Matrix has patched five serious vulnerabilities in its end-to-end encryption that break the confidentiality and authentication of messages. The flaws would allow a malicious server to read user...
A bug in vm2, a popular JavaScript sandbox environment, could allow malicious actors to bypass sandbox protections and stage remote code execution (RCE) on the host device. Vm2,...
Two Italian security researchers have netted more than $46,000 in bounties for the discovery of an Akamai misconfiguration, despite receiving nothing from Akamai itself. Akamai is...
Microsoft is developing a patch for two actively exploited zero-day vulnerabilities in Microsoft Exchange Server. The flaws, tracked as CVE-2022-41040 and CVE-2022-41082, were discovered in Microsoft’s enterprise mail server...
An unpatched remote code execution (RCE) vulnerability in Nepxion Discovery, an open source project that provides functionality for the Spring Cloud framework, has been made public....
Answering the survey—based on the National Institute of Standards and Technology’s cybersecurity framework—is mandatory for certain grant recipients. A survey the Cybersecurity and Infrastructure Security Agency...
Russian retail chain ‘DNS’ (Digital Network System) disclosed yesterday that they suffered a data breach that exposed the personal information of customers and employees. DNS is...
The discovery of exploitable weaknesses in Log4j is resurfacing a 6-year-old push to save taxpayers money by calling on agencies to embrace open-source code. Leading cybersecurity...
The discovery of exploitable weaknesses in Log4j is resurfacing a 6-year-old push to save taxpayers money by calling on agencies to embrace open-source code. Leading cybersecurity...
The Cybersecurity and Infrastructure Security Agency (CISA) has added three more security flaws to its list of bugs exploited in attacks, including a Bitbucket Server RCE and...
Recent Comments