Vulnerabilities/Threats

System of Trust includes data-driven metrics for evaluating the integrity of software, services, and suppliers.

Publicly released proof-of-concept exploits are supercharging attacks against unpatched systems, CISA warns.

Build security in up front to secure open source code at the foundational level. Apply security controls, have engineering teams test, do code review, and use attacker-centric behavioral analytics to mitigate threats.

As demonstrated in Ukraine and elsewhere, the battlefield for today's warriors extends to the virtual realm with cyber warfare.

A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell.

Law enforcement is warning about a wave of Web injection attacks on US online retailers that are successfully stealing credit-card information from online checkout pages.

A widespread attack is underway to exploit known RCE flaw in Tatsu Builder WordPress plug-in, according to a new report.

The online giant analyzes, patches, and maintains its own versions of open source software, and now the company plans to give others access to its libraries and components as a subscription.

Wireless chips that run when the iPhone iOS is shut down can be exploited.

Maintainers of open source software (OSS) will gain additional security tools for their own projects, while the developers who use OSS — and about 97% of software does — will gain more data on security.

New quantum encryption standards will stand up to spy-snooping, NSA cybersecurity director said.

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxel's gear.

In a Black Hat Asia keynote fireside chat, US national cyber director Chris Inglis outlined his vision of an effective cybersecurity public-private partnership strategy.

Cyber-researchers are testing the bounds of optical attacks with a technique that allows attackers to recover voice audio from meetings if there are shiny, lightweight objects nearby.