Vulnerability


  • The FBI seal
    Image attribution tooltip
    Chip Somodevilla via Getty Images
    Image attribution tooltip
  • Telecom network above a city
    Image attribution tooltip
    NicoElNino via Getty Images
    Image attribution tooltip

    Researchers warn of critical flaw found in Erlang OTP SSH

    The CVE could allow unauthenticated attackers to gain full access to a device. Many of these devices are widely used in IoT and telecom platforms.

    By April 21, 2025
  • A sign is seen at the Microsoft headquarters on July 3, 2024 in Redmond, Washington.
    Image attribution tooltip
    David Ryder / Stringer via Getty Images
    Image attribution tooltip

    Microsoft strengthens in-house cyber governance, training

    The technology giant, as part of its Secure Future Initiative program, has overhauled security practices following a series of crippling nation-state-linked cyberattacks.

    By April 21, 2025
  • AI icon and vulnerability alert on screen, symbolizing real-time cybersecurity against non-human identity threats.
    Image attribution tooltip

    Image generated by ChatGPT / OpenAI

    Image attribution tooltip
    Sponsored by Palo Alto Networks

    How next-generation firewalls are evolving in a world of AI-enabled cyberattacks

    Discover how Next-Generation Firewalls are adapting to combat AI-enabled cyberattacks and evolving to protect organizations in today's dynamic threat landscape.

    By Rich Campagna, SVP of Product Management at Palo Alto Networks • April 21, 2025
  • Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol. 3d rendering.
    Image attribution tooltip
    Getty Images via Getty Images
    Image attribution tooltip

    Older SonicWall SMA100 vulnerability exploited in the wild

    CISA added the high-severity flaw, initially disclosed in 2021, to its known exploited vulnerabilities catalog this week.

    By April 17, 2025
  • Oracle office in Lehi City, Utah, USA, June 25, 2023.
    Image attribution tooltip
    JHVEPhoto via Getty Images
    Image attribution tooltip

    CISA warns companies to secure credentials amid Oracle Cloud breach claims

    The agency is asking organizations to come forward if they detect suspicious activity or other evidence of a compromise.

    By April 17, 2025
  • Smiling businesswoman in headphones taking notes, working with laptop and talking smartphone, blue glowing information protection icons. Padlock, cloud and digital interface. Cyber security concept - stock photo
    Image attribution tooltip
    iStock via Getty Images
    Image attribution tooltip

    Mitre CVE program regains funding as renewal deal reached

    The information security industry feared a lapse would lead to industrywide exposures of software vulnerabilities.

    By April 16, 2025
  • A gray four-door crossover vehicle with a woman seated with her hand on the steering wheel is parked in front of a Hertz building.
    Image attribution tooltip
    Courtesy of Hertz/GM
    Image attribution tooltip

    Hertz says personal data breached in connection with Cleo file-transfer flaws

    The company is the latest organization to investigate or disclose an incident linked to a monthslong attack spree.

    By April 15, 2025
  • Person using multiple devices.
    Image attribution tooltip
    AntonioGuillem/Getty Images Plus via Getty Images
    Image attribution tooltip

    Remote access tools most frequently targeted as ransomware entry points

    Supply chain risk via third-party vendors increased sharply last year, according to a report by At-Bay.

    By April 11, 2025
  • Microsoft AI antitrust concerns
    Image attribution tooltip
    jeenah Moon via Getty Images
    Image attribution tooltip

    Windows CLFS zero-day exploited in ransomware attacks

    A threat actor tracked as Storm-2460 has used PipeMagic malware to facilitate the attacks.

    By April 9, 2025
  • Rocket ships with animals going into space
    Image attribution tooltip
    Permission granted by 10k Media
    Image attribution tooltip
    Sponsored by 10k Media

    How AI Agents can help AppSec teams keep up with AI-generated code vulnerabilities

    While AppSec teams are stuck with legacy scanners and backlogs, developers and hackers have adopted AI tools to accelerate their respective objectives.

    By Charlie Klein, Director of Product Marketing, Jit • April 8, 2025
  • Digital technology vector background depicting a cyberattack.
    Image attribution tooltip
    WhataWin via Getty Images
    Image attribution tooltip

    CISA adds Ivanti Connect Secure vulnerability to KEV catalog

    CVE-2025-22457 is a critical stack buffer-overflow vulnerability. Ivanti had initially assessed as a low-level product bug that could not be exploited remotely.

    By April 7, 2025
  • Commerce Secretary Lutnick on the White House lawn after speaking to the press.
    Image attribution tooltip
    Andrew Harnik via Getty Images
    Image attribution tooltip

    House members press Commerce Secretary Lutnick on DOGE-related job cuts at NIST

    The agency has already slashed dozens of probationary workers, and further cuts could have major consequences for cybersecurity standards and AI development. 

    By April 3, 2025
  • Sam's Club
    Image attribution tooltip
    Courtesy of Sam's Club
    Image attribution tooltip

    Sam’s Club investigating attack claim linked to Clop ransomware

    The prolific gang is linked to the exploitation of critical flaws in Cleo file transfer software.

    By April 1, 2025
  • Exclamation mark depicted over code.
    Image attribution tooltip
    WhataWin/Getty Images via Getty Images
    Image attribution tooltip

    Critical vulnerability in CrushFTP file transfer software under attack

    Questions and confusion surround the authentication bypass vulnerability, which was privately disclosed to customers on March 21.

    By April 1, 2025
  • A person types on a laptop in a dark room.
    Image attribution tooltip
    jariyawat thinsandee via Getty Images
    Image attribution tooltip

    CISA warns new malware targeting Ivanti zero-day vulnerability

    CVE-2025-0282, a critical vulnerability that affects Ivanti’s Connect Secure, Policy Secure and ZTA Gateway products, was disclosed and patched in January.

    By March 31, 2025
  • Oracle corporation sign hanging on the top of the building in Brisbane.
    Image attribution tooltip
    Marlon Trottmann via Getty Images
    Image attribution tooltip

    Cybersecurity firms brace for impact of potential Oracle Cloud breach

    As evidence continues to pile up, security providers warn customers to secure networks.

    By March 28, 2025
  • An array of solar panels stands on a farm
    Image attribution tooltip
    Robert Nickelsberg via Getty Images
    Image attribution tooltip

    Solar power gear vulnerable to remote sabotage

    Security flaws underscore the risk of cyber threat actors commandeering parts of the electric grid.

    By Eric Geller, Contributing Reporter • March 28, 2025
  • Oracle's Silicon Valley corporate headquarters in Redwood, California pictured on September 9, 2019.
    Image attribution tooltip
    Sundry Photography via Getty Images
    Image attribution tooltip

    Threat actor in Oracle Cloud breach may have gained access to production environments

    Researchers from CloudSEK are analyzing a data sample from a threat actor that claimed a massive breach involving 6 million records. 

    By March 27, 2025
  • New generation internet technologies and security bug.
    Image attribution tooltip
    Devrimb
    Image attribution tooltip

    DrayTek routers face active exploitation of older vulnerabilities

    The company’s devices are also randomly rebooting in connection with additional CVEs disclosed earlier this month.

    By March 26, 2025
  • Microsoft building with logo
    Image attribution tooltip
    HJBC via Getty Images
    Image attribution tooltip

    Russian threat actor weaponized Microsoft Management Console flaw

    A threat actor known as “EncryptHub” began exploiting the zero-day vulnerability before it was patched earlier this month.

    By Elizabeth Montalbano, Contributing Reporter • Updated March 26, 2025
  • Cloud Network Solution digital background. Cyber Security and Cloud Technology Concept
    Image attribution tooltip
    da-kuk via Getty Images
    Image attribution tooltip

    Critical vulnerabilities put Kubernetes environments in jeopardy

    Wiz researchers warned that several CVEs in Ingress NGINX Controller for Kubernetes make nearly half of all cloud environments at risk of takeover.

    By Updated March 25, 2025
  • Rendered image depicting global networks.
    Image attribution tooltip
    DKosig via Getty Images
    Image attribution tooltip

    Critical Apache Tomcat RCE vulnerability exploited

    Attack attempts via CVE-2025-24813 are underway, but successful attacks require specific, non-default configurations, according to GreyNoise.

    By March 24, 2025
  • Cybersecurity Challenges in Remote Work, exploring vulnerabilities, evolving threats, employee awareness, digital transformation impacts
    Image attribution tooltip

    stock.adobe.com/peera

    Image attribution tooltip
    Sponsored by Veracode

    How ASPM gives you control over complex architectures

    ASPM gives organizations control by unifying risk data, automating threat analysis, and prioritizing vulnerabilities based on their business impact.

    By Sohail Iqbal, Chief Information Security Officer, Veracode • March 24, 2025
  • Coinbase
    Image attribution tooltip
    Courtesy of Coinbase
    Image attribution tooltip

    Coinbase originally targeted during GitHub Action supply chain attack

    Researchers from Palo Alto Networks said the hackers likely planned to leverage an open source project of the company for additional attacks.

    By March 21, 2025