Vulnerabilities
Adobe on Tuesday announced the release of security updates for its Flash Player, Framemaker and Experience Manager products.
Hi, what are you looking for?
SecurityWeek
Mobile & Wireless
The high-severity use-after-free vulnerability in Samsung's KNOX security framework affected Android-powered Galaxy devices from the S9 through S25.
Vulnerabilities
Attackers can send crafted media files to execute code in any application that uses FFmpeg’s libavcodec library.
Data Protection
Squidbleed, discovered with the aid of Claude Mythos Preview, has been described as a Heartbleed-style vulnerability.
Vulnerabilities
Vulnerable WordPress plugin iterations leak API keys, secrets, tokens, server information, and other data.
Vulnerabilities
Two critical vulnerabilities patched recently by IBM in its WebSphere Application Server product can be exploited by a remote, unauthenticated attacker to execute arbitrary...
Vulnerabilities
An online voting system approved in three US states is vulnerable to manipulation by hackers and may not protect ballot secrecy, according to an...
Vulnerabilities
A newly disclosed UPnP vulnerability that affects billions of devices can be exploited for various types of malicious activities, including distributed denial-of-service (DDoS) attacks...
Vulnerabilities
Nearly 1,000 vulnerabilities were found in popular open source projects in 2019, more than double compared to the previous year, according to a report...
Cybercrime
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has warned Windows users that a recently released proof-of-concept (PoC) exploit for...
ICS/OT
A critical vulnerability affecting traffic light controllers made by SWARCO could have been exploited by hackers to disrupt a city’s traffic lights.
Cybercrime
Over a period of just a few days in late May, malicious actors attempted to steal database credentials from millions of WordPress websites by...
ICS/OT
Cisco this week announced that it has patched tens of vulnerabilities in its IOS software, including a dozen security flaws that impact the company’s...
Vulnerabilities
Members of Cisco’s Talos threat intelligence and research group have identified two vulnerabilities in the Zoom client application that can allow a remote attacker...
Vulnerabilities
Cybersecurity firm Trustwave on Wednesday disclosed the details of several vulnerabilities found by its researchers in SAP Adaptive Server Enterprise (ASE).
Vulnerabilities
Firefox 77 and Tor Browser 9.5 were released this week with patches for a variety of vulnerabilities, including several rated high severity.
Cybercrime
Several vulnerabilities affecting the Exim mail transfer agent (MTA) have been exploited by Russia-linked hackers, and administrators have been urged to patch immediately, but...
Mobile & Wireless
Google has started rolling out the June 2020 security patches for the Android operating system, which address a total of 43 vulnerabilities, including several...
Cloud Security
A recently patched vulnerability affecting VMware Cloud Director has a major impact for cloud services providers as it can allow an attacker to take...
Network Security
A vulnerability related to the IP-in-IP tunneling protocol that can be exploited for denial-of-service (DoS) attacks and to bypass security controls has been found...
Mobile & Wireless
Apple on Monday released security patches to address a zero-day vulnerability that had been used to jailbreak iPhones running iOS 13.5.Tracked as CVE-2020-9859, the...
Vulnerabilities
A security researcher claims Apple paid a $100,000 bug bounty reward for a critical vulnerability in Sign in with Apple, the company’s privacy-focused authentication...
Endpoint Security
Two researchers have discovered a new timing channel attack technique that remains effective even if multiple processes are running on a system.
Vulnerabilities
An update released last week by VMware for the macOS version of Fusion attempts to fix a serious privilege escalation vulnerability introduced by a...
Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.
RegisterAI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.
RegisterExpert Insights
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage.
(Torsten George)
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)
AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code.
(Etay Maor)