Application Security
Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.
Hi, what are you looking for?
SecurityWeek
IoT Security
Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.
Vulnerabilities
The latest BIND updates patch multiple remotely exploitable vulnerabilities that could lead to denial-of-service (DoS).
Email Security
Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.
Vulnerabilities
Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.
Cloud Security
VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.
Mobile & Wireless
Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.
Nation-State
A China-linked hackers are exploiting a vulnerability (CVE-2022-42475 ) in Fortinet FortiOS SSL-VPN, Mandiant claims.
Network Security
Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).
Application Security
A new report finds that barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.
Application Security
A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.
ICS/OT
Vulnerabilities in GE’s Proficy Historian product could be exploited for espionage and to cause damage and disruption in industrial environments.
Vulnerabilities
CISA gave federal agencies a February deadline to patch a critical vulnerability in the CentOS Control Web Panel utility.
Network Security
Vulnerabilities identified in TP-Link and NetComm router models could be exploited to achieve remote code execution (RCE).
Supply Chain Security
A source code security audit led to the discovery of several vulnerabilities in Git, the widely used distributed version control system.
Supply Chain Security
Oracle's Critical Patch Update for January 2023 includes 327 patches, with more than 70 that address critical-severity vulnerabilities.
Application Security
Vendors and agencies are bypassing a security patch that Adobe released in February 2022 to address CVE-2022-24086.
Cloud Security
Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.
Management & Strategy
Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.
Management & Strategy
Cybercrime
Nation-State
Data Breaches
CISO Strategy
