Ionut Arghire

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

B2B payment security provider NsKnox raised $17 million in a new funding round that brings the total raised by the company to $35.6 million.

Vulnerabilities identified in TP-Link and NetComm router models could be exploited to achieve remote code execution (RCE).

Nissan North America told roughly 25,000 customers that their personal information was exposed in a data breach via a third-party provider.

Oracle's Critical Patch Update for January 2023 includes 327 patches, with more than 70 that address critical-severity vulnerabilities.

Vendors and agencies are bypassing a security patch that Adobe released in February 2022 to address CVE-2022-24086.

Fortinet warned of three malicious PyPI packages containing code that fetches the Wacatac trojan and information stealer.

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Avast and Bitdefender have released decryptors to help victims of BianLian and MegaCortex ransomware recover their data for free.

A GitHub Codespaces feature meant to help with code development and collaboration can be abused for malware delivery.

Canadian liquor distributor Liquor Control Board of Ontario said a web skimmer injected into its online store was used to steal data.

The Department of Defense is launching the third installment of its ‘Hack the Pentagon’ bug bounty program, which will focus on the Facility Related...

Software development service CircleCI said a recent data breach was the result of information stealer malware being deployed on an engineer’s laptop.

Most internet-exposed Cacti installations have not been patched against a critical-severity command injection vulnerability that is being exploited in attacks.

Researchers have seen exploitation attempts targeting a critical Control Web Panel (CWP) vulnerability, following the publication of proof-of-concept (PoC) code in early January.

A Pro-Russian cybercrime group named NoName057(16) is actively launching distributed denial-of-service (DDoS) attacks against organizations in Ukraine and NATO countries.

Cisco this week announced that no patches will be released for a critical-severity vulnerability impacting small business RV016, RV042, RV042G, and RV082 routers, which...

British news organization The Guardian has confirmed that personal information was compromised in a ransomware attack in December 2022.

Cybersecurity firm Group-IB is raising the alarm on a newly identified advanced persistent threat (APT) actor targeting government and military organizations in Asia and...