Supply Chain Security
SBOMs can be used for managing risk and determining vulnerability impact, but it’s very hard to build holistic risk models when the data is...
Hi, what are you looking for?
SecurityWeek
Cybercrime
A Mirai botnet has been exploiting a recently patched vulnerability tracked as CVE-2023-28771 to hack many Zyxel firewalls.
Vulnerabilities
GitLab CE/EE version 16.0.1 patches a critical arbitrary file read vulnerability tracked as CVE-2023-2825.
Vulnerabilities
Barracuda Networks is warning customers about CVE-2023-2868, a zero-day exploited to hack some Email Security Gateway (ESG) appliances.
Vulnerabilities
OAuth vulnerabilities found in the widely used Expo application development platform could have been exploited for account takeovers.
Network Security
MikroTik patches a major security defect in its RouterOS product a full five months after it was exploited at Pwn2Own Toronto.
Mobile & Wireless
Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.
Vulnerabilities
An XSS vulnerability in the Advanced Custom Fields WordPress plugin exposes more than 2 million sites to attacks.
Vulnerabilities
Fortinet has released patches for two high-severity vulnerabilities impacting FortiADC, FortiOS, and FortiProxy.
Cloud Security
Three vulnerabilities in the Azure API Management service could be exploited for internal asset access, DoS, firewall bypass, and the upload of malicious files.
Mobile & Wireless
Google’s latest Android security updates patch over 40 vulnerabilities, including CVE-2023-0266, a kernel flaw exploited as a zero-day by a spyware vendor.
Vulnerabilities
Cisco warns of a critical-severity RCE vulnerability impacting EoL SPA112 2-Port Phone Adapters.
Vulnerabilities
Apple has released firmware updates for Beats and AirPods to patch a vulnerability that can be exploited to gain access to headphones via a...
Vulnerabilities
Vulnerabilities in Netgear network management system allow attackers to retrieve cleartext passwords and escalate privileges.
Vulnerabilities
Chrome 113 was released to the stable channel with 15 security fixes, including 10 that address vulnerabilities reported by external researchers.
Network Security
Open source BGP implementation FRRouting is affected by three vulnerabilities that can be exploited to cause disruption via DoS attacks.
Vulnerabilities
CISA warns of attacks exploiting an Oracle WebLogic vulnerability tracked as CVE-2023-21839, which was patched with the January 2023 CPU.
Vulnerabilities
Fortinet warns of a massive spike in malicious attacks targeting a five-year-old authentication bypass vulnerability in TBK DVR devices.
Malware & Threats
Join thousands of attendees as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security...
Mobile & Wireless
Ransomware
Industrial giant ABB has confirmed that it has been targeted in a ransomware attack, with the cybercriminals stealing some data.
Application Security
Cybersecurity Funding
