Top 12 Most Routinely Exploited vulnerabilities in 2022
Cybersecurity security agencies from the United States, United Kingdom, Australia, Canada and New Zealand have published the top 12 routinely exploited vulnerabilities in 2022.
Apache
CISA Adds TP-Link, Apache Log4j2 and Oracle WebLogic Vulnerabilities To Known Exploited Vulnerabilities Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has added TP-Link, Apache Log4j2 and Oracle WebLogic vulnerabilities to its Known Exploited Vulnerabilities Catalog.
Top CVEs targeted by PRC state-sponsored cyber actors
The FBI, NSA and CISA coauthored a joint Cybersecurity Advisory detailing how People’s Republic of China (PRC) state-sponsored cyber actors continue to exploit common, publicly known vulnerabilities used since 2020 to “actively target U.S. and allied networks.”
Apache patches High risk Tomcat vulnerability (CVE-2022-25762)
The Apache Software Foundation has patched a High risk Apache Tomcat ‘Request Mix-up’ vulnerability CVE-2022-25762.
Millions of Java apps still vulnerable to Log4Shell
Researchers have found millions of Java applications still vulnerable in the wild to the infamous Log4Shell vulnerability CVE-2021-44228, more than four months after the severe flaw was discovered.
Apache patches Struts 2 RCE vulnerability (CVE-2021-31805)
The Apache Software Foundation has patched a Struts 2 vulnerability CVE-2021-31805 that may lead to remote code execution.
Threat hunters discover Aquatic Panda Log4Shell exploit attempts
Threat hunters from CrowdStrike have discovered Aquatic Panda cyber gang using Log4Shell exploit tools in recent intrusion attempts against a customer.
Apache releases security update for another Log4j RCE vulnerability (CVE-2021-44832)
The Apache Software Foundation has released a new security update to address another Log4j vulnerability (CVE-2021-44832) where Log4j2 is vulnerable to remote code execution (RCE) via JDBC Appender when an attacker controls a configuration file.
Apache patches 2 vulnerabilities in HTTP Server 2.4.51
The Apache HTTP Server Project has patched two vulnerabilities in Apache HTTP Server 2.4.51, one of those rated High severity.
Apache releases new Log4k security update to fix another RCE vulnerability (CVE-2021-45046)
As affected organizations and vendors continue to identify products affected by Log4Shell remote code execution (RCE) Log4j vulnerability, Apache has released additional Log4j security updates to fix another RCE vulnerability (CVE-2021-45046).