Mobile & Wireless
Cellebrite’s forensic applications do not include the type of security protections one would expect from a parsing software, which renders them susceptible to attacks,...
Hi, what are you looking for?
SecurityWeek
Artificial Intelligence
AWS has patched the vulnerability and published its own advisory to inform customers about the potential impact.
ICS/OT
The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project.
Vulnerabilities
The latest GitLab CE/EE updates address 13 vulnerabilities, including three high-severity defects.
Vulnerabilities
The latest version of the open source data transfer tool resolves 18 medium and low-severity vulnerabilities.
ICS/OT
Industrial automation giant Rockwell Automation has started releasing firmware updates for some of its Stratix switches to address another round of vulnerabilities introduced by...
Application Security
Security researchers at Human Security (formerly White Ops) have discovered a massive botnet of Android devices being used to conduct fraud in the connected...
Application Security
A remote code execution vulnerability identified on the central CocoaPods server could have allowed an attacker to poison any package download, security researcher Max...
Vulnerabilities
Over 96% of WordPress Vulnerabilities Disclosed in 2020 Affected Third-Party CodeMore than 580 WordPress vulnerabilities were disclosed in 2020, but a vast majority of...
Vulnerabilities
Oracle this week announced the release of 390 new security fixes as part of the April 2021 Critical Patch Update (CPU), including patches for...
Cybercrime
SonicWall’s Email Security product is affected by three vulnerabilities that have been exploited in attacks. It took the vendor roughly two weeks to start...
Application Security
Google late Tuesday shipped another urgent security patch for its dominant Chrome browser and warned that attackers are exploiting one of the zero-days in...
Application Security
Multiple threat actors are actively engaged in the targeting of four vulnerabilities in Pulse Secure VPN appliances, including a zero-day identified this month that...
Cyberwarfare
Following sanctions announced by the U.S. Department of the Treasury last week, Russian cyber-security firm Positive Technologies says the accusations are groundless.
Vulnerabilities
WordPress has released version 5.7.1 of its popular content management system (CMS), which brings more than 25 bug fixes, including patches for two security...
ICS/OT
Multiple vulnerabilities in the OpENer stack could be exploited in attacks aimed at supervisory control and data acquisition (SCADA) and other industrial systems that...
Network Security
A critical vulnerability patched recently by networking and cybersecurity solutions provider Juniper Networks could allow an attacker to remotely hijack or disrupt affected devices.
Application Security
Google’s Project Zero cybersecurity research unit on Thursday announced that it’s making some changes to its vulnerability disclosure policies, giving users 30 days to...
Incident Response
Vulnerabilities
More than 40 organizations have been targeted in a global campaign focused on the COVID-19 vaccine cold chain infrastructure, which handles the distribution of...
Vulnerabilities
Reddit this week announced the launch of a public bug bounty program on the vulnerability hunting platform HackerOne.Following a three-year private bug bounty program...
Vulnerabilities
The U.S. government on Thursday warned that Russian APT operators are exploiting five known -- and already patched -- vulnerabilities in corporate VPN infrastructure...
Vulnerabilities
A researcher has made public an exploit and details for an unpatched vulnerability affecting Chrome, Edge and other web browsers that are based on...
Vulnerabilities
On Tuesday, as part of its April 2021 Security Patch Day, SAP announced the release of 14 new security notes and 5 updates to...
Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.
RegisterThis year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.
RegisterExpert Insights
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI.
(Etay Maor)
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage.
(Torsten George)
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)