The vulnerability tracked as CVE-2021-41773 is a path traversal and file disclosure vulnerability in Apache HTTP Server. The vulnerability has been exploited in the wild as a zero-day.

Jira released an advisory about the newly identified path traversal and read file vulnerability, CVE-2021-26086, in the Jira Software Server. Threat actors could exploit this vulnerability to poison the server logs, thereby causing remote code execution and/ or exfiltration of sensitive files and information.

A security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook instance, referred to as ChaosDB, that allows a user to gain access to another user’s data.

CloudSEK’s Threat Intelligence team discovered a post, on a cybercrime forum, advertising a scanning tool for the path traversal and file disclosure vulnerability, CVE-2021-41773, in Apache HTTP Server.

On 22 October, attackers hijacked the NPM account of the developer of UAParser.js, a library used to detect users’ browser types and operating systems

A post on a cybercrime forum is advertising ready-made phishing projects targeting LastPass and Evernote users for USD 2,500 on monthly rental subscription

CloudSEK Threat Intelligence Research team's analysis of the ransomware group dubbed Arvin Club

RCE vulnerability targeting MS Exchange servers that enable attackers to compromise Internet-facing instances. The zero-day vulnerability is being actively exploited by threat actors to target Windows users.