Application Security
A group of researchers has discovered that roughly 40% of the code produced by the GitHub Copilot language model is vulnerable.
Hi, what are you looking for?
SecurityWeek
Artificial Intelligence
AWS has patched the vulnerability and published its own advisory to inform customers about the potential impact.
ICS/OT
The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project.
Vulnerabilities
The latest GitLab CE/EE updates address 13 vulnerabilities, including three high-severity defects.
Vulnerabilities
The latest version of the open source data transfer tool resolves 18 medium and low-severity vulnerabilities.
Application Security
Israeli security giant Check Point Software Technologies has joined the cybersecurity shopping spree with Monday’s announcement of a deal to purchase Avanan, a startup...
ICS/OT
An industrial energy management system made by Delta Electronics is affected by several vulnerabilities whose exploitation could have serious consequences in a real world...
Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an alert urging enterprises to address a newly disclosed vulnerability in Microsoft Azure...
Vulnerabilities
Researchers at industrial and IoT cybersecurity firm Nozomi Networks have discovered a critical vulnerability that can be exploited to hack a video surveillance product...
Vulnerabilities
Microsoft this week started notifying customers of a critical vulnerability in Azure Cosmos DB that could have provided attackers with administrative access to Cosmos...
Application Security
The financially-motivated threat actor tracked as FIN8 has added a potent new backdoor to its arsenal and is already using it in attacks in-the-wild,...
Vulnerabilities
Cisco this week announced the release of patches for a critical vulnerability affecting its Application Policy Infrastructure Controller (APIC) and Cloud APIC products.
Vulnerabilities
Atlassian this week informed customers about the availability of patches for a critical vulnerability affecting the company’s Confluence enterprise collaboration product.
Management & Strategy
Microsoft on Wednesday warned Exchange customers that their deployments are exposed to attacks exploiting the ProxyShell vulnerabilities, unless the adequate patches have been installed.
Vulnerabilities
McAfee security researchers, in partnership with Culinda, identified a series of severe vulnerabilities in B. Braun’s Infusomat Space large volume infusion pump and SpaceStation...
Cybercrime
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released five new analysis reports detailing malware discovered on compromised Pulse Secure devices.
Vulnerabilities
VMware this week announced patches for a series of vulnerabilities in vRealize Operations, including four considered high severity.
Mobile & Wireless
Security researchers at Citizen Lab are documenting a new Apple iOS zero-click exploit being used to hijack data from fully patched iPhones in Bahrain.Citizen...
Vulnerabilities
Researchers have disclosed the details of a Zoom exploit that could have allowed malicious actors to achieve remote code execution without user interaction.
Cybercrime
Researchers noticed that threat actors started exploiting Realtek SDK vulnerabilities shortly after their details were made public.
Vulnerabilities
Organizations using security appliances from Sophos have been advised to make sure their devices are up to date after a researcher disclosed the details...
Cybercrime
The recently disclosed Windows Server vulnerability dubbed “PetitPotam” is being actively exploited in malicious attacks, including some aimed at deploying a piece of ransomware...
Cybercrime
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) over the weekend issued an alert to warn of malicious actors actively exploiting the recently disclosed...
Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.
RegisterThis year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.
RegisterExpert Insights
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI.
(Etay Maor)
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage.
(Torsten George)
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)