Eduard Kovacs

Intel has addressed 80 vulnerabilities affecting its products, including 18 high-severity privilege escalation and DoS flaws.

SAP has fixed over a dozen new vulnerabilities with its Patch Tuesday updates, including a critical flaw in its PowerDesigner product.

Researchers have disclosed the details of a new side-channel attack targeting AMD CPUs named Inception.

40 vulnerabilities have been patched by Google in the Android operating system with the release of the August 2023 security updates.

Google researcher discloses the details of an Intel CPU attack method named Downfall that may be remotely exploitable.

Identity-based attacks have soared in the past year, according to CrowdStrike’s 2023 Threat Hunting Report.

ICS Patch Tuesday: Siemens releases a dozen advisories covering over 30 vulnerabilities, but Schneider Electric has only published one advisory.

Microsoft has shared guidance and resources from its AI Red Team program to help organizations and individuals with AI security.

A sanctioned Russian missile maker appears to have been targeted by two important North Korean hacking groups.

A new vulnerability in the PaperCut MF/NG print management software can be exploited for unauthenticated, remote code execution.

CISA has unveiled its Cybersecurity Strategic Plan for the next 3 years, focusing on addressing immediate threats, hardening the terrain, and driving security.

Colorado Department of Higher Education targeted in a ransomware attack that resulted in a data breach impacting many students and teachers.

A critical Microsoft Power Platform vulnerability exposed authentication data and other secrets, but the tech giant has been accused of handling it poorly.

Exploitation of the Ivanti EPMM flaw CVE-2023-35078 is picking up as a new critical vulnerability tracked as CVE-2023-35082 is disclosed.

CISA disclosed 670 ICS vulnerabilities in the first half of 2023, but roughly one-third have no patches or mitigations from the vendor.

Forty-two cybersecurity-related merger and acquisition (M&A) deals were announced in July 2023.

Threat actors have exploited a Salesforce email service zero-day vulnerability and abused Meta features in a sophisticated phishing campaign.

The recently patched Ivanti EPMM zero-day CVE-2023-35078 has been exploited to hack the Norwegian government since at least April 2023.

A new power side-channel attack named Collide+Power can allow an attacker to obtain sensitive information and it works against nearly any modern CPU.

The number of ransomware attacks targeting industrial organizations and infrastructure has doubled since the second quarter of 2022, according to Dragos.