Vulnerability Research

The post Patch Tuesday Update - April 2024 appeared first on Digital Defense ...

The post Patch Tuesday Update - March 2024 appeared first on Digital Defense ...

Overview In this article we discuss a recent cross-site websocket hijacking (CSWSH) vulnerability that we identified in MeshCentral, a web-based remote monitoring and endpoint management solution. MITRE assigned the CVE identifier CVE-2024-26135 ...

The post Patch Tuesday Update - February 2024 appeared first on Digital Defense ...

Intro The Kubernetes documentation describes operators as “software extensions to Kubernetes that use custom resources to manage applications and their components.” These operators automate application resource deployment and management with custom controllers tied to ...

Overview In this article we discuss a recent deserialization vulnerability we found in Relution (CVE-2023-48178), a mobile device management product that is popular among multinational German corporations. CVE-2023-48178 can potentially lead to ...

The post Patch Tuesday Update - January 2024 appeared first on Digital Defense ...

Introduction Recently researcher Steven Seeley discovered a way to abuse the popular Apache Struts frameworks’ file upload functionality to achieve remote code execution. This bug, known as CVE-2023-50164, has been assigned a ...

The post Patch Tuesday Update - December 2023 appeared first on Digital Defense ...

Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations. Recently, we ...