Vulnerabilities
Microsoft is working on patches for a critical remote code execution vulnerability in Server Message Block 3.0 (SMBv3) that exposes systems to “wormable” attacks.
Hi, what are you looking for?
SecurityWeek
Artificial Intelligence
The new framework seeks to help security teams identify which software supply chain vulnerabilities pose the greatest operational, safety, and business risks in AI-driven...
Vulnerabilities
The flaws allow remote, unauthenticated attackers to make system changes, access underlying accounts, and inject commands.
Application Security
The security defects allow unauthenticated users to take control of the open source software supply chain.
Vulnerabilities
The exploit timeline collapsed. Make sure your validation didn't.
Vulnerabilities
Microsoft’s Patch Tuesday updates for March 2020 address 115 vulnerabilities, including 26 critical issues affecting Windows, Word, Dynamics Business Central, and the company’s web...
Vulnerabilities
A researcher has earned $55,000 from Facebook for reporting a serious vulnerability that could have been exploited by hackers to steal access tokens and...
Cloud Security
Many processors made by Intel are vulnerable to a newly disclosed type of attack named Load Value Injection (LVI), but the chip maker has...
Cybercrime
Multiple threat actors are already targeting Microsoft Exchange servers in an attempt to exploit a vulnerability fixed by Microsoft with its February 2020 Patch...
Cybercrime
A recently disclosed vulnerability affecting Zoho’s ManageEngine Desktop Central endpoint management solution is already being exploited in attacks.
Tracking & Law Enforcement
Newly introduced legislation seeks to protect journalist who publish classified information, as well as security researchers who discover classified government backdoors.
Vulnerabilities
Researchers have identified two new methods for attacking AMD processors, but they are not as dangerous as some of the previously disclosed CPU attacks.
Vulnerabilities
Business tools development company Zoho says it’s working on a patch for a zero-day vulnerability affecting its ManageEngine Desktop Central product.
Data Protection
Most Intel chipsets released in the past five years are affected by a vulnerability that can be exploited to obtain encrypted data and compromise...
Cybercrime
Hackers have started scanning the web in search of Apache Tomcat servers affected by a recently disclosed vulnerability tracked as CVE-2020-1938 and dubbed Ghostcat.
Vulnerabilities
Cisco has released patches to address more than a dozen vulnerabilities across various products, including two code execution bugs in Webex Player that could...
Cyber Insurance
MoleRATs, a politically-motivated threat actor apparently linked to the Palestinian terrorist organization Hamas, has expanded its target list to include insurance and retail industries,...
Application Security
Google this week announced the launch of FuzzBench, a free and open source service for evaluating fuzzers.The fully automated service was designed to allow...
Cybercrime
Patches released over the past several days for multiple WordPress plugins address vulnerabilities that have been actively exploited as part of the same website...
Vulnerabilities
Software security updates NVIDIA released on Friday address multiple denial-of-service (DoS) vulnerabilities in GPU display drivers and Virtual GPU Manager software.
Data Protection
Pharmacy store chain Walgreens has started informing some users of its mobile application that their personal and health-related information may have been seen by...
Vulnerabilities
A serious vulnerability affecting Apache Tomcat can be exploited to read files from a server and in some cases even to achieve remote code...
Vulnerabilities
Intel patched over 230 vulnerabilities in its products last year, but less than a dozen impacted its processors, according to the company’s 2019 Product...
IoT Security
Cisco says it will release patches for wireless devices affected by the recently disclosed Wi-Fi chip vulnerability named Kr00k. The company says the flaw...
Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.
RegisterAI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.
RegisterExpert Insights
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI.
(Etay Maor)
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage.
(Torsten George)
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)