An exploitation of a zero day vulnerability in the FatPipe MPVPN devices software dates back to at least May 2021 and can allow APT actors to gain access to an unrestricted file upload function to drop a web shell for exploitation activity with root access, leading to elevated privileges.
Google has pushed an urgent security update to address multiple vulnerabilities in Chrome. A remote attacker could entice a user to open a web page with specially crafted content on a vulnerable browser to launch a remote code execution or security restriction bypass.
In a recent security bulletin, Zoom, the video messaging technology leader, released patches for high severity flaws that expose enterprise users to remote code execution and command injection attacks.
Microsoft’s November 2021 Patch Tuesday release addresses 55 vulnerabilities across Windows, Azure, Visual Studio, Windows Hyper-V, and Office, including resolutions for two actively exploited zero days in Excel and Exchange Server.
Researchers have released a working exploit (CVSS rating 9.8/10) which allows unauthenticated remote code execution vulnerability (RCE-2021-3064) for a Palo Alto Network security appliance, leaving an estimated 10,000 susceptible targets.