CSOonline

Azure API Management flaws highlight server-side request forgery risks in API development

Microsoft recently patched three vulnerabilities in its Azure API Management service, two of which enabled server-side request forgery (SSRF) attacks that could have allowed hackers to access internal ...
Bleeping Computer

Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor

Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices. The ...
ZDNet

New Exchange Server zero-day vulnerabilities are being used in cyberattacks: Protect your ...

One (CVE-2022-41040) is a is a Server-Side Request Forgery (SSRF) vulnerability, an exploit that allows attackers to make server-side application requests from an unintended location – for example, ...
Hackaday

This Week In Security: PostHog, Project Zero Refresh, And Thanks For All The Fish

There’s something immensely satisfying about taking a series of low impact CVEs, and stringing them together into a full exploit. That’s the story we have from [Mehmet Ince] of ...
Dark Reading

Critical RCE Lexmark Printer Bug Has Public Exploit

A critical security vulnerability allowing remote code execution (RCE) affects more than 120 different Lexmark printer models, the manufacturer warned this week. And, there's proof of concept (PoC) ...
Redmond Magazine

Microsoft Confirms Two Zero Day Exploits of Exchange Server

Exchange Server products are potential subject two newly disclosed "zero-day" vulnerabilities that are under exploit, Microsoft acknowledged, in a Thursday announcement. The two vulnerabilities are ...