Vulnerabilities | News, how-tos, features, reviews, and videos

green tree python
A broken link in a digital chaing / weakness / vulnerability

05 malware

Gigabyte firmware component can be abused as a backdoor

Attackers can abuse the UEFI firmware to inject executable malware code into the Windows kernel, compromising systems.


Inactive, unmaintained Salesforce sites vulnerable to threat actors

Research highlights the risks posed by inactive Salesforce sites that continue to pull sensitive business data and can be easily exploited by malicious actors.


Barracuda patches zero-day vulnerability exploited since October

The vulnerability stemmed from incomplete input validation of user-supplied .tar files.

A hook is cast at laptop email with fishing lures amid abstract data.

New phishing technique poses as a browser-based file archiver

The new technique has a hacker simulate an archiving app in the web browser to trick victims as they try to access a .zip domain.

VMware: Why CISOs Are Looking to Lateral Security to Mitigate Ransomware

How to check for new exploits in real time? VulnCheck has an answer

VulnCheck’s new database tracks exploits for fresh vulnerabilities in real time and allows for search using CVE IDs.


Critical remote code execution flaws patched in Cisco small business switches

Some of the vulnerabilities could lead to complete compromise of the device as a proof of concept is publicly available.


Hackers exploit WordPress vulnerability within hours of PoC exploit release

The exploitation of the vulnerability leads to a cross-site scripting (XSS) attack in which a threat actor can inject malicious scripts, redirects, advertisements, and other forms of URL manipulation into a victim site.

mobile / email / laptop / computing

Microsoft fixes bypass for critical Outlook zero-click flaw patch

Microsoft rates the new Outlook vulnerability as medium severity, but Akamai researchers say it should be higher.

shutterstock 1850095465 internet API application programming interface

Azure API Management flaws highlight server-side request forgery risks in API development

New SSRF vulnerabilities highlight the weaknesses of using blacklisting techniques as a defense mechanism.


Microsoft patches 3 vulnerabilities in Azure API Management

The vulnerabilities comprise url formatting bypasses and an unrestricted file upload functionality in the API Management developer portal, according to cybersecurity firm Ermetic.

A magnifying lens exposes an exploit amid binary code.

Cybercrime group FIN7 targets Veeam backup servers

At least two Veeam instances have been compromised, possibly using a vulnerability patched in March.

network traffic earth

New DDoS amplification vector could enable massive attacks

A vulnerability in the Service Location Protocol on internet-connected devices could create a DDoS amplification factor of up to 2200X.

padlock unlocked security hole flaw

Cisco patches high and critical flaws across several products

Left unmitigated, the vulnerabilities could lead to unauthorized remote access, denial of service attacks, or privilege escalation.

hybrid cloud hurdles

Weak credentials, unpatched vulnerabilities, malicious OSS packages causing cloud security risks

Security teams take an average of 145 hours to solve alerts, while 80% of cloud alerts are triggered by just 5% of security rules in most environments.

Chrome logo on a phone with a lock image over it

Google urges users to update Chrome to address zero-day vulnerability

Google has released Chrome version 112.0.5615.121 to address a vulnerability that can allow malicious code execution on Windows, Mac, and Linux systems.

hacker stealing dollars bank cyber crime cybercrime money theft

Microsoft patches vulnerability used in Nokoyawa ransomware attacks

The vulnerability identified as CVE-2023-28252 is a privilege escalation flaw affecting the Windows Common Log File System driver.

Microsoft Windows 7 security patches/updates

Why you should patch the Windows QueueJumper vulnerability immediately

A critical flaw in Microsoft Message Queuing Service is likely to be exploited as many organizations could be unaware that it is active.

ChatGPT on a laptop

OpenAI starts bug bounty program with cash rewards up to $20,000

Based on the severity and impact of the reported vulnerability, OpenAI will hand out cash rewards ranging from $200 for low-severity findings to up to $20,000 for exceptional discoveries.

Load More