It is being reported that Black Basta (aptly named) exploited a Microsoft zero-day prior to Microsoft’s release of a patch for the vulnerability back in March.

The vulnerability, CVE-2024-26169, was on Microsoft’s March update’s Patch Tuesday List. Unpatched, it allows the threat actor to escalate privileges. Symantec’s threat hunter team has discovered that Black Basta

The Cybersecurity and Infrastructure Security Agency (CISA) recently issued a Binding Operational Directive requiring all federal agencies to apply patches to new and old vulnerabilities that are being exploited in the wild.

The Directive, entitled Reducing the Significant Risk of Known Exploited Vulnerabilities, “establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant

The National Security Agency (NSA) issued a Cybersecurity Advisory on October 20, 2020, entitled “Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities,” alerting IT professionals to 25 vulnerabilities that Chinese state-sponsored hackers are using against U.S. businesses that “can be exploited to gain initial access to victim networks using products that are directly accessible from the