The BlackLotus source code that was published on GitHub on Wednesday has been stripped of the ‘Baton Drop’ exploit targeting CVE-2022-21894, and uses the bootlicker UEFI firmware rootkit, but contains the rest of the original code.

The inclusion of the four vulnerabilities — CVE-2023-32046, CVE-2023-32049, CVE-2023-35311, and CVE-2023-36874 — into CISA’s catalog means the bugs are already being exploited by hackers.

The Cisco SD-WAN vManage management software is impacted by a flaw that allows an unauthenticated, remote attacker to gain read or limited write permissions to the configuration of the affected instance.

With a recent $50 million Series C funding round led by Paladin Capital Group, Secure Code Warrior plans to improve its platform and expand its workforce to meet the growing demand for cybersecurity skills training.

Multiple hardcoded credentials found on the Technicolor TG670 DSL gateway router allow attackers to completely take over devices, the CERT Coordination Center (CERT/CC) warns.

The NRC said it immediately suspended the database to protect the data and prevent further attacks. They also launched an external forensic investigation to determine the scope and impact of the cyberattack.

Comparitech analyzed 225 confirmed cyberattacks on the sector over the past five years and found that the average organization loses two weeks in downtime due to an incident.

A new version of the Common Vulnerability Scoring System (CVSS 4.0) has been unveiled publicly by the Forum of Incident Response and Security Teams (FIRST) on July 13, 2023.

The flaw is tracked as CVE-2023-36664, having a CVSS v3 rating of 9.8, and impacts all versions of Ghostscript before 10.01.2, which is the latest available version released three weeks ago.

The company published 17 advisories detailing roughly a dozen Junos OS-specific security defects, and nearly three times as many issues in third-party components used in its products.