Spring4Shell Vulnerability​

Executive Summary:​ ​A new zero-day vulnerability in the Spring Core Java framework dubbed ‘Spring4Shell’ has been publicly disclosed, allowing unauthenticated remote-code execution on applications.​ ​Spring by VMware is a very popular application framework that allows software developers to quickly and easily develop Java applications with enterprise-level features. These applications can then be deployed on servers, such as Apache Tomcat, as […]

FORCEDENTRY ZERO-DAY VULNERABILITY

Priority: Critical Executive Summary: Citizen Lab has discovered a zero-day zero click exploit against Apple’s iMessage. The exploit tracked as ForcedEntry, CVE-2021-30860 was identified by Citizen Lab and immediately reported to Apple who released a fix to patch all OS, iOS and watchOS devices. Citizen Lab claims that a Saudi activist was infected with the […]

MICROSOFT MSHTML ZERO-DAY VULNERABILITY

Priority: Critical Executive Summary: Microsoft has reported a zero-day vulnerability in MSHTML affecting Microsoft Windows, targeting users to download a malicious Microsoft Office document. A proof-of-concept has been released to the public with Microsoft advising administrators to enforce a workaround until an official Microsoft patch is released. This is being tracked as CVE-2021-40444. The vulnerability […]