IoT Security
Billions of Windows and Linux devices are affected by a serious GRUB2 bootloader vulnerability that can be exploited to install persistent and stealthy malware,...
Hi, what are you looking for?
SecurityWeek
Artificial Intelligence
The new framework seeks to help security teams identify which software supply chain vulnerabilities pose the greatest operational, safety, and business risks in AI-driven...
Vulnerabilities
The flaws allow remote, unauthenticated attackers to make system changes, access underlying accounts, and inject commands.
Application Security
The security defects allow unauthenticated users to take control of the open source software supply chain.
Vulnerabilities
The exploit timeline collapsed. Make sure your validation didn't.
Mobile & Wireless
Trend Micro’s Zero Day Initiative (ZDI) on Tuesday announced the rules and prizes for its Pwn2Own Tokyo 2020 hacking competition, which invites white hat...
ICS/OT
Vulnerabilities discovered by researchers in VPN products primarily used for remote access to operational technology (OT) networks can allow hackers to compromise industrial control...
Cybercrime
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on Friday to warn organizations about the risk posed by a recently patched...
Management & Strategy
Microsoft announced last week that it has added scenario-based rewards to the Windows Insider Preview (WIP) Bounty Program, with a top bounty of $100,000.
Cyberwarfare
The U.S. National Security Agency and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency have issued a joint alert urging critical infrastructure...
Cyberwarfare
Chinese drone giant Da Jiang Innovations (DJI) on Thursday responded to the disclosure of security issues discovered by researchers in one of its Android...
Malware & Threats
Cisco this week informed customers that it has patched a high-severity path traversal vulnerability in its firewalls that can be exploited remotely to obtain...
Management & Strategy
Apple this week kicked off another initiative meant to improve the security of iPhones, by offering hackable phones to security researchers.
Data Protection
A team of researchers from the Ruhr University Bochum in Germany has disclosed a series of new attack methods against signed PDF files.
Vulnerabilities
One of the vulnerabilities that Microsoft addressed on the July 2020 Patch Tuesday in .NET Framework, SharePoint, and Visual Studio could lead to remote...
Vulnerabilities
Citrix informed customers this week that it has patched a vulnerability in its Workspace app that can allow an attacker to remotely hack the...
Vulnerabilities
Adobe informed customers on Tuesday that it has patched several critical code execution vulnerabilities in its Bridge, Photoshop and Prelude products.
Cyberwarfare
A threat actor believed to be working for the Iranian government recently launched another round of attacks on Israel’s water sector, and a source...
Endpoint Security
The US Cybersecurity and Infrastructure Security Agency (CISA) has instructed government agencies to immediately address a vulnerability affecting Windows DNS servers.
Management & Strategy
Virtual private network service ExpressVPN this week announced the launch of a bug bounty program managed by crowdsourced security testing platform Bugcrowd.
Vulnerabilities
Apple this week released patches to address numerous vulnerabilities across its products, including five arbitrary code execution issues affecting the audio components used by...
Cybercrime
Someone has been scanning the internet in search of SAP systems affected by the recently disclosed vulnerability dubbed RECON. The scanning activity started just...
M&A Tracker
An issue related to the Zoom feature that allows for the customization of meeting URLs could have been exploited for phishing attacks, Check Point...
Network Security
Cisco on Wednesday released security advisories to inform customers of several critical vulnerabilities that can be exploited remotely to hack small business routers and...
Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.
RegisterAI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.
RegisterExpert Insights
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI.
(Etay Maor)
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage.
(Torsten George)
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)