UNC3886, a China-linked cyber espionage actor, has been identified exploiting zero-day vulnerabilities in Fortinet, Ivanti, and VMware devices to maintain access to compromised environments.
Neglecting proper GTM security practices can lead to major security breaches and data leaks, emphasizing the importance of regular audits, script updates, secure permissions, user training, and monitoring.
Recent study by Salt Security highlights significant security issues with production APIs, leading to breaches and a lack of advanced API security programs.
A threat actor is deploying various payloads, including Golang binaries and shell scripts, to exploit publicly exposed Docker API endpoints for remote access and cryptocurrency mining.
Threat actors are increasingly targeting edge devices such as load balancers, with NGINX and Citrix products showing high exploitation rates.
VMware and Broadcom have addressed critical security vulnerabilities in VMware products, including heap-overflow issues in the DCE/RPC protocol and a local privilege escalation bug, affecting vCenter Server and Cloud Foundation.
