Enterprise document management system (DMS) vendors, ONLYOFFICE, OpenKM, LogicalDOC, and Mayan, are yet to resolve several severe DMS vulnerabilities, according to cybersecurity firm Rapid7. It warned that stored cross-site scripting (XSS) flaws in the systems pose high risks. No patches or updates have been released, and vendors have not responded to Rapid7’s disclosures.
North Korean hackers step up phishing attacks on Ukraine government
North Korean state-sponsored cyber actor, TA406, is carrying out phishing attacks and credential-stealing operations against Ukrainian government entities to gather intelligence on the Russian invasion,
