Patch/Configuration Management, Vulnerability Management

New PDF exploit potential

March 6, 2009

As businesses await the Adobe Acrobat and Reader zero-day vulnerability patch (coming March 11), researcher Didier Stevens this week detailed a way to exploit the bug without users clicking on any malicious PDF document. Essentially, when a PDF is listed in Windows Explorer, a shell extension will read the document to provide more information, such as file size or type, thus executing code without any user interaction, Stevens said. — DK

Dan Kaplan

Vulnerability Management

Significant compromise possible with critical Versa Concerto flaws

SC StaffMay 23, 2025

Versa Networks' centralized management and orchestration platform Versa Concerto has been impacted by a trio of serious vulnerabilities, which could be leveraged for authentication evasion and arbitrary code execution, according to BleepingComputer.

Plain code with the word "cyberattack" in red.

Vulnerability Management

Ivanti EPMM flaws leveraged in global Chinese cyberespionage attacks

SC StaffMay 23, 2025

Chinese state-backed threat operation UNC5221 has launched attacks exploiting the recently addressed Ivanti Endpoint Manager Mobile flaws, tracked as CVE-2025-4427 and CVE-2025-4428, against telecommunications, healthcare, government, defense, finance, and aviation organizations in North America, Europe, and the Asia-Pacific since May 15, The Hacker News reports.

Critical Infrastructure Security

Trimble Cityworks zero-day attacks on US local governments detailed

Laura FrenchMay 22, 2025

Analysis revealed the deployment of various backdoors by suspected Chinese-speaking threat actors.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Related Terms

Bug Buffer Overflow Disassembly