Vulnerability


  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    CISA calls for elimination of OS command injection vulnerabilities

    Threat groups target vulnerabilities in widely used network devices. CISA’s latest advisory urges software makers to eliminate them at the source.

    By July 11, 2024
  • SEC logo is on display outside its building in Washington, D.C.
    Image attribution tooltip
    Chip Somodevilla via Getty Images
    Image attribution tooltip

    MOVEit legal liabilities, expenses pile up for Progress Software

    The prospective financial hit from a widely exploited vulnerability in the file-transfer service is growing. Progress confronts lawsuits, regulator scrutiny and government investigations.

    By July 10, 2024
  • Rendering of digital data code in safety security technology concept.
    Image attribution tooltip
    iStock/Getty Images Plus via Getty Images
    Image attribution tooltip

    Microsoft warns of elevated risk in Rockwell Automation PanelView Plus CVEs

    Microsoft researchers warn the vulnerabilities can be exploited, potentially resulting in remote code execution and denial of service.

    By July 3, 2024
  • A bicyclist rides by a sign that is posted in front of the Cisco Systems headquarters on August 10, 2011 in San Jose, California.
    Image attribution tooltip
    Justin Sullivan via Getty Images
    Image attribution tooltip

    Cisco Nexus devices zero day raises alarms despite CVSS score

    Though the NX-OS CVE only has a 6.0 score, a suspected espionage actor is deploying custom malware to exploit a command injection vulnerability in a range of switching devices.

    By July 2, 2024
  • A closeup shot of long colorful lines of code on a computer screen.
    Image attribution tooltip
    Wirestock via Getty Images
    Image attribution tooltip

    700,000 OpenSSH servers vulnerable to remote code execution CVE

    The newly discovered vulnerability can be exploited by attackers to gain unauthenticated remote code execution with root privileges, Qualys researchers said.

    By July 1, 2024
  • software, code, computer
    Image attribution tooltip

    Markus Spiske

    Image attribution tooltip

    Memory-unsafe code runs rampant in critical open-source projects

    CISA and the FBI are part of an international effort to eliminate memory-unsafe languages which were found in more than half of critical open-source projects.

    By June 27, 2024
  • Binary code of ones and zeros
    Image attribution tooltip
    deberrar/Getty Images via Getty Images
    Image attribution tooltip

    Progress discloses more MOVEit CVEs, one year after 2023’s fiasco

    The enterprise software vendor and researchers have not observed active exploitation, but attempts are underway. Concerns are amplified by a spree of attacks that hit MOVEit last year.

    By Updated June 27, 2024
  • A male IT specialist holds a laptop and discusses work with a female server technician in a data center, standing before a rack server cabinet with a cloud server icon and visualization.
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    Cloud security becoming top priority for companies worldwide

    Application sprawl and the sensitive nature of the data organizations place in the cloud is complicating security, Thales found.

    By June 25, 2024
  • Green lights show behind plugged-in cables.
    Image attribution tooltip
    gorodenkoff/iStock via Getty Images
    Image attribution tooltip

    Nearly 150,000 ASUS routers potentially exposed to critical vulnerability

    Researchers said the CVE, which has a CVSS score of 9.8, raises additional concerns about the security of edge, small office and home office devices.

    By June 21, 2024
  • A closeup shot of long colorful lines of code on a computer screen.
    Image attribution tooltip
    Wirestock via Getty Images
    Image attribution tooltip

    TellYouThePass ransomware widely targets vulnerable PHP instances

    CISA added the CVE to its known exploited vulnerabilities catalog, but so far most of the infected hosts have been observed in China.

    By June 14, 2024
  • A close up of a man in a blue suit with a multicolored tie gesturing while seated at a desk.
    Image attribution tooltip
    Drew Angerer via Getty Images
    Image attribution tooltip

    Microsoft president promises significant culture changes geared towards security

    Brad Smith detailed plans to tie compensation to security, as lawmakers raised new questions about the company’s commitment to transparency.

    By June 14, 2024
  • software developers using computer to write code sitting at desk with multiple screens work remotely in home at night.
    Image attribution tooltip
    MTStock Studio via Getty Images
    Image attribution tooltip

    Rust Foundation leads the charge to improve critical systems security

    The foundation is standing up a consortium to boost the responsible use of the programming language at a time of heightened security risks.

    By June 12, 2024
  • Rendering of digital data code in safety security technology concept.
    Image attribution tooltip
    iStock/Getty Images Plus via Getty Images
    Image attribution tooltip

    SolarWinds file-transfer vulnerability ripe for exploitation, researchers warn

    Rapid7 researchers said Serv-U CVE can easily be exploited, a similar scenario that has led to other smash-and-grab attacks.

    By June 12, 2024
  • Team of hackers dressed in black work on computers in dark room.
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    Critical PHP CVE is under attack — research shows it’s easy to exploit

    Researchers warn they are seeing thousands of attacks against various targets, including financial services and healthcare, in the U.S. and other countries. 

    By June 11, 2024
  • The red lock and its structure explode in a digital computer setting.
    Image attribution tooltip
    TU IS via Getty Images
    Image attribution tooltip

    Cyber risk is rising for poorly configured OT devices

    Since late last year, researchers have identified more politically motivated groups targeting water and other key critical infrastructure systems.

    By June 3, 2024
  • Smiling businesswoman in headphones taking notes, working with laptop and talking smartphone, blue glowing information protection icons. Padlock, cloud and digital interface. Cyber security concept - stock photo
    Image attribution tooltip
    iStock via Getty Images
    Image attribution tooltip
    Sponsored by Avaya

    Securing your call centers: Best practices for cybersecurity protection

    All call centers face cybersecurity threats because they handle information like credit card numbers, health records, and personal purchase history. However, call centers that support federal agencies have the added risk of handling highly sensitive information, making them prime targets for cybercriminals.

    By Jerry Dotson, Vice President of Public Sector, Avaya • June 3, 2024
  • Rendering of digital data code in safety security technology concept.
    Image attribution tooltip
    iStock/Getty Images Plus via Getty Images
    Image attribution tooltip

    Check Point Software VPN exploitation risk greater than previously stated: researchers

    An attacker can move laterally and gain far more access to files than previously disclosed, researchers warn. Threat activity has been traced back to April.

    By May 31, 2024
  • A closeup shot of long colorful lines of code on a computer screen.
    Image attribution tooltip
    Wirestock via Getty Images
    Image attribution tooltip

    NIST has a plan to clear the vulnerability analysis backlog

    The Cybersecurity and Infrastructure Security Agency and government contractor Analygence will help clear the National Vulnerability Database backlog.

    By May 31, 2024
  • Cyber Security Data Breach Protection Ransomware Email Phishing Encrypted Technology, Digital Information Protected Secured
    Image attribution tooltip
    Just_Super via Getty Images
    Image attribution tooltip

    Check Point Software links newly identified CVE to VPN attacks

    The company is now mandating customers download a hotfix designed to prevent attackers from gaining access.

    By May 29, 2024
  • NIST administration building in Gaithersburg, Maryland.
    Image attribution tooltip
    Courtesy of NIST
    Image attribution tooltip

    Critical CVEs are going under-analyzed as NIST falls behind

    NIST has analyzed less than 1 in 10 vulnerabilities added to the National Vulnerability Database since mid-February, according to VulnCheck research.

    By May 28, 2024
  • Team of hackers dressed in black work on computers in dark room.
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    Check Point Software customers targeted by hackers using old, local VPN accounts

    The incidents mark the latest attempts to compromise organizations by exploiting vulnerable edge devices used for remote access.

    By May 28, 2024
  • 3D digital circular dynamic wave.
    Image attribution tooltip
    Vitalii Pasichnyk/Getty via Getty Images
    Image attribution tooltip

    Remote-access tools the intrusion point to blame for most ransomware attacks

    Self-managed VPNs from Cisco and Citrix were 11 times more likely to be linked to a ransomware attack last year, At-Bay research found.

    By May 16, 2024
  • FBI seal displayed on a wall
    Image attribution tooltip
    Chip Somodevilla/Getty Images via Getty Images
    Image attribution tooltip

    Black Basta ransomware is toying with critical infrastructure providers, authorities say

    The threat group has impacted more than 500 targets worldwide and the vast majority of critical infrastructure sectors.  Numerous attacks have exploited vulnerabilities in ConnectWise ScreenConnect.

    By May 13, 2024
  • A digital outline of a brain with lights emerging from the stem, creating a half circle that looks like the globe.
    Image attribution tooltip
    dem10 via Getty Images
    Image attribution tooltip

    Generative AI is a looming cybersecurity threat

    Researchers have not identified any AI-engineered cyberattack campaigns, yet, but they say it’s only a matter of time before an AI system is dominant enough in the market to draw attention. 

    By Jen A. Miller , May 8, 2024
  • Two people sitting on tall chairs on a stage speaking.
    Image attribution tooltip
    Matt Kapko/Cybersecurity Dive
    Image attribution tooltip

    China-linked attackers are successfully targeting network security devices, worrying officials

    Espionage groups linked to China are heavily exploiting zero days, focusing on devices that lack endpoint detection and response capabilities, one expert said.

    By May 7, 2024