vulnerability

The Evolution of Bug Hunting: How AI is Reshaping Vulnerability Discovery

Bug Bounties & Responsible Disclosure

The Evolution of Bug Hunting: How AI is Reshaping Vulnerability Discovery

Bug hunting has transformed from a niche activity into a professionalized field where security researchers earn substantial...

SberTech Expands Bug Bounty Program on BI.ZONE Platform, Increases Rewards to 200K RUB

Bug Bounties & Responsible Disclosure

SberTech Expands Bug Bounty Program on BI.ZONE Platform, Increases Rewards to 200K RUB

SberTech, a Russian software developer under the Sber ecosystem, has expanded its public bug bounty program on...

19 APT Groups Exploit Vulnerabilities and Spear Phishing in Asia-Based Attacks

APT-News

19 APT Groups Exploit Vulnerabilities and Spear Phishing in Asia-Based Attacks

Recent research by NSFOCUS Fuying Laboratory has uncovered 19 distinct Advanced Persistent Threat (APT) campaigns targeting organizations...

Analysis of Multi-Stage Carding Attack Targeting Outdated Magento Sites

Blue-Team

Analysis of Multi-Stage Carding Attack Targeting Outdated Magento Sites

A sophisticated multi-stage carding attack has been identified targeting Magento eCommerce sites running outdated versions, particularly Magento...

Rapid7’s Exposure Assessment Platform Buyer’s Guide: Key Features and Vendor Comparisons

News

Rapid7’s Exposure Assessment Platform Buyer’s Guide: Key Features and Vendor Comparisons

Rapid7 has released its Exposure Assessment Platform (EAP) Buyer’s Guide, a resource designed to help organizations navigate...

GFI MailEssentials .NET Deserialization Vulnerability (CVE-2025-34491) Allows Remote Code Execution

CVE News

GFI MailEssentials .NET Deserialization Vulnerability (CVE-2025-34491) Allows Remote Code Execution

A critical vulnerability (CVE-2025-34491) in GFI MailEssentials enables authenticated attackers to execute arbitrary code through .NET deserialization...

Critical Server-Side Template Injection Vulnerability in IPW Systems Metazo (CVE-2025-46661)

CVE News

Critical Server-Side Template Injection Vulnerability in IPW Systems Metazo (CVE-2025-46661)

A critical vulnerability (CVE-2025-46661) has been identified in IPW Systems Metazo versions up to 8.1.3, allowing unauthenticated...

Tenda W12 and i24 HTTPd Stack-Based Buffer Overflow Vulnerability (CVE-2025-4007): Technical Analysis and Mitigation

CVE News

Tenda W12 and i24 HTTPd Stack-Based Buffer Overflow Vulnerability (CVE-2025-4007): Technical Analysis and Mitigation

A critical stack-based buffer overflow vulnerability (CVE-2025-4007) has been identified in Tenda W12 and i24 routers, affecting...

CVE-2015-2079: Critical Remote Code Execution Vulnerability in Usermin

CVE News

CVE-2015-2079: Critical Remote Code Execution Vulnerability in Usermin

A critical vulnerability (CVE-2015-2079) in Usermin, a web-based administration tool, allows authenticated attackers to execute arbitrary code...

Global Surge in Automated Scanning Activity: Threat Landscape Analysis

Threat Intelligence

Global Surge in Automated Scanning Activity: Threat Landscape Analysis

The cybersecurity landscape continues to evolve with increasing automation, as evidenced by a 16.7% year-over-year rise in...

CISA Expands Known Exploited Vulnerabilities Catalog with Three Critical Flaws

CVE News

CISA Expands Known Exploited Vulnerabilities Catalog with Three Critical Flaws

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with three...

Analysis of iOS Darwin Notification Vulnerability: Impact and Mitigation

CVE News

Analysis of iOS Darwin Notification Vulnerability: Impact and Mitigation

A newly disclosed vulnerability in Apple’s iOS operating system (CVE-2025-24091) allows malicious applications to trigger an irreversible...

ISC Stormcast April 28, 2025: Key Cybersecurity Threats and Tools

Threat Intelligence

ISC Stormcast April 28, 2025: Key Cybersecurity Threats and Tools

The latest episode of the SANS Internet Storm Center (ISC) Stormcast, released on April 28, 2025, covers...

IXON VPN Client Vulnerabilities: Technical Analysis of Privilege Escalation Flaws

CVE News

IXON VPN Client Vulnerabilities: Technical Analysis of Privilege Escalation Flaws

Security researchers at Shelltrail have identified three critical vulnerabilities in the IXON VPN client that could allow...

