Connect with us
Embedthis has patched a null byte injection vulnerability in GoAhead, the embedded web server deployed in hundreds of millions of devices. “A specially crafted URL with a %00 character embedded...
An XML External Entity (XXE) injection bug in WordPress could allow attackers to remotely steal a victim’s files, researchers have revealed. Security researchers at SonarSource who discovered the...
As machine learning (ML) systems become a staple of everyday life, the security threats they entail will spill over into all kinds of applications we use,...
Between October 2020 and February 2021, Unit 42 researchers periodically scanned and analyzed unsecured Kubernetes (also known as k8s) clusters on the internet. Kubernetes clusters can...
Computer scientists who submitted supposed security patches that actually added security vulnerabilities to the Linux kernel have been placed under investigation by their university. Qiushi Wu and Kangjie...
Open Bug Bounty has around 1,300 active bug bounty programs and 22,000 registered security researchers, and is approaching one million coordinated disclosures, resulting in around half a...
FireEye has released details of zero-day vulnerabilities in SonicWall’s Email Security software which allowed attackers to obtain access to corporate networks and install backdoors on victim devices. In...
Miscreants are exploiting a newly-discovered vulnerability in the Nagios XI network monitoring software to run crypto-mining malware. The CVE-2021-25296 remote command injection vulnerability is being abused to deploy the XMRig...
Pulse Secure has shared mitigation measures for a zero-day authentication bypass vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance actively exploited in attacks against...
QNAP Systems has patched a pair of critical security vulnerabilities that could allow unauthenticated attackers to take control of its network-attached storage (NAS) devices. The flaws,...
Recent Comments