Apache has released an advisory for a critical vulnerability discovered in Struts versions 2.0.0-2.3.37(EOL), 6.0.0-6.3.0.1 and 2.0.0-2.5.32. This vulnerability is being tracked as CVE-2023-50164 with a CVSS score of 9.8 (Critical) and is reportedly being actively exploited. Impacted versions are affected by a file upload and directory traversal vulnerability that can lead to remote code execution.

Kroll forensic examiners and threat intelligence analysts identified a new phishing tactic targeting individuals using QR codes. Victims receive phishing emails impersonating Microsoft, letting them know that additional security measures are required and asking victims to scan the QR code in the body of the email or the email attachment.