by In this week’s information security news, news of zero-day exploits targeting Microsoft Exchange servers and Zimbra were reported, highlighting that corporate email systems continue to be targeted by hacker groups. In addition, Fortinet’s CVE-2022-40684 vulnerability patch notice has also become the focus. The company only announced it on the official information security notice website three days apart, and explained that there have been related attacks. In terms of threat trends, a cracked version of the penetration testing tool Brute Ratel C4 appeared and spread in the cybercriminal circle, most notably, the C2 framework of the Simplified Chinese management interface Alchimist and the Insekt malware were revealed, as well as a phishing named Caffeine News of the rise of attack suite rental services (PhaaS).
