Research Alerts
- CVE-2024-4040: Researchers say over 1,400 CrushFTP publicly accessible servers are vulnerable. Proof-of-concept is available. Update to a fixed version as soon as possible.
- CVE-2024-3400: Research shows over 22,500 Palo Alto GlobalProtect instances are possibly vulnerable to this flaw as a public proof-of-concept is available. Immediate patching is recommended.
- CVE-2024-20359: Two zero-days exploited in the wild in ArcaneDoor campaign to deploy backdoor malware. Monitoring for new developments including publication of PoCs.
- CVE-2024-20353: Two zero-days exploited in the wild in ArcaneDoor campaign to deploy backdoor malware. Monitoring for new developments including publication of PoCs.
- CVE-2024-31497: This critical vulnerability can be used to compromise a private key, although exploitation requires compromise of a server the key has been used to authenticate to.