Application Security
Security researchers at Eclypsium have figured out a way to exploit a set of high-severity vulnerabilities that expose millions of Dell computers to stealthy...
Hi, what are you looking for?
SecurityWeek
Artificial Intelligence
AWS has patched the vulnerability and published its own advisory to inform customers about the potential impact.
ICS/OT
The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project.
Vulnerabilities
The latest GitLab CE/EE updates address 13 vulnerabilities, including three high-severity defects.
Vulnerabilities
The latest version of the open source data transfer tool resolves 18 medium and low-severity vulnerabilities.
Application Security
Networking device manufacturer Zyxel has issued an alert to warn customers of attacks targeting a subset of security appliances that have remote management or...
Application Security
Google today announced the expansion of the Open Source Vulnerabilities (OSV) database to include information on bugs identified in Go, Rust, Python, and DWF...
ICS/OT
Germany-based industrial solutions provider Weidmueller on Wednesday informed customers that it has patched a dozen vulnerabilities affecting some of its industrial WLAN devices.
Vulnerabilities
VMware this week announced the availability of patches for an authentication bypass vulnerability in VMware Carbon Black App Control (AppC) running on Windows machines.Carbon...
Vulnerabilities
Linux marketplaces that are based on the Pling platform are impacted by a cross-site scripting (XSS) vulnerability and potentially exposed to supply chain attacks,...
Vulnerabilities
A high-severity vulnerability that VMware patched this week in VMware Tools for Windows could be exploited to execute arbitrary code with elevated privileges.
Vulnerabilities
A security advisory published on Tuesday by Palo Alto Networks informs customers about the availability of patches for a critical vulnerability affecting the company’s...
Audits
A new version of the open-source Tor Browser was released this week with patches for multiple vulnerabilities, including one that could allow malicious websites...
Application Security
The U.S. government’s National Security Agency (NSA) on Tuesday announced plans to fund the development of a knowledge base of defensive countermeasures for the...
Application Security
Multiple vulnerabilities recently patched in Zephyr's Bluetooth LE stack could be exploited to cause denial of service conditions, prevent further connections, or even leak...
Cloud Security
A security researcher claims he discovered a critical vulnerability in Apple’s password reset feature that could have been used to take over any iCloud...
ICS/OT
Eight vulnerabilities discovered in the Drawings software development kit (SDK) made by Open Design Alliance (ODA) impact products from Siemens and likely other vendors.
Vulnerabilities
A researcher has identified several vulnerabilities, including ones that have been rated high severity, in Cisco’s Small Business 220 series smart switches. The networking...
Audits
Google’s ongoing struggles with in-the-wild zero-day attacks against its flagship Chrome browser isn’t going away anytime soon.
Application Security
Google wants to bring “salsa” to drive enforcement at the software supply chain security party.
Application Security
Threat hunters at Kaspersky are sounding a warning for an Iranian APT actor that has been silently conducting domestic cyber-surveillance operations for the last...
Cloud Security
Google has finally enabled end-to-end encryption (E2EE) for the Messages app in Android but the privacy-enhancing tool remains somewhat limited.Google announced end-to-end encryption is...
IoT Security
A critical vulnerability discovered in a ThroughTek P2P software development kit (SDK) used by multiple security camera manufacturers can be exploited to gain remote...
ICS/OT
Vulnerabilities discovered in some older Schneider Electric PowerLogic products can allow hackers to remotely take control of devices or disrupt them.
Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.
RegisterThis year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.
RegisterExpert Insights
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI.
(Etay Maor)
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage.
(Torsten George)
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)