Cybercrime
A China-linked threat actor tracked as APT41 has targeted many organizations around the world by exploiting vulnerabilities in Citrix, Cisco and Zoho ManageEngine products,...
Hi, what are you looking for?
SecurityWeek
Artificial Intelligence
Attackers could abuse Dify's multi-tenant cloud service to read private chats, preview other tenants' documents, and reach internal APIs.
Mobile & Wireless
The high-severity use-after-free vulnerability in Samsung's KNOX security framework affected Android-powered Galaxy devices from the S9 through S25.
Vulnerabilities
Attackers can send crafted media files to execute code in any application that uses FFmpeg’s libavcodec library.
Data Protection
Squidbleed, discovered with the aid of Claude Mythos Preview, has been described as a Heartbleed-style vulnerability.
Vulnerabilities
Vulnerabilities that Videolabs recently addressed in its libmicrodns library could lead to denial of service (DoS) and arbitrary code execution, Cisco Talos’ security researchers...
Vulnerabilities
VMware has released an update for the macOS version of Fusion to fix a privilege escalation vulnerability for which it initially released an incomplete...
Cloud Security
A critical vulnerability patched on Tuesday by Adobe in its Creative Cloud desktop application can be exploited by hackers to delete arbitrary files.
Vulnerabilities
A vulnerability addressed recently in the WPvivid Backup Plugin could be exploited to obtain all files of a WordPress website, web security company WebARX...
Malware & Threats
Microsoft informed customers on Monday that it’s working on patches for two Windows zero-day vulnerabilities that can be exploited for remote code execution.According to...
Vulnerabilities
One of the vulnerabilities that researchers from the University of York discovered in widely-used password managers could have resulted in malicious apps stealing users’...
Vulnerabilities
Cybercrime groups have been exploiting vulnerabilities in digital video recorders (DVRs) made by Taiwan-based surveillance solutions provider LILIN to increase the size of their...
Cybercrime
A new variant of the notorious Mirai malware has been delivered by cybercriminals to network-attached storage (NAS) devices made by Zyxel through the exploitation...
Vulnerabilities
The developers of the Drupal content management system (CMS) announced on Wednesday that updates for versions 8.8.x and 8.7.x address a couple of vulnerabilities...
Vulnerabilities
Google this week rolled out an update to address multiple high-severity vulnerabilities in Chrome and also announced that it is pausing upcoming releases of...
Vulnerabilities
The patch released recently by VMware for a privilege escalation vulnerability affecting Fusion for Mac have been found to be incomplete.
Vulnerabilities
On the first day of the Pwn2Own 2020 hacking competition, participants earned a total of $180,000 for demonstrating exploits targeting Windows 10, Ubuntu Desktop...
Vulnerabilities
Cisco on Wednesday announced that it has patched a total of five vulnerabilities in its SD-WAN solution, including three that have been assigned a...
Vulnerabilities
Security updates released this week by Adobe address numerous critical and important vulnerabilities in Genuine Integrity Service, Acrobat and Reader, Photoshop, Experience Manager, ColdFusion,...
Vulnerabilities
VMware announced on Tuesday that it has patched a serious privilege escalation vulnerability that can be exploited on Mac systems where Fusion, Remote Console...
Malware & Threats
Trend Micro has patched several serious vulnerabilities in its Worry-Free Business Security, Apex One and OfficeScan products, including a couple of flaws that have...
Endpoint Security
Some users have complained that the Windows security update released recently by Microsoft to patch a wormable vulnerability related to Server Message Block 3.0...
Application Security
Checkmarx, a provider of tools for testing source code for security issues, announced on Monday that private equity firm Hellman & Friedman (“H&F”) has...
Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.
RegisterAI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.
RegisterExpert Insights
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage.
(Torsten George)
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)
AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code.
(Etay Maor)