THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. After almost 10 days of releasing an advisory by the Hive Pro Threat Research team, a new vulnerability has been found in Windows Print Spooler. This is a privilege escalation flaw that allows attackers …

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A zero-day vulnerability (CVE-2021-35211) that impacts the Serv-U Managed File Transfer and Serv-U Secure FTP, is been exploited by multiple threat actors. The PoC of this exploited vulnerability was given to SolarWinds by Microsoft. …

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Around 400,000 sites were affected by several critical vulnerabilities(CVE-2021-34621, CVE-2021-34622, CVE-2021-34623, CVE-2021-34624) discovered in ProfilePress, a WordPress plugin. The vulnerabilities are easily exploitable which makes it possible for an adversary to gain admin access …

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Attackers have been targeting Windows Print Spooler services for almost 2 months now. It started with the vulnerability(CVE-2021-1675) being exploited in the wild. Soon a patch was released for the same. It was after …

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The REvil ransomware group was successful in carrying out a supply chain attack by exploiting the zero-day vulnerability (CVE-2021-30116) in the Kaseya VSA server and delivering a malicious script to all the computer devices …

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. VMware has patched an authentication bypass vulnerability(CVE-2021-21998) in the carbon black app control management server. Apart from this vulnerability VMware also patched a privilege escalation vulnerability(CVE-2021-21999) which was affected the  VMware Tools for Windows, VMware Remote …

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. A supply chain attack was carried out on the airline industry, which started with SITA being compromised, allegedly done by Chinese espionage group APT-41. SITA is responsible for providing  software solutions to 90% of …

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. A chain of zero-day vulnerabilities is being used by a new threat actor, PuzzleMaker. PuzzleMaker uses a chrome V8 type confusion vulnerability (CVE-2021-21224), which allows the attacker to execute an arbitrary code via a …

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Multiple easily exploitable vulnerabilities have been found in IBM jazz foundation and IBM engineering products. An official fix to all the vulnerabilities have been made available by IBM Vulnerability Details References https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-ibm-jazz-foundation-and-ibm-engineering-products-4/ …

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Hackers are actively exploiting a zero-day vulnerability on the famous Fancy Product Designer, a WordPress plugin, since May 16, 2021. This plugin has been installed on over 17,000 sites. Hive Pro Threat Research Team …