Ionut Arghire

Cisco is warning of a zero-day vulnerability in Cisco ASA and FTD that can be exploited remotely, without authentication, in brute force attacks.

Check Point has observed a wave of phishing attacks launched via Google Looker Studio to steal credentials and funds from intended victims.

Emsisoft urges its users to update anti-malware and other security products after signing them with an improperly issued digital certificate.

APTs exploited vulnerabilities in Zoho ManageEngine and Fortinet VPNs to hack an aerospace organization in early January 2023.

See Tickets is informing 300,000 individuals that their payment card information was stolen in a new web skimmer attack.

CISA has released new guidance to help federal agencies decide upon and prioritize DDoS mitigations based on mission and reputational impact.

Cisco has released patches for CVE-2023-20238, a critical authentication bypass vulnerability in the BroadWorks Application Delivery Platform.

Vulnerabilities identified in the OAS Platform could be exploited to bypass authentication, leak sensitive information, and overwrite files.

Truffle Security has discovered thousands of popular websites leaking their secrets, including .git directories and AWS and GitHub keys.

Academic researchers design a Chrome extension to steal passwords from input fields and publish it to the Chrome webstore.

Android’s September 2023 security update resolves a high-severity elevation of privilege vulnerability exploited in malicious attacks.

Google has released another weekly Chrome update, to address four high-severity vulnerabilities reported by external researchers.