Security researchers are currently seeing CVE-2022-22718 being exploited in the wild. This CVE was patched by Microsoft as apart of Patch Tuesday updates on February 8, 2022. However, some organizations delay patches or do not keep up with patch management. CISA is warning organizations that attackers are abusing this vulnerability.
Link: https://thehackernews.com/2022/04/hackers-exploiting-recently-reported.html
Ivanti Warns of New EPMM Flaw Exploited in Zero-Day Attacks Article Link: https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-epmm-flaw-exploited-in-zero-day-attacks/ RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded Article
Fear Is the Dependency Killer. The “Mini Shai-Hulud” attack highlights how modern software supply chain threats are evolving beyond stolen developer credentials into direct compromise
