Microsoft gives the ‘wormable’ flaw a security rating of 10 – the most severe warning possible.
An authentication-bypass vulnerability allows attackers to access network assets without credentials when SAML is enabled on certain firewalls and enterprise VPNs.
Critical vulnerabilities were patched in Adobe After Effects, Illustrator, Premiere Pro, Premiere Rush and Audition.
The June Patch Tuesday update included CVEs for 11 critical remote code-execution vulnerabilities and concerning SMB bugs.
The Russian spy group, a.k.a. BlackEnergy, is actively compromising Exim mail servers via a critical security vulnerability.
CVE-2020-10245, a heap-based buffer overflow that rates 10 out of 10 in severity, exists in the CODESYS web server and takes little skill to exploit.
The botnet exploits a vulnerability discovered last month that can allow threat actors to remotely compromise and control devices.
An out-of-band Adobe security update addressed critical flaws in Photoshop, Acrobat Reader and other products.
RCE and myriad other types of attacks could take aim at the 19 percent of vulnerable companies that haven’t yet patched CVE-2019-19781.
Are publicly-released PoC exploits good or bad? Why is the Joker malware giving Google a headache? The Threatpost team discusses all this and more in this week’s news wrap.