Quick Agent Path Traversal Vulnerability (CVE-2025-26692): Analysis and Mitigation

CVE News

Quick Agent Path Traversal Vulnerability (CVE-2025-26692): Analysis and Mitigation

A critical path traversal vulnerability (CVE-2025-26692) affecting SIOS Technology’s Quick Agent (V2 and V3) has been disclosed,...

TOTOLINK N150RT Buffer Overflow Vulnerability (CVE-2025-3991): Analysis and Mitigation

CVE News

TOTOLINK N150RT Buffer Overflow Vulnerability (CVE-2025-3991): Analysis and Mitigation

A critical buffer overflow vulnerability (CVE-2025-3991) has been identified in TOTOLINK N150RT routers running firmware version 3.4.0-B20190525....

iPhone “Infostealer” Malware Threat: Analysis and Mitigation (2025 Update)

Threat Intelligence

iPhone “Infostealer” Malware Threat: Analysis and Mitigation (2025 Update)

A new wave of cyberattacks targeting iPhone users has emerged, with malware dubbed “Infostealer” compromising millions of...

Windows 11 KB5055627 Update: Security Implications and Enterprise Considerations

Blue-Team

Windows 11 KB5055627 Update: Security Implications and Enterprise Considerations

Microsoft’s KB5055627 preview cumulative update for Windows 11 24H2, released on April 25, 2025, introduces 30 changes...

Windows “inetpub” Security Fix Exploited to Block Future Updates: Technical Analysis

CVE News

Windows “inetpub” Security Fix Exploited to Block Future Updates: Technical Analysis

A recent Windows security update designed to mitigate a privilege escalation vulnerability has inadvertently introduced a new...

Moodle EQUELLA Remote Code Execution Vulnerability (CVE-2025-3642): Analysis and Mitigation

CVE News

Moodle EQUELLA Remote Code Execution Vulnerability (CVE-2025-3642): Analysis and Mitigation

A high-severity remote code execution (RCE) vulnerability (CVE-2025-3642) has been identified in Moodle’s EQUELLA repository integration, posing...

Posts pagination

Previous 1 … 8 9 10 11 12 13 14 … 24 Next

vulnerability

The Evolution of Bug Hunting: How AI is Reshaping Vulnerability Discovery

SberTech Expands Bug Bounty Program on BI.ZONE Platform, Increases Rewards to 200K RUB

19 APT Groups Exploit Vulnerabilities and Spear Phishing in Asia-Based Attacks

Analysis of Multi-Stage Carding Attack Targeting Outdated Magento Sites

Rapid7’s Exposure Assessment Platform Buyer’s Guide: Key Features and Vendor Comparisons

GFI MailEssentials .NET Deserialization Vulnerability (CVE-2025-34491) Allows Remote Code Execution

Critical Server-Side Template Injection Vulnerability in IPW Systems Metazo (CVE-2025-46661)

Tenda W12 and i24 HTTPd Stack-Based Buffer Overflow Vulnerability (CVE-2025-4007): Technical Analysis and Mitigation

CVE-2015-2079: Critical Remote Code Execution Vulnerability in Usermin

Global Surge in Automated Scanning Activity: Threat Landscape Analysis

CISA Expands Known Exploited Vulnerabilities Catalog with Three Critical Flaws

Analysis of iOS Darwin Notification Vulnerability: Impact and Mitigation

ISC Stormcast April 28, 2025: Key Cybersecurity Threats and Tools

IXON VPN Client Vulnerabilities: Technical Analysis of Privilege Escalation Flaws

Quick Agent Path Traversal Vulnerability (CVE-2025-26692): Analysis and Mitigation

TOTOLINK N150RT Buffer Overflow Vulnerability (CVE-2025-3991): Analysis and Mitigation

iPhone “Infostealer” Malware Threat: Analysis and Mitigation (2025 Update)

Windows 11 KB5055627 Update: Security Implications and Enterprise Considerations

Windows “inetpub” Security Fix Exploited to Block Future Updates: Technical Analysis

Moodle EQUELLA Remote Code Execution Vulnerability (CVE-2025-3642): Analysis and Mitigation

You may have missed

Dark Web Data Exposure: Technical Analysis and Response for Security Professionals

Misinformation as a Threat Vector: Lessons from the Brown University Shooting Investigation

Google’s Gmail Address Change: A New Vector for Account Takeover and Social Engineering

The AI Investment Surge in India: A Strategic Analysis for Security Leaders