Vulnerabilities
A hacker was able to access private customer reports on HackerOne after one of the platform’s security analysts inadvertently shared a session cookie.
Hi, what are you looking for?
SecurityWeek
Artificial Intelligence
The new framework seeks to help security teams identify which software supply chain vulnerabilities pose the greatest operational, safety, and business risks in AI-driven...
Vulnerabilities
The flaws allow remote, unauthenticated attackers to make system changes, access underlying accounts, and inject commands.
Application Security
The security defects allow unauthenticated users to take control of the open source software supply chain.
Vulnerabilities
The exploit timeline collapsed. Make sure your validation didn't.
Mobile & Wireless
One of the vulnerabilities Google addressed in Android with the December 2019 set of monthly patches is a critical vulnerability that could result in...
Application Security
Google has shared some data on the adoption of Transport Layer Security (TLS) by Android applications and it seems that significant progress has been...
Vulnerabilities
Vulnerabilities in document and imaging library Accusoft ImageGear could allow attackers to execute code remotely on vulnerable machines, Cisco Talos has discovered.The library, which...
Vulnerabilities
Microsoft recently addressed an OAuth 2.0 vulnerability that could allow an attacker to take over Azure accounts.The issue impacts specific Microsoft OAuth 2.0 applications...
Vulnerabilities
Cisco Talos researchers have identified two vulnerabilities in the GoAhead embedded web server, including a critical flaw that can be exploited for remote code...
Endpoint Security
Vulnerabilities discovered in Kaspersky Secure Connection, Trend Micro Maximum Security, and Autodesk Desktop Application could be exploited for DLL preloading, code execution, and privilege...
Cybercrime
Norwegian app security company Promon on Monday disclosed the existence of a vulnerability that has been exploited by tens of malicious Android apps, and...
Malware & Threats
Ohio detected and thwarted an election-related cyber attack earlier this month, the state’s elections chief said.Republican Secretary of State Frank LaRose said the “relatively...
ICS/OT
A critical vulnerability affecting some Relion protection devices from ABB can be exploited to take control of a device or cause it to become...
Cybercrime
Adobe-owned e-commerce platform Magento recently informed some Magento Marketplace users that an unauthorized third-party had gained access to their account information.
Vulnerabilities
Kaspersky has patched several vulnerabilities affecting the web protection features present in its Anti-Virus, Internet Security, Total Security, Free Anti-Virus, Security Cloud, and Small...
Mobile & Wireless
Trend Micro security researchers have discovered thousands of Android applications impacted by the GIF processing vulnerability that was patched recently in WhatsApp.
ICS/OT
Kaspersky researchers have identified dozens of vulnerabilities in four popular open source virtual network computing (VNC) systems, but fortunately the majority of them have...
Cloud Security
Security and web performance services provider Cloudflare this week announced the open source availability of Flan Scan, its lightweight network vulnerability scanner.
Management & Strategy
Google on Thursday announced that it’s expanding its Android bug bounty program, and certain types of exploits can now earn researchers up to $1.5...
Vulnerabilities
An update for the popular WordPress plugin Jetpack addresses a critical security flaw that has existed for more than two years. With over 5 million...
Mobile & Wireless
Critical vulnerabilities that have been fixed years ago are still present in many popular Android applications due to their developer’s failure to apply patches...
Malware & Threats
The DopplePaymer ransomware spreads via existing Domain Admin credentials, not exploits targeting the BlueKeep vulnerability, Microsoft says.
Vulnerabilities
A researcher has earned $5,000 from Google for an interesting cross-site scripting (XSS) vulnerability found in the dynamic email feature added a few months...
Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.
RegisterAI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.
RegisterExpert Insights
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI.
(Etay Maor)
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage.
(Torsten George)
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)