Cybercrime
Attacks targeting a recently addressed vulnerability in the WordPress plugin File Manager are ramping up, warns the Wordfence Threat Intelligence team at WordPress security...
Hi, what are you looking for?
SecurityWeek
ICS/OT
The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project.
Vulnerabilities
The latest GitLab CE/EE updates address 13 vulnerabilities, including three high-severity defects.
Vulnerabilities
The latest version of the open source data transfer tool resolves 18 medium and low-severity vulnerabilities.
Vulnerabilities
More than half of the bugs are use-after-free defects, which can potentially lead to remote code execution.
Vulnerabilities
Two researchers have earned $20,000 from Google for reporting a sandbox escape vulnerability affecting the Chrome web browser.The flaw, tracked as CVE-2020-6573, has been...
Network Security
Palo Alto Networks this week announced that it has patched critical and high-severity denial-of-service (DoS) and arbitrary code execution vulnerabilities in its PAN-OS firewall...
Mobile & Wireless
A security vulnerability in the Cross-Transport Key Derivation (CTKD) of devices supporting both Bluetooth BR/EDR and LE could allow an attacker to overwrite encryption...
Cloud Security
Microsoft this week announced the public preview of new functionality to automatically deliver security patches to Windows virtual machines in Azure.
Data Protection
Researchers from universities in Germany and Israel have disclosed the details of a new timing attack that could allow malicious actors to decrypt TLS-protected...
Vulnerabilities
Intel this week released security patches to address a critical vulnerability in Active Management Technology (AMT) and Intel Standard Manageability (ISM).
Vulnerabilities
SAP this week announced the release of 10 new Security Notes as part of its September 2020 Security Patch Day, as well as updates...
Vulnerabilities
Managed Security Services provider Secureworks (NASDAQ:SCWX), announced on Wednesday that it has agreed to acquire acquire Delve Laboratories, a company that provides a vulnerability...
Mobile & Wireless
Google addressed two critical vulnerabilities in the Android System component as part of the newly released September 2020 set of security patches.
Vulnerabilities
A researcher has disclosed the details of a cross-site scripting (XSS) vulnerability in Google Maps that earned him $10,000.Israel-based security researcher Zohar Shachar discovered...
Vulnerabilities
Microsoft’s Patch Tuesday updates for September 2020 fix 129 vulnerabilities, but the company says none of them has been exploited in attacks or made...
ICS/OT
Vulnerabilities affecting CodeMeter, a popular licensing and DRM solution made by Germany-based Wibu-Systems, can expose industrial systems to remote attacks, industrial cybersecurity company Claroty...
Vulnerabilities
Adobe on Tuesday informed customers that it has patched a total of 18 vulnerabilities across its Experience Manager (AEM), FrameMaker and InDesign products.
Vulnerabilities
Routers made by MoFi Network are affected by several vulnerabilities, including critical flaws that can be exploited to remotely hack a device.The vulnerabilities were...
Vulnerabilities
Cisco last week released patches to address a critical remote code execution vulnerability in Jabber for Windows.
Vulnerabilities
Facebook is giving third-party application developers three weeks to respond to vulnerability reports and three months to patch bugs before public disclosure.
Vulnerabilities
The highly popular WordPress plugin File Manager this week received a patch to address an actively exploited zero-day vulnerability.
Vulnerabilities
Google this week increased the reward amounts paid to researchers for reporting abuse risk as part of its bug bounty program.
Data Protection
Recent attacks targeting QNAP Network Attached Storage (NAS) devices were attempting to exploit a vulnerability that was addressed in July 2017, 360 Netlab security researchers say.
Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.
RegisterThis year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.
RegisterExpert Insights
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI.
(Etay Maor)
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage.
(Torsten George)
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)