Vulnerabilities
SAP has released patches for 16 vulnerabilities, including a critical-severity SSRF bug in NetWeaver (Adobe Document Services).
Hi, what are you looking for?
SecurityWeek
Email Security
Akamai documents a privilege escalation flaw in Windows Server 2025 after Redmond declines to ship an immediate patch.
Network Security
Cisco published 10 security advisories detailing over a dozen vulnerabilities, including two high-severity flaws in its Identity Services Engine (ISE) and Unified Intelligence Center.
Vulnerabilities
GitLab and Atlassian have released patches for over a dozen vulnerabilities in their products, including high-severity bugs.
Malware & Threats
Russian military intelligence hackers intensify targeting of Western logistics and technology companies moving supplies into Ukraine.
ICS/OT
Cisco Talos has disclosed the details of apparently unpatched vulnerabilities in MC Technologies industrial routers and the GoCast BGP tool.
Malware & Threats
The CVE-2024-54143 vulnerability affects the OpenWrt sysupgrade server and exposes users to risks of installing malicious firmware images.
Vulnerabilities
QNAP has released patches for multiple high-severity QTS and QuTS Hero vulnerabilities disclosed at the Pwn2Own Ireland 2024 hacking contest.
Vulnerabilities
SonicWall has released patches for multiple high-severity flaws in the SMA100 SSL-VPN secure access gateway.
Vulnerabilities
WatchTowr has published proof-of-concept (PoC) code for an unpatched vulnerability in the Mitel MiCollab enterprise collaboration platform.
Vulnerabilities
A critical directory traversal vulnerability in the SailPoint IdentityIQ IAM platform exposes restricted files to attackers.
Malware & Threats
Japanese device maker confirms zero-day router exploitation and warn that full patches won’t be available for a few weeks.
Vulnerabilities
More than 100 Cisco products are affected by an NX-OS vulnerability that allows attackers to bypass image signature verification.
Cloud Security
Veeam releases patches for two vulnerabilities in Service Provider Console, including a critical-severity remote code execution bug.
Vulnerabilities
A second vulnerability in Zyxel firewalls has been exploited in Helldown ransomware attacks over the past weeks.
Vulnerabilities
Cisco has updated an advisory for CVE-2014-2120 to warn customers that the vulnerability has been exploited in the wild.
Malware & Threats
The 'Bootkitty' prototype UEFI bootkit contains an exploit for LogoFAIL and was created in a South Korea university program.
Vulnerabilities
A critical-severity vulnerability in open source enterprise network monitoring tool Zabbix could lead to full system compromise.
Vulnerabilities
Microsoft informed customers that vulnerabilities affecting cloud, AI and other services have been patched, including an exploited flaw.
Supply Chain Security
ESET warns of a new reality: “UEFI bootkits are no longer confined to Windows systems alone.”
Vulnerabilities
VulnCheck warns of widespread exploitation of a year-and-a-half-old ProjectSend vulnerability for which multiple public exploits exist.
Vulnerabilities
Palo Alto Networks and SonicWall VPNs affected by vulnerabilities allowing remote code execution and privilege escalation.
Malware & Threats
The company warns that malicious hackers can craft exploits to elevate privileges or launch cross-site scripting attacks.
Vulnerabilities
IBM has released patches for two high-severity remote code execution vulnerabilities in Data Virtualization Manager and Security SOAR.
Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.
RegisterLearn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.
RegisterExpert Insights
In the end, cybersecurity isn’t just about collecting data. It’s about proving that your defenses actually work.
(Torsten George)
Despite massive investment, the explosion of sophisticated malware and deepfake attacks persists because organizations struggle to verify digital identities and establish fundamental trust.
(Stu Sjouwerman)
Trying to block AI tools outright is a losing strategy. SaaS and AI are increasingly inseparable, and AI isn’t limited to tools like ChatGPT or Copilot anymore.
(Alastair Paterson)
CTI, digital brand protection and other cyber risk initiatives shouldn’t only be utilized by security and cyber teams.
(Marc Solomon)
Sightline Security’s founder explains why nonprofits need cybersecurity solutions tailored to their unique missions — and why vendors need to listen.
(Jennifer Leggio)