Aggregator

Oligo Security has unveiled Runtime Exploit Blocking, a new capability that stops exploit attempts at the application layer in real time. By providing visibility into how applications execute and behave, Oligo identifies and blocks malicious activity at the point of execution, without killing containers or processes, or impacting the application. Attackers rely on repeatable exploit techniques to infiltrate organizations, with Mandiant reporting that exploitation has remained the leading initial access vector for six consecutive years. … More →

The post Oligo enables real-time exploit detection and blocking at application runtime appeared first on Help Net Security.

Organizations that run DavMail to bridge standard mail clients to Microsoft Exchange or Office 365 received an update this week. Version 6.6.0 addresses a code-scanning alert tied to a regex vulnerability, adjusts OAuth redirect handling to match a recent Microsoft change, and ships fixes across IMAP, SMTP, CalDAV, and CardDAV subsystems. A regex replacement closes a security alert The security change replaces a regular expression in the replaceIcal4Principal method with simple substring calls, resolving a … More →

The post DavMail 6.6.0 patches a regex flaw and advances its Microsoft Graph backend appeared first on Help Net Security.

Basic-Fit, a European gym chain, disclosed that hackers breached one of its internal systems, exposing members’ personal data in several countries. The company operates more than 2,150 clubs in 12 countries under two brands, with more than 5.8 million members. “The unauthorised access was detected by our system monitoring processes and was stopped within minutes of discovery. The members whose data is involved have been informed,” the company said in a statement. An investigation by … More →

The post Basic-Fit hack compromises data of up to 1 million members appeared first on Help Net Security.

You must login to view this content

You must login to view this content

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2009-0238 Microsoft Office Remote Code Execution Vulnerability
• CVE-2026-32201 Microsoft SharePoint Server Improper Input Validation Vulnerability 

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.