vulnerability

2025 DBIR Analysis: Edge Device Vulnerabilities and Remediation Trends

CVE News

2025 DBIR Analysis: Edge Device Vulnerabilities and Remediation Trends

The 2025 Verizon Data Breach Investigations Report (DBIR) highlights a concerning 34% year-over-year increase in vulnerability exploitation,...

Honeypot Maintenance Challenges and DShield-SIEM Logging Insights

Blue-Team

Honeypot Maintenance Challenges and DShield-SIEM Logging Insights

Maintaining honeypot configurations and analyzing DShield-SIEM logs presents unique challenges for security teams. A recent incident involving...

Active! Mail Zero-Day RCE Exploited in Attacks Against Japanese Organizations

CVE News

Active! Mail Zero-Day RCE Exploited in Attacks Against Japanese Organizations

A critical zero-day remote code execution (RCE) vulnerability in Active! Mail, a widely used Japanese webmail client,...

Siemens TeleControl Server Basic SQL Injection Vulnerabilities: Critical Risks and Mitigations

CVE News

Siemens TeleControl Server Basic SQL Injection Vulnerabilities: Critical Risks and Mitigations

Siemens TeleControl Server Basic (TCSB) has been identified with multiple critical SQL injection vulnerabilities affecting versions prior...

iPhone Security Alert: Three Default Settings That Increase Cyber Risk

Blue-Team

iPhone Security Alert: Three Default Settings That Increase Cyber Risk

Apple iPhone users are being advised to review and disable several default settings that may expose them...

Critical Vulnerabilities in ABB MV Drives: Technical Analysis and Mitigation Strategies

CVE News

Critical Vulnerabilities in ABB MV Drives: Technical Analysis and Mitigation Strategies

ABB’s medium voltage (MV) drives, widely used in industrial automation and critical infrastructure, have been found to...

Windows 10 KB5055612 Preview Update Addresses WSL2 GPU Bug and Kernel Security

Blue-Team

Windows 10 KB5055612 Preview Update Addresses WSL2 GPU Bug and Kernel Security

Microsoft has released the optional KB5055612 preview cumulative update for Windows 10 22H2, addressing a critical GPU...

Cookie-Bite Attack: Chrome Extension Exploit Bypasses MFA in Azure Entra ID

Red-Team

Cookie-Bite Attack: Chrome Extension Exploit Bypasses MFA in Azure Entra ID

A newly documented proof-of-concept attack named “Cookie-Bite” demonstrates how malicious Chrome extensions can hijack browser session cookies...

Critical RCE Vulnerability in Commvault Command Center (CVE-2025-34028)

CVE News

Critical RCE Vulnerability in Commvault Command Center (CVE-2025-34028)

A critical remote code execution (RCE) vulnerability, tracked as CVE-2025-34028, has been disclosed in Commvault Command Center...

Ripple’s xrpl.js Library Compromised in Supply Chain Attack: Technical Analysis

News

Ripple’s xrpl.js Library Compromised in Supply Chain Attack: Technical Analysis

A critical supply chain attack has compromised Ripple’s official JavaScript library, xrpl.js, injecting malicious code to steal...

CVE-2025-2594: Critical Authentication Bypass in WordPress User Registration & Membership Plugin

CVE News

CVE-2025-2594: Critical Authentication Bypass in WordPress User Registration & Membership Plugin

A high-severity vulnerability (CVE-2025-2594) has been identified in the WordPress User Registration & Membership plugin, allowing unauthenticated...

Apache Web Server SQL Injection Vulnerability (CVE-2025-23176): Technical Analysis and Mitigation

CVE News

Apache Web Server SQL Injection Vulnerability (CVE-2025-23176): Technical Analysis and Mitigation

A newly disclosed SQL injection vulnerability (CVE-2025-23176) in Apache Web Server has been rated with a CVSS...

Critical IBM Hardware Management Console Vulnerability Allows Local Command Execution (CVE-2025-1950)

CVE News

Critical IBM Hardware Management Console Vulnerability Allows Local Command Execution (CVE-2025-1950)

A newly disclosed critical vulnerability in IBM’s Hardware Management Console (HMC) for Power Systems could allow local...

Malicious npm and PyPI Packages Impersonate Developer Tools to Steal Credentials

Threat Intelligence

Malicious npm and PyPI Packages Impersonate Developer Tools to Steal Credentials

Recent findings by the Socket Threat Research Team reveal a growing trend of threat actors uploading malicious...

CISA Issues Five Critical ICS Advisories Covering Siemens, Schneider Electric, and ABB Systems

CVE News

CISA Issues Five Critical ICS Advisories Covering Siemens, Schneider Electric, and ABB Systems

The Cybersecurity and Infrastructure Security Agency (CISA) published five Industrial Control Systems (ICS) advisories on April 22,...

Critical Symantec pcAnywhere Remote Code Execution Vulnerability (CVE-2011-3478)

CVE News

Critical Symantec pcAnywhere Remote Code Execution Vulnerability (CVE-2011-3478)

A critical buffer overflow vulnerability in Symantec pcAnywhere, identified as CVE-2011-3478, allows unauthenticated attackers to execute arbitrary...

Display Protocol Vulnerabilities: Exploiting EDID, HDMI Side-Channels, and Digital Signage

Red-Team

Display Protocol Vulnerabilities: Exploiting EDID, HDMI Side-Channels, and Digital Signage

Display interfaces like HDMI, DVI, and DisplayPort contain overlooked attack surfaces that security professionals should understand. Research...

Rapid7’s Remediation Hub: A Shift from CVE-Centric to Risk-Based Vulnerability Management

Blue-Team

Rapid7’s Remediation Hub: A Shift from CVE-Centric to Risk-Based Vulnerability Management

Traditional vulnerability management often focuses on individual CVEs, leading to fragmented remediation efforts. Rapid7’s Remediation Hub introduces...

ManageWiki SQL Injection Vulnerability (CVE-2025-32956): Analysis and Mitigation

CVE News

ManageWiki SQL Injection Vulnerability (CVE-2025-32956): Analysis and Mitigation

A high-severity SQL injection vulnerability (CVE-2025-32956) has been identified in the ManageWiki MediaWiki extension, affecting versions prior...

Critical Buffer Overflow Vulnerability in H3C GR-3000AX Routers (CVE-2025-3854)

CVE News

Critical Buffer Overflow Vulnerability in H3C GR-3000AX Routers (CVE-2025-3854)

A critical buffer overflow vulnerability (CVE-2025-3854) has been identified in H3C GR-3000AX routers running firmware versions up...

Posts pagination

Previous 1 … 6 7 8 9 10 11 12 … 19 Next

vulnerability

2025 DBIR Analysis: Edge Device Vulnerabilities and Remediation Trends

Honeypot Maintenance Challenges and DShield-SIEM Logging Insights

Active! Mail Zero-Day RCE Exploited in Attacks Against Japanese Organizations

Siemens TeleControl Server Basic SQL Injection Vulnerabilities: Critical Risks and Mitigations

iPhone Security Alert: Three Default Settings That Increase Cyber Risk

Critical Vulnerabilities in ABB MV Drives: Technical Analysis and Mitigation Strategies

Windows 10 KB5055612 Preview Update Addresses WSL2 GPU Bug and Kernel Security

Cookie-Bite Attack: Chrome Extension Exploit Bypasses MFA in Azure Entra ID

Critical RCE Vulnerability in Commvault Command Center (CVE-2025-34028)

Ripple’s xrpl.js Library Compromised in Supply Chain Attack: Technical Analysis

CVE-2025-2594: Critical Authentication Bypass in WordPress User Registration & Membership Plugin

Apache Web Server SQL Injection Vulnerability (CVE-2025-23176): Technical Analysis and Mitigation

Critical IBM Hardware Management Console Vulnerability Allows Local Command Execution (CVE-2025-1950)

Malicious npm and PyPI Packages Impersonate Developer Tools to Steal Credentials

CISA Issues Five Critical ICS Advisories Covering Siemens, Schneider Electric, and ABB Systems

Critical Symantec pcAnywhere Remote Code Execution Vulnerability (CVE-2011-3478)

Display Protocol Vulnerabilities: Exploiting EDID, HDMI Side-Channels, and Digital Signage

Rapid7’s Remediation Hub: A Shift from CVE-Centric to Risk-Based Vulnerability Management

ManageWiki SQL Injection Vulnerability (CVE-2025-32956): Analysis and Mitigation

Critical Buffer Overflow Vulnerability in H3C GR-3000AX Routers (CVE-2025-3854)

You may have missed

Russia’s Throttling of Cloudflare: Technical Impact and Security Implications

Livestreamed Child Exploitation: Technical and Legal Implications of a Disturbing Case

UNFI Cyberattack: Supply Chain Disruption and Recovery Analysis

Hawaiian Airlines Cyberattack: IT Systems Compromised, Flight Operations Unaffected