Featured Story
Bluetooth Critical Vulnerability Affects macOS, iOS, Android, and Linux
A critical Bluetooth vulnerability, CVE-2023-45866, affects major operating systems, including macOS, iOS, Android, and Linux. Attackers can perform keystroke injection and bypass authentication. On Apple systems, even Lockdown Mode does not prevent exploitation when using Magic Keyboards over Bluetooth. Android (versions 11–14) and Linux (BlueZ stack) are also vulnerable.
Android: Turn off Bluetooth when not in use until patches are available.
Linux: Ensure your Bluetooth stack isn’t discoverable/connectable unless necessary.
Apple: Update affected devices and avoid pairing Magic Keyboards over Bluetooth if unpatched.
Other Stories
Microsoft’s Final 2023 Patch Tuesday Fixes 33 Flaws, 4 Critical
Microsoft closed the year with a relatively light Patch Tuesday, fixing 33 vulnerabilities, including four critical ones. Several of these flaws are being actively exploited in the wild, emphasizing the need for immediate patching.
Critical vulnerabilities remain common across Windows endpoints. Ensure timely deployment of OS updates across all assets to avoid exposure.
Critical WordPress Plug-in RCE Bug Exposes Sites to Takeover
The Backup Migration WordPress plugin (CVE-2023-6553) has a critical RCE vulnerability affecting over 90,000 installations. Attackers can inject arbitrary PHP and fully compromise the site.
Regularly update plugins and themes to avoid website compromise. Attackers actively scan for outdated WordPress components.
APT29 Targets JetBrains TeamCity Servers in Ongoing Attacks
Russian state-backed APT29 (SVR) is actively exploiting CVE-2023-42793 to compromise TeamCity CI/CD environments. The vulnerability enables full RCE and puts code, secrets, and deployment systems at risk.
This 4-month-old vulnerability is now actively exploited by state-backed actors. If unpatched, prioritize immediate remediation and conduct a retrospective threat hunt.
