Ionut Arghire

A China-linked hackers are exploiting a vulnerability (CVE-2022-42475 ) in Fortinet FortiOS SSL-VPN, Mandiant claims.

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

B2B payment security provider NsKnox raised $17 million in a new funding round that brings the total raised by the company to $35.6 million.

Vulnerabilities identified in TP-Link and NetComm router models could be exploited to achieve remote code execution (RCE).

Nissan North America told roughly 25,000 customers that their personal information was exposed in a data breach via a third-party provider.

Oracle's Critical Patch Update for January 2023 includes 327 patches, with more than 70 that address critical-severity vulnerabilities.

Vendors and agencies are bypassing a security patch that Adobe released in February 2022 to address CVE-2022-24086.

Fortinet warned of three malicious PyPI packages containing code that fetches the Wacatac trojan and information stealer.

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Avast and Bitdefender have released decryptors to help victims of BianLian and MegaCortex ransomware recover their data for free.

A GitHub Codespaces feature meant to help with code development and collaboration can be abused for malware delivery.