Threat Post

Critical ManageEngine Desktop Server Bug Opens Orgs to Malware

Zoho’s comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution. A critical security vulnerability in the Zoho ...
Bleeping Computer

Critical ManageEngine RCE bug now exploited to open reverse shells

A critical remote code execution (RCE) vulnerability affecting multiple Zoho ManageEngine products is now being exploited in attacks. The first exploitation attempts were observed by cybersecurity ...
Computer Weekly

Researchers delve inside new SolarWinds RCE attack chain

Researchers at Huntress and Microsoft have shared findings from their analysis of a new SolarWinds Web Help Desk vulnerability.
Bleeping Computer

Researchers to release PoC exploit for critical ManageEngine RCE bug, patch now

Proof-of-concept exploit code will be released later this week for a critical vulnerability allowing remote code execution (RCE) without authentication in several Zoho ManageEngine products. Tracked ...
CSOonline

Critical flaw in ManageEngine Desktop Central MSP tool exploited in the wild

Each of two flaws allow attackers to bypass authentication, leaving customers of MSPs that use ManageEngine at risk. Patches are available. Hackers are exploiting a critical authentication bypass ...