The Sophos flaw that the agency says has been exploited in attacks is CVE-2023-1671, a critical Sophos Web Appliance vulnerability that can be exploited by an unauthenticated attacker for arbitrary code execution.
There do not appear to be any public reports describing attacks exploiting CVE-2023-1671 and Sophos could not provide clarifications to SecurityWeek by the time this article was published.
CVE-2020-2551 was one of the four vulnerabilities targeted for initial compromise by a Chinese threat actor, according to a blog post published in early June by threat intelligence company EclecticIQ.
[
add
]
[
|
|
...
]