Vulnerabilities
German software maker SAP this week announced the release of 17 new and two updated security notes on the September 2021 Security Patch Day....
Hi, what are you looking for?
SecurityWeek
Endpoint Security
A variant of DirtyFrag, the flaw allows unprivileged local users to manipulate the Linux page cache and gain root privileges.
Artificial Intelligence
AWS has patched the vulnerability and published its own advisory to inform customers about the potential impact.
ICS/OT
The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project.
Vulnerabilities
The latest GitLab CE/EE updates address 13 vulnerabilities, including three high-severity defects.
ICS/OT
Siemens and Schneider Electric on Tuesday published a total of 25 advisories to address more than 40 vulnerabilities affecting their industrial control system (ICS)...
Application Security
Microsoft on Tuesday shipped a major security update to blunt zero-day attacks targeting a gaping hole in its proprietary MSHTML browsing engine.
Mobile & Wireless
Apple has spent the past week rushing to develop a fix for a major security flaw which allows spyware to be downloaded on an...
Audits
Switzerland’s national postal organization Swiss Post is offering bug bounty rewards of up to €230,000 (roughly $271,000) for critical vulnerabilities identified in a future...
Data Protection
A five-year study conducted by cybersecurity firm Imperva showed that nearly half of on-premises databases globally have at least one vulnerability that could expose...
Cybercrime
The recently detailed Mēris botnet is targeting devices that were originally compromised three years ago, Latvian network equipment maker MikroTik says.
Application Security
Google has joined the list of major software providers scrambling to respond to zero-day exploits in the wild.
Application Security
Apple on Monday rolled out fixes for a pair of iOS and macOS security defects alongside a warning that these issues belong in the...
Mobile & Wireless
A team of researchers has identified what appears to be a new method that malicious actors could use to trick users into connecting to...
Application Security
A threat actor has leaked online access credentials for 87,000 Fortinet VPN devices that were apparently compromised using a vulnerability identified and patched two...
Application Security
Attack surface management pioneer Tenable on Monday announced plans to spend $160 million in cash to snap up Accurics, an early-stage startup selling cloud-native...
Vulnerabilities
WordPress 5.8.1, a security and maintenance release announced last week, fixes 60 bugs and several vulnerabilities.
Vulnerabilities
Citrix has released patches for several vulnerabilities in Hypervisor that could result in privileged code executed in a guest virtual machine compromising or crashing...
Application Security
Cisco this week released patches for multiple high-severity vulnerabilities in the IOS XR software and warned that attackers could exploit these bugs to reboot...
Application Security
A critical security vulnerability in HAProxy could allow attackers to bypass security controls and access sensitive data without authorization, according to a warning from...
Application Security
GitHub has published documentation on seven vulnerabilities in the Node.js packages and warned that exploitation could expose users to code execution attacks.
Application Security
CISA and OMB this week announced they are seeking public feedback on draft zero-trust strategic and technical documentation.
Cybercrime
A Canadian and U.S. dual-national was sentenced to 11 years in prison for laundering illicit funds from cybercrime schemes such as business email compromise,...
Application Security
Zoho has shipped an urgent patch for an authentication bypass vulnerability in its ManageEngine ADSelfService Plus alongside a warning that the bug is already...
Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.
RegisterThis year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.
RegisterExpert Insights
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI.
(Etay Maor)
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage.
(Torsten George)
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)