CISA has added a critical vulnerability, CVE-2024-11182, affecting MDaemon Email Server to its Known Exploited Vulnerabilities Catalog. This XSS flaw allows attackers to execute harmful JavaScript via infected HTML emails, risking user sessions. MDaemon has issued a patch for affected versions. Organizations must apply updates promptly or consider disabling the vulnerable service.
Hazy Hawk Exploits Organizations’ DNS Gaps to Abuse Cloud Resources & Deliver Malware
Security researchers have identified a threat actor called “Hazy Hawk” that is hijacking abandoned cloud resources from prominent organisations to distribute scams and malware. The
