Vulnerabilities
Popular WordPress plugin Code Snippets recently received a patch for a high-severity vulnerability that can be exploited to take control of affected websites.
Hi, what are you looking for?
SecurityWeek
Artificial Intelligence
The new framework seeks to help security teams identify which software supply chain vulnerabilities pose the greatest operational, safety, and business risks in AI-driven...
Vulnerabilities
The flaws allow remote, unauthenticated attackers to make system changes, access underlying accounts, and inject commands.
Application Security
The security defects allow unauthenticated users to take control of the open source software supply chain.
Vulnerabilities
The exploit timeline collapsed. Make sure your validation didn't.
Network Security
Cisco this week informed customers that some of its Small Business Switches are affected by high-severity vulnerabilities that can be exploited to obtain sensitive...
Endpoint Security
Many devices, including ones often found in enterprise environments, are likely still vulnerable to direct memory access (DMA) attacks, despite the fact that hardware...
Email Security
Researchers at cybersecurity firm Qualys have identified a potentially serious vulnerability in OpenSMTPD that can allow remote command execution with elevated privileges.
Vulnerabilities
Magento 2.3.4 was released this week with patches for six vulnerabilities, including three that are considered critical.The first of these severe security issues is...
Mobile & Wireless
Apple this week released software updates to address tens of security flaws in iOS, iPadOS, macOS Catalina, and other products.A total of 23 vulnerabilities...
IoT Security
Measurement instruments that support the Standard Commands for Programmable Instruments (SCPI) protocol are exposed to hacker attacks, cybersecurity firm Trend Micro warned on Tuesday.
Management & Strategy
Google claims it paid out over $6.5 million through its bug bounty programs in 2019, which brings the total awarded by the company since...
Vulnerabilities
A vulnerability in the Zoom online meeting system could allow attackers eavesdrop on meetings and view all shared content, Check Point security researchers have...
ICS/OT
Millions of devices deployed across a wide range of sectors could be exposed to hacker attacks due to security issues associated with the use...
Vulnerabilities
Intel on Monday informed customers that researchers have identified yet another speculative execution attack method that can be launched against systems that use its...
Cybercrime
Citrix has released the full set of patches for the recently disclosed security flaw tracked as CVE-2019-19781, but attacks on vulnerable systems are ramping...
Endpoint Security
A cyberattack disclosed recently by Mitsubishi Electric, which resulted in hackers gaining access to the company’s network and stealing corporate data, likely involved exploitation...
Vulnerabilities
Proof-of-concept (PoC) exploits have been released for two recently patched Remote Desktop Gateway vulnerabilities that can be exploited for remote code execution.
Vulnerabilities
Cisco on Friday informed customers that it has patched a vulnerability that allowed unauthorized users to join password-protected Webex meetings. Cisco said the flaw...
Incident Response
Citrix has released a new set of patches for the recently disclosed CVE-2019-19781 vulnerability and partnered with FireEye for a tool that tells users...
ICS/OT
Researchers who took part this week in the Zero Day Initiative’s Pwn2Own Miami hacking competition have earned a total of $280,000 for exploits targeting...
Network Security
A critical vulnerability in the Cisco Firepower Management Center (FMC) could allow a remote attacker to bypass authentication and execute arbitrary actions on affected...
IoT Security
Several potentially serious vulnerabilities have been found in patient monitoring products made by GE Healthcare, the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and...
ICS/OT
Some of Honeywell’s MAXPRO video surveillance systems are affected by serious vulnerabilities that can be exploited by hackers to take complete control of the...
Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.
RegisterAI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.
RegisterExpert Insights
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI.
(Etay Maor)
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage.
(Torsten George)
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)