Please turn on your JavaScript for this page to function normally.
tunnel
Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868)

A vulnerability (CVE-2023-2868) in Barracuda Networks’ Email Security Gateway (ESG) appliances has been exploited by attackers, the company has warned. About …

Research result
Microsoft, GitHub announce application security testing tools for Azure DevOps

GitHub has announced that its application security testing tools are now more widely available for subscribers of Microsoft’s Azure DevOps Services. Enabling GitHub …

Zyxel
Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771)

A recently fixed command injection vulnerability (CVE-2023-28771) affecting a variety Zyxel firewalls may soon be exploited in the wild, Rapid7 researchers have warned, after …

Apple
Apple fixes WebKit 0-days under attack (CVE-2023-28204, CVE-2023-32373, CVE-2023-32409)

Apple has released security updates for iOS and iPadOS, macOS, tvOS and watchOS, delivering fixes for many vulnerabilities but, most importantly, for CVE-2023-32409, a WebKit …

Permit.io
Introducing Permit.io: Simplifying access control and policy management for developers

In this Help Net Security video interview, Or Weis, Co-Founder and CEO of Permit.io, discusses an innovative approach to managing permissions and access control within …

KeePass
KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784)

A vulnerability (CVE-2023-32784) in the open-source password manager KeePass can be exploited to retrieve the master password from the software’s memory, says the …

email
Fraudsters send fake invoice, follow up with fake exec confirmation

Fraudsters are trying out a new approach to convince companies to pay bogus invoices: instead of hijacking existing email threads, they are creating convincing ones …

Advantech EKI-1524-CE
Advantech’s industrial serial device servers open to attack

Three vulnerabilities in Advantech’s EