The critical CVE-2023-46604 flaw in Apache ActiveMQ allows remote code execution, exploited to deploy malware like the Kinsing crypto miner.
Two Ivanti VPN zero-days enable remote code execution; Volexity links the attacks to UTA0178 and urges urgent patching and forensic investigation.
Log4Shell (CVE-2021-44228) is a critical flaw in Log4j 2 allowing remote code execution, affecting millions of systems worldwide.
CVE-2023-22518 allows remote attackers to reset Confluence servers and deploy ransomware; patching and backups are critical for defense.
Zerologon (CVE-2020-1472) is a critical flaw allowing attackers to gain domain admin access via Netlogon by exploiting weak AES encryption.
