Management & Strategy
GitLab has paid more than half a million dollars in rewards to security researchers who contributed to its public bug bounty program over the...
Hi, what are you looking for?
SecurityWeek
Artificial Intelligence
The new framework seeks to help security teams identify which software supply chain vulnerabilities pose the greatest operational, safety, and business risks in AI-driven...
Vulnerabilities
The flaws allow remote, unauthenticated attackers to make system changes, access underlying accounts, and inject commands.
Application Security
The security defects allow unauthenticated users to take control of the open source software supply chain.
Vulnerabilities
The exploit timeline collapsed. Make sure your validation didn't.
ICS/OT
Schneider Electric last week informed customers that patches have been made available for vulnerabilities in some Modicon controllers and several EcoStruxure products.
Vulnerabilities
SAP issued five new Security Notes this week as part of its December 2019 Security Patch Day, to which it also added 2 updates...
Vulnerabilities
A newly disclosed attack targeting Intel processors utilizes CPU voltage modifications to expose data stored using Intel's Software Guard Extensions (SGX).
Vulnerabilities
Security updates released by Apple this week address numerous vulnerabilities in macOS Catalina, iOS and iPadOS, Safari, and other software products.
Vulnerabilities
Google this week released Chrome 79 to the stable channel with a total of 51 security fixes, including 37 reported by external researchers, two...
Vulnerabilities
It’s been almost a decade since the first commercial “for-profit” bug bounty companies launched leveraging crowdsourced intelligence to uncover security vulnerabilities and simultaneously creating...
Vulnerabilities
Adobe’s Patch Tuesday updates for December 2019 fix vulnerabilities in the company’s Acrobat and Reader, Brackets, Photoshop, and ColdFusion products.
Cybercrime
Microsoft’s December 2019 Patch Tuesday updates fix a total of 36 vulnerabilities, including a Windows zero-day that has been exploited in attacks alongside a...
Vulnerabilities
When Hackers and Vendors Both Benefit, Your System May be the Biggest Loser
Vulnerabilities
A security researcher has analyzed three hardware-based password vaults and discovered that credentials are stored in plaintext and survive hardware resets.
Management & Strategy
Virtual private network (VPN) services provider NordVPN on Monday announced the launch of a public bug bounty program on the HackerOne platform.The company says...
Application Security
Google on Monday announced that it has released the source code of a tool designed to help developers identify vulnerabilities related to file access.
Vulnerabilities
Two local privilege escalation vulnerabilities have been identified by a researcher in an enterprise VPN product from cloud-native networking solutions provider Aviatrix.Aviatrix claims to...
ICS/OT
Germany-based industrial connectivity solutions provider Weidmueller has released firmware updates for many of its managed industrial Ethernet switches to address critical vulnerabilities.
Vulnerabilities
VMware on Thursday informed customers that it has released patches for a critical remote code execution vulnerability in ESXi that was disclosed recently at...
Vulnerabilities
A vulnerability that can be exploited to determine if a user is connected to a VPN and hijack active TCP connections in a VPN...
Identity & Access
Microsoft this week issued guidance regarding Windows Hello for Business (WHfB) public keys that persist even after the devices they are tied to are...
ICS/OT
Moxa Urges Users to Replace Discontinued Industrial AP Filled With Security Holes
Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.
RegisterAI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.
RegisterExpert Insights
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI.
(Etay Maor)
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage.
(Torsten George)
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)