Vulnerabilities
Versions through 9.0.4 of the Ghidra software reverse engineering (SRE) framework are impacted by a code-execution vulnerability, the National Security Agency (NSA) has revealed.
Hi, what are you looking for?
SecurityWeek
ICS/OT
The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project.
Vulnerabilities
The latest GitLab CE/EE updates address 13 vulnerabilities, including three high-severity defects.
Vulnerabilities
The latest version of the open source data transfer tool resolves 18 medium and low-severity vulnerabilities.
Vulnerabilities
More than half of the bugs are use-after-free defects, which can potentially lead to remote code execution.
Vulnerabilities
Microsoft has released a new set of security patches for a zero-day vulnerability in Internet Explorer that was initially addressed on September 23. The...
Cybercrime
Hackers continue to target the Drupal vulnerability named Drupalgeddon2 to install malware onto unpatched systems, Akamai’s security researchers have discovered.
Mobile & Wireless
The developers of the popular privacy-focused messaging application Signal have rushed to patch a serious vulnerability in the Android version that can be exploited...
Cyberwarfare
Advanced persistent threat (APT) actors have been exploiting recently disclosed vulnerabilities affecting enterprise VPN products from Fortinet, Palo Alto Networks and Pulse Secure, the...
Malware & Threats
Fully patched Pixel 2 devices, even those running Android 10 preview, are impacted by a vulnerability that has already been abused in attacks, a...
Vulnerabilities
Facebook recently patched a vulnerability in WhatsApp for Android that may have allowed hackers to execute arbitrary code and gain access to sensitive user...
ICS/OT
IoT security firm Armis has confirmed that the recently disclosed vulnerabilities tracked as Urgent/11 affect several real time operating systems (RTOS) other than VxWorks.
Identity & Access
Malicious actors may be able to easily access unprotected Cisco WebEx and Zoom meetings due to an API enumeration vulnerability, Cequence Security’s CQ Prime...
Vulnerabilities
Singapore’s Ministry of Defence (MINDEF) is inviting 400 white-hat hackers to find vulnerabilities in its systems, as part of a three-week program hosted on...
Email Security
A Critical vulnerability recently addressed in the popular open-source email server Exim could lead to remote code execution. Exim is an open source mail transfer...
Cybersecurity Funding
San Francisco-based vulnerability management solutions provider Kenna Security on Monday announced that it has raised $48 million in a Series D funding round, which...
ICS/OT
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) informed organizations last week that Tridium’s Niagara product is affected by two...
Malware & Threats
Threat intelligence firm Anomali on Monday announced the launch of Lens, a new tool designed to make it easier for organizations to find and...
Data Protection
Apple on Friday released security updates for iOS 13 and iPadOS to address a vulnerability that allowed third-party keyboard extensions to gain “full access”...
Mobile & Wireless
A researcher specializing in iOS security claims to have created a bootrom exploit that can be leveraged to jailbreak hundreds of millions of iOS...
Mobile & Wireless
A new variant of a recently disclosed SIM card attack method could expose millions of mobile phones to remote hacking, researchers have warned.
Cloud Security
VMware this week released patches to address a critical vulnerability in Harbor, which was found to impact VMware Cloud Foundation and VMware Harbor Container...
Application Security
An update that Apple will soon release for iOS 13 and iPadOS should resolve an issue that leads to third-party keyboard apps getting elevated...
Cybercrime
Developers of the vBulletin forum software have rushed to release a patch for a recently disclosed remote command execution vulnerability, but the flaw has...
Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.
RegisterThis year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.
RegisterExpert Insights
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI.
(Etay Maor)
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage.
(Torsten George)
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)