It’s been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) came to light and since the Spring development team fixed it in new versions of the Spring Framework. There have...
Spring4Shell (CVE-2022-22965) has dominated the information security news these last six days, but Log4Shell (CVE-2021-44228) continues to demand attention and action from enterprise defenders as diverse vulnerable...
In this video for Help Net Security, Ax Sharma, Senior Security Researcher at Sonatype, talks about the latest developments regarding Spring4Shell, the unauthenticated RCE zero-day vulnerability in...
Rapid7 has patched a critical SQL injection vulnerability in Nexpose, its on-premises vulnerability management software. The flaw, which has a CVSS rating of 9.8, arose because valid search...
An advanced threat actor has been spotted using distinctive, novel methods to backdoor French entities in the construction, real estate, and government industries. How the attack...
Enterprise software firm Solarwinds has fixed a critical bug in its Web Help Desk software that allowed attackers to execute arbitrary Hibernate Query Language (HQL) code....
Phishers are trying to harvest credentials for Office 365 or other business email accounts by impersonating the U.S. Department of Labor (DOL), Inky‘s researchers have warned. The ploy? The...
As the world emerges from the Covid pandemic, the increase in cyber threats is among the greatest global risks, according to a report published by the World...
HCL Digital Experience (DX), a platform for building and managing web portals, contains multiple vulnerabilities that could potentially lead to remote code execution (RCE), researchers claim. However, the...
Microsoft Defender for Business, a new endpoint security solution specially built for small and medium-sized businesses (SMBs), is now rolling out in preview worldwide. It helps...
Recent Comments