Vulnerabilities
Google this week released Chrome 80 to the stable channel with 56 vulnerability patches and various other improvements to user security.
Hi, what are you looking for?
SecurityWeek
Artificial Intelligence
Attackers could abuse Dify's multi-tenant cloud service to read private chats, preview other tenants' documents, and reach internal APIs.
Mobile & Wireless
The high-severity use-after-free vulnerability in Samsung's KNOX security framework affected Android-powered Galaxy devices from the S9 through S25.
Vulnerabilities
Attackers can send crafted media files to execute code in any application that uses FFmpeg’s libavcodec library.
Data Protection
Squidbleed, discovered with the aid of Claude Mythos Preview, has been described as a Heartbleed-style vulnerability.
Malware & Threats
Researchers have shown how hackers could silently exfiltrate sensitive information from air-gapped computers by manipulating the brightness of their screen.
IoT Security
Tens of millions of Cisco devices deployed in enterprise environments are exposed to attacks due to vulnerabilities identified by researchers in a proprietary discovery...
Vulnerabilities
Facebook has patched a vulnerability in WhatsApp Desktop that could allow an attacker to launch cross-site scripting (XSS) attacks and access files from the...
Vulnerabilities
A patch has been released for a vulnerability in Sudo that can be exploited by an unprivileged attacker to gain full root permissions on...
Mobile & Wireless
Google this week released the February 2020 set of security updates for the Android operating system, which address a total of 25 vulnerabilities, including...
Management & Strategy
File hosting company Dropbox says it has awarded researchers over $1 million for vulnerabilities reported through its bug bounty program.
Vulnerabilities
Vulnerabilities recently patched in Mini-SNMPD could be abused for denial-of-service (DoS) attacks or to obtain sensitive information, Cisco Talos’ security researchers report.
Cybercrime
Twitter on Monday announced that it has suspended a large number of fake accounts that had exploited an API vulnerability to match usernames to...
ICS/OT
Hackers are actively targeting a vulnerability in Linear eMerge E3 access controllers to infect the devices with malware and abuse them to launch distributed...
IoT Security
Medical device company Medtronic informed customers last week that it has released patches for some cardiac device vulnerabilities disclosed in 2018 and 2019. The...
Vulnerabilities
An update announced last week by Trend Micro for its Anti-Threat Toolkit (ATTK) addresses some additional attack methods related to a vulnerability initially patched...
Management & Strategy
Microsoft on Thursday announced the launch of an Xbox bug bounty program with rewards of up to $20,000 for critical remote code execution vulnerabilities.
Vulnerabilities
Popular WordPress plugin Code Snippets recently received a patch for a high-severity vulnerability that can be exploited to take control of affected websites.
Network Security
Cisco this week informed customers that some of its Small Business Switches are affected by high-severity vulnerabilities that can be exploited to obtain sensitive...
Endpoint Security
Many devices, including ones often found in enterprise environments, are likely still vulnerable to direct memory access (DMA) attacks, despite the fact that hardware...
Email Security
Researchers at cybersecurity firm Qualys have identified a potentially serious vulnerability in OpenSMTPD that can allow remote command execution with elevated privileges.
Vulnerabilities
Magento 2.3.4 was released this week with patches for six vulnerabilities, including three that are considered critical.The first of these severe security issues is...
Mobile & Wireless
Apple this week released software updates to address tens of security flaws in iOS, iPadOS, macOS Catalina, and other products.A total of 23 vulnerabilities...
Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.
RegisterAI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.
RegisterExpert Insights
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage.
(Torsten George)
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)
AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code.
(Etay Maor)