Spring Core on JDK9+ is vulnerable to remote code executio
Spring Core on JDK9+ is vulnerable to remote code execution due to a bypass for CVE-2010-1622. At the time of writing, this vulnerability is unpatched in Spring Framework and there is a public proof-of-concept available. As we have remediation advice for customers (see below), we have elected to share this information publicly.
Microsoft Exchange targeted for IcedID reply-chain hijacking attacks
The distribution of the IcedID malware has seen a spike recently due to a new campaign that hijacks existing email conversation threads and injects malicious payloads that are hard to spot.
Critical Sophos Security Bug Allows RCE on Firewalls
Cybersecurity stalwart Sophos has plugged a critical vulnerability in its firewall product, which could allow remote code-execution.
Other news worth mentioning:
Apple Issues Patches for 2 Actively Exploited Zero-Days in iPhone, iPad and Mac Devices
Critical hijacking bugs that took months to patch in Microsoft Azure Defender for IoT
Cybercriminals Fighting Over Cloud Workloads for Cryptomining
New Version of PCI DSS Designed to Tackle Emerging Payment Threats