Linux Kernel Use-After-Free Vulnerability CVE-2020-13965 Roundcube Webmail...

CISA Adds One Known Exploited JetBrains Vulnerability, CVE-2024-27198, to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-27198 JetBrains TeamCity Authentication Bypass Vulnerability CISA urges organizations to review the following JetBrains blog post and apply the necessary updates...

Update now! Apple releases patch for zero-day vulnerability

Apple has released new security updates for several products, including a patch for a zero-day vulnerability that could impact iPhones, iPad, Macs, and Apple TVs. Apple says it’s aware of a report that the bug may have been exploited already. Further details about the nature of the vulnerability...

webkitgtk: Arbitrary Remote Code Execution

A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA's KEV catalog...

A week in security (October 9 - October 15)

Last week on Malwarebytes Labs: Explained: Quishing Update now! Atlassian Confluence vulnerability is being actively exploited Giant health insurer struck by ransomware didn't have antivirus protection Ransomware review: October 2023 Stalkerware activity drops as glaring spying problem is reveale...

Google Chrome Security Update (stable-channel-update-for-desktop_14-2023-04) - Windows

Google Chrome is prone to type confusion vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome";...

Apple Mac OS X Security Update (HT213670)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB5009557)

This host is missing a critical security update according to Microsoft KB5009557 SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2021-2311)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:1274-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:3244-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for freetype (EulerOS-SA-2020-2510)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...