Three more security flaws, including a Bitbucket Server RCE and two Microsoft Exchange zero-days, have been added to the list of vulnerabilities exploited in assaults by the Cybersecurity and Infrastructure Security Agency (CISA).
According to Microsoft, two Microsoft Exchange zero-days have been used in limited, targeted attacks and are now listed in CISA’s Known Exploited Vulnerabilities (KEV) library. Microsoft hasn’t yet made any security fixes available to address these two actively exploited flaws. Read More…