Vulnerabilities
Adobe last week patched a total of nine vulnerabilities in its Magento e-commerce platform, including two critical issues.
Hi, what are you looking for?
SecurityWeek
ICS/OT
The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project.
Vulnerabilities
The latest GitLab CE/EE updates address 13 vulnerabilities, including three high-severity defects.
Vulnerabilities
The latest version of the open source data transfer tool resolves 18 medium and low-severity vulnerabilities.
Vulnerabilities
More than half of the bugs are use-after-free defects, which can potentially lead to remote code execution.
Endpoint Security
The Cybersecurity and Infrastructure Security Agency (CISA) on Friday informed users about the availability of patches for two remote code execution vulnerabilities that affect...
Management & Strategy
TikTok announced this week that it has launched a public bug bounty program in collaboration with HackerOne.
Network Security
Juniper Networks informed customers this week that it has patched tens of vulnerabilities, including serious issues that can be exploited to take control of...
Vulnerabilities
A significant number of SonicWall firewalls may be affected by a critical vulnerability that can be exploited for denial-of-service (DoS) attacks and possibly arbitrary...
Cybersecurity Funding
FOSSA Provides End-to-End Governance for Third-Party Code
Endpoint Security
The United States Cyber Command (USCYBERCOM) warns that users should apply the latest patches for Microsoft software to ensure they won’t fall victim to...
Vulnerabilities
The updates released by SAP for October 2020 include 15 Security Notes, including one that addresses a critical vulnerability. Six previously released Patch Day...
Mobile & Wireless
Bluetooth vulnerabilities that a Google security researcher has identified in the Linux kernel could be exploited to run arbitrary code or access sensitive information.
Vulnerabilities
One of the vulnerabilities that Microsoft addressed as part of the October 2020 Patch Tuesday is a critical bug in Windows’ TCP/IP driver that...
ICS/OT
Cisco Talos this week released the details of several remotely exploitable denial-of-service (DoS) vulnerabilities found by one of its researchers in an industrial automation...
Vulnerabilities
PDF software developer Foxit has released patches to address several high-risk vulnerabilities affecting both Windows and macOS applications.The Chinese software company’s tools allow users...
Endpoint Security
Microsoft has fixed nearly 90 vulnerabilities with its October 2020 Patch Tuesday updates and while none of them has been exploited in attacks, several...
Vulnerabilities
Adobe has patched a critical arbitrary code execution vulnerability in Flash Player. This is the only flaw fixed by the software giant this Patch...
Vulnerabilities
Acronis has released patches for its True Image, Cyber Backup, and Cyber Protect products to address vulnerabilities that could lead to elevation of privileges.The...
Cloud Security
Virtual appliances, even if they are provided by major software or cybersecurity vendors, can pose a serious risk to organizations, according to a report...
Management & Strategy
Facebook has announced a series of updates for its bug bounty program, including bonus rewards for engaged researchers, as well as a faster bug...
Cybercrime
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that government networks have been targeted in attacks exploiting the Zerologon vulnerability in combination...
Cybercrime
Microsoft reported this week that it has spotted Zerologon attacks apparently conducted by TA505, a notorious Russia-linked cybercrime group.
Vulnerabilities
A team of researchers has received hundreds of thousands of dollars in bug bounties from Apple for reporting 55 vulnerabilities, including ones that exposed...
Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.
RegisterThis year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.
RegisterExpert Insights
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI.
(Etay Maor)
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage.
(Torsten George)
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)