According to security researchers, hackers are mass-exploiting CitrixBleed, a critical-rated vulnerability in Citrix NetScaler systems, to launch cyberattacks against top organizations globally. These cyberattacks have targeted the aerospace giant Boeing, the world's largest bank ICBC, one of the world's largest port operators DP World, and the international law firm Allen & Overy. Thousands of other organizations are still unpatched against the vulnerability, tracked as CVE-2023-4966.

Quantum computers are expected to break RSA and ECC encryption within the next 7 to 10 years. RSA and ECC are public key encryption algorithms that serve as the foundation for nearly all cybersecurity systems, applications, and protocols. They secure credit card transactions, online banking, medical devices, connected cars, and other systems. Therefore, companies must prepare to ensure they are protected once an adequately advanced quantum computer has been developed.

VMware has disclosed an authentication bypass vulnerability in its Cloud Director Appliance, tracked as CVE-2023-34060 with a CVSS score of 9.8, that can be exploited by an attacker with network access to the appliance to bypass login restrictions when authenticating on port 22 (SSH) or port 5480 (Appliance Management Console). This bypass is not present on port 443 (VCD provider and tenant login). It is also not present on a new installation of Cloud Director Appliance 10.5.

Postmeds, a company doing business as Truepill, is sending data breach notifications, informing recipients that threat actors have compromised their sensitive personal information. Truepill is a Business-to-Business (B2B) pharmacy platform that uses Application Programming Interfaces (APIs) to fulfill orders and service delivery for Direct-to-Consumer (D2C) brands, digital health companies, and other healthcare organizations across the US.

It has recently been discovered that the WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site’s database.  WP Fastest Cache is a caching plugin used to speed up page loads, improve visitor experience, and boost the site’s ranking on Google search.  According to WordPress.org stats, it is used by more than a million sites.

Intel has addressed a high severity flaw called Reptar that affects its desktop, mobile, and server CPUs. The vulnerability, tracked as CVE-2023-23583 with a CVSS score of 8.8, can enable privilege escalation, information disclosure, and/or Denial-of-Service (DoS) via local access. According to Google Cloud, the successful exploitation of the vulnerability could also allow a bypass of the CPU's security boundaries. It is caused by how redundant prefixes are interpreted by the processor.

The US government recently announced the takedown of the IPStorm botnet and the guilty plea of a man who created and operated the cybercrime service.  According to the Department of Justice (DoJ), the FBI dismantled the infrastructure associated with the IPStorm malware and the proxy network powered by the IPStorm botnet.  The malware was delivered to thousands of Windows, Linux, Mac, and Android devices worldwide, enabling cybercriminals to use the compromised devices for a proxy service.