While analyzing the CVE-2021-1732 exploit originally discovered by the DBAPPSecurity Threat Intelligence Center and used by the BITTER APT group, we discovered another zero-day exploit we believe is linked to the same actor. We...
All the exploits were propagated via watering hole attacks that redirected targets to an infrastructure that installed diverse malware depending on the browsers and devices. click here to read full Article Read More on...
What happened? On March 2, 2021 several companies released reports about in-the-wild exploitation of zero-day vulnerabilities inside Microsoft Exchange Server. The following vulnerabilities allow an attacker to compromise a vulnerable Microsoft Exchange Server. As...
In recent months, there has been a barrage of zero-working day vulnerabilities impacting popular computer software and gadgets, like a number of WordPress plugins, VMware solutions, Google Chrome, and some others. Graphic and Write-up...
In August 2020, we published a blog post about Operation PowerFall. This targeted attack consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer 11 and an elevation of privilege exploit...
