Network Security
Critical and high-severity vulnerabilities discovered by researchers in F5 Networks’ BIG-IP application delivery controller (ADC) allow a remote attacker to take complete control of...
Hi, what are you looking for?
SecurityWeek
Mobile & Wireless
The high-severity use-after-free vulnerability in Samsung's KNOX security framework affected Android-powered Galaxy devices from the S9 through S25.
Vulnerabilities
Attackers can send crafted media files to execute code in any application that uses FFmpeg’s libavcodec library.
Data Protection
Squidbleed, discovered with the aid of Claude Mythos Preview, has been described as a Heartbleed-style vulnerability.
Vulnerabilities
Vulnerable WordPress plugin iterations leak API keys, secrets, tokens, server information, and other data.
Network Security
Cisco on Wednesday announced that it has patched several vulnerabilities affecting its products, including flaws in Small Business routers and switches.
Cybercrime
Researchers have discovered a new Mac malware that encrypts files on compromised systems like a piece of ransomware, but also allows its operators to...
Privacy
Details on a macOS privacy protections bypass method were published this week, more than six months after Apple was informed of the issue, but...
IoT Security
Netgear has started releasing patches for ten vulnerabilities affecting nearly 80 of its products, including flaws disclosed last year at the Pwn2Own hacking competition.
Vulnerabilities
Microsoft on Tuesday published advisories to provide details on two remote code execution vulnerabilities addressed in the Windows Codecs Library.Both of these vulnerabilities are...
ICS/OT
Industrial control systems (ICS) can be hacked through barcode scanners, researchers at cybersecurity services company IOActive said on Tuesday.
Malware & Threats
Palo Alto Networks revealed on Monday that it has patched a critical authentication bypass vulnerability in its PAN-OS firewall operating system, and U.S. Cyber...
Endpoint Security
Driver vulnerabilities can facilitate attacks on ATMs, point-of-sale (PoS) systems and other devices, firmware security company Eclypsium warned on Monday.
Vulnerabilities
NVIDIA this week released patches for a dozen vulnerabilities in GPU display drivers and vGPU software, including multiple issues that could lead to code...
IoT Security
IBM has disclosed the details of several vulnerabilities found in powerline extenders made by China-based networking solutions provider Tenda. IBM says Tenda ignored its...
Management & Strategy
Sony this week announced the launch of a public PlayStation bug bounty program in partnership with hacker-sourced vulnerability hunting platform HackerOne.
Vulnerabilities
VMware informed customers on Tuesday that it addressed a total of 10 vulnerabilities affecting its ESXi, Workstation and Fusion products, including critical and high-severity...
Management & Strategy
Cyber security is described as a form of asymmetric warfare. One side, the defenders, have limited numbers -- just the security team. The other...
Data Protection
Twitter has started informing business customers that their billing information may have been exposed in what the company has described as a “data security...
ICS/OT
Mitsubishi Electric and its subsidiary ICONICS have released patches for the vulnerabilities disclosed earlier this year at the Pwn2Own Miami hacking competition, which focused...
ICS/OT
A stored cross-site scripting (XSS) vulnerability in OSIsoft PI System, a product often present in critical infrastructure facilities, can be exploited for phishing, privilege...
Vulnerabilities
AMD last week said it was preparing patches for a vulnerability affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI)...
Network Security
A high-severity vulnerability patched recently by IBM in its Maximo asset management solution makes it easier for hackers to move around in enterprise networks,...
Vulnerabilities
Cisco announced this week that it has added new security features to Webex and that it has also patched several high-severity vulnerabilities in the...
Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.
RegisterAI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.
RegisterExpert Insights
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage.
(Torsten George)
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)
AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code.
(Etay Maor)