Application Security API Flaw in QuickBlox Framework Exposed PII of Millions of Users QuickBlox SDK and API vulnerabilities impact chat and video applications used by industries including telemedicine, smart IoT, and finance. Kevin TownsendJuly 13, 2023
Application Security Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion Software maker calls special attention to CVE-2023-29300, a deserialization of untrusted data bug with a CVSS severity score of 9.8/10. Ryan NaraineJuly 11, 2023
Application Security Exploit Code Published for Remote Root Flaw in VMware Logging Software VMware confirmed that exploit code for CVE-2023-20864 has been published, underscoring the urgency for enterprise network admins to apply available patches. Ryan NaraineJuly 10, 2023
Application Security OWASP SwSec 5D Tool Provides SDLC Maturity Ratings, Aids Software Supply Chain SwSec 5D framework aims to provide a roadmap for secure software development, and its use would help improve security in the software supply chain. Kevin TownsendJuly 7, 2023
Application Security Truebot Hackers Exploiting Netwrix Auditor Flaw: CISA, FBI Alert Hackers linked to the Truebot malware are exploiting a year-old Netwrix Auditor flaw to break into organizations in the U.S. and Canada. Ryan NaraineJuly 6, 2023
Application Security MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses Use-after-free and OS command injection vulnerabilities reach the top five most dangerous software weaknesses in the 2023 CWE Top 25 list. Ionut ArghireJune 30, 2023
Application Security Nokod Snags $8M to Secure Low Code/No-Code Custom Apps Tel Aviv startup scores investment to build technology to secure in-house low-code/no-code custom applications. Ryan NaraineJune 29, 2023
Application Security CISA, NSA Share Guidance on Securing CI/CD Environments New guidance from CISA and the NSA provides recommendations on securing CI/CD pipelines against malicious attacks. Ionut ArghireJune 29, 2023
Application Security Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites Two critical-severity authentication bypass vulnerabilities in WordPress plugins with tens of thousands of installations. Ionut ArghireJune 21, 2023
Application Security Fake Security Researcher Accounts Pushing Malware Disguised as Zero-Day Exploits Fake security researcher accounts seen distributing malware disguised as Chrome, Signal, WhatsApp, Discord and Exchange zero-day exploits. Eduard KovacsJune 15, 2023
Application Security Patch Tuesday: Critical Flaws in Adobe Commerce Software Adobe ships urgent fixes for at least a dozen flaws that expose Adobe Commerce users to code execution attacks. Ryan NaraineJune 13, 2023
Application Security US Government Provides Guidance on Software Security Guarantee Requirements OMB has published new guidance on federal agencies obtaining security guarantees from software vendors. Ionut ArghireJune 12, 2023