CVE-2024-21683 | CVSS: 9.8 (Critical) Atlassian released a patch for a Remote Code Execution (RCE) vulnerability in Confluence Data Center.
Date: June 12, 2024 Focus: Active Exploits, Zero-Day Vulnerabilities, and Critical Intelligence
As we pass the midpoint of June 2024, the cybersecurity landscape is witnessing a sharp uptick in activity. This week’s bulletin highlights critical zero-day vulnerabilities currently being exploited in the wild and updates the "Hitlist"—a roster of the most targeted vulnerabilities currently facing enterprise environments. 0-day and Hitlist Week -06-12-2024-
Security teams are advised to prioritize patching and mitigation for the following issues immediately.
Three notable 0-days have either been disclosed or are seeing limited exploitation: CVE-2024-21683 | CVSS: 9
Zyxel NAS326/VPN Series – Pre-auth Command Injection
Google Chrome (V8 Engine Type Confusion) Date: June 12, 2024 Focus: Active Exploits, Zero-Day
CVE: CVE-2024-21893 Status: Persistent Threat While patches were rolled out earlier this year, thousands of instances remain unpatched. Threat actors are utilizing "mass exploitation" scripts to compromise VPN gateways, often leading to persistent backdoors that survive factory resets.
