Vulnerability Management

The bug allows unauthenticated code execution on the company's firewall products, and CISA says it poses "significant risk" to federal government.

An unpatched flaw in more than 350,000 unique open source repositories leaves software applications vulnerable to exploit. The path traversal-related vulnerability is tracked as CVE-2007-4559.

Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments.

Be wary of being pestered into making a bad decision. As digital applications proliferate, educating users against social engineering attempts is a key part of a strong defense.

Several models of EZVIZ cameras are open to total remote control by cyberattackers, and image exfiltration and decryption.

The entire security team should share in the responsibility to secure sensitive data.

New executive order stops short of mandating NIST's guidelines, but recommends SBOMs for federal agencies across government.

Honeypot activity exposed two credentials that the threat actor is using to host and distribute malicious container images, security vendor says.

In Microsoft's lightest Patch Tuesday update of the year so far, several security vulnerabilities stand out as must-patch, researchers warn.

Unpatched Pixel devices are at risk for escalation of privileges, Google warns.

Users must continually be made aware of new threats, including attacks targeting shipping, the supply chain, email, and hybrid workers.

The critical flaw in BackupBuddy is one of thousands of security issues reported in recent years in products that WordPress sites use to extend functionality.

A slew of Microsoft Exchange vulnerabilities (including ProxyLogon) fueled a surge in attacks targeting software flaws in 2021, but the trend has continued this year.

Continued collaboration will help win the fight as cybersecurity remains a national priority. International and public-private cooperation is helping stem the damage from ransomware threats and cyberattacks.

The Shikitega malware takes over IoT and endpoint devices, exploits vulnerabilities, uses advanced encoding, abuses cloud services for C2, installs a cryptominer, and allows full remote control.