Oracle released a critical patch (cumulative) update that addresses multiple vulnerabilities. Malicious actors are actively exploiting these vulnerabilities.
The GitLab team released security updates that address a critical security vulnerability that could be exploited by a malicious actor to seize control of accounts.
Malicious actors are actively exploiting a critical vulnerability in Apache Log4j Version 2.15.0 . This exploit may lead to remote code execution on targeted servers running the vulnerable Log4j version.
VMware has released security updates to address multiple vulnerabilities in vCenter Server and Cloud Foundation. A remote attacker can exploit this vulnerability to obtain access to sensitive information.
The Uganda National CERT and Coordination Center (CERT.UG/CC) strongly advises all users to review the security advisory.
Cisco published an update that the public exploit code exists for CVE-2020-350 and further notes that the vulnerability is being actively exploited. This affects Cisco products running vulnerable releases of Cisco ASA Software or FTD Software with a vulnerable AnyConnect or WebVPN configuration.