On May 9th 2023, Microsoft released their May Patch Tuesday and revealed 38 vulnerabilities fixes, 11 vulnerabilities fixes published on May 5th (9 of them are in the Microsoft Edge (Chromium-based, non-Microsoft CVEs) ) and 14 updates to old CVEs. The vulnerabilities affect popular platforms such as Microsoft Edge , ... Read More

On Apr 24, 2023 Naveen Sunkavally, Chief Architect at Horizon3.ai, announced the discovery of a new vulnerability, CVE-2023-27524, in Apache Superset and wrote comprehensively about the whole process. The vulnerability was caused by an insecure default configuration in the application. This is not the first time this type of vulnerability ... Read More

On April 11th, 2023, Microsoft released their April Patch Tuesday roundup, which includes 114 new vulnerability fixes and 4 updates for existing CVEs. Of these fixes, 17 were published on April 6th and 97 were published on April 11th. One of the vulnerabilities has already been exploited in the wild.  ... Read More

OpenAI’s ChatGPT was forced to halt service for a few hours earlier this week in order to fix an issue in an open-source library. The vulnerability may have exposed some users’ payment data. The company published a blog post on March 24, 2023, explaining what lead to the data breach ... Read More

Microsoft March “Patch Tuesday” Addresses 86 Security Vulnerabilities Including 2 Known Exploited Vulnerabilities. On March 14th, 2023, Microsoft released their March Patch Tuesday security update, and revealed 80 vulnerability fixes, including six updates to old CVEs and two Known Exploited Vulnerabilities (KVEs). The vulnerabilities affect popular platforms such as Azure, ... Read More

On February 14th 2023, Microsoft released their February Patch Tuesday and revealed 78 vulnerabilities fixes, including three known exploited vulnerabilities in the wild. The vulnerabilities affect popular platforms such as Visual Studio, 3D Builder, SQL Servers, .NET Framework, Microsoft SharePoint, Microsoft Office, Exchange servers, and more. According to NVD, 6 ... Read More

On January 10th, 2023 Microsoft released their January Patch Tuesday fixes and revealed 98 vulnerability fixes, including one Zero Day vulnerability known to be exploited in the wild.  The vulnerabilities affect popular platforms such as Visual Studio, Exchange Servers, SharePoint, Microsoft Office, SMB, Task Scheduler and more. According to NVD, ... Read More

On January 9, 2023, Palo Alto revealed that their researchers have discovered a vulnerability in the popular JsonWebToken open source project. Although the JsonWebToken vulnerability received a CVSS score of 9.8, upon closer examination it appears that the chances for the preconditions required to exploit the vulnerability in real world ... Read More

Rezilion’s research team offers a 2022 vulnerabilities recap and takes a look at the headline-making vulnerabilities discovered in the last year. Read the recap in this report and find out about the status of the following vulnerabilities, as well as the date on which each was published, exploitation details, as ... Read More

The CVE-2022-42889 that was dubbed as Text4Shell or ACT4Shell created a lot of noise on social media when it was published (on October 13th), mainly because of the comparison to Log4Shell. For those who are not familiar with Log4Shell and Spring4Shell you are welcome to visit our previous blog posts ... Read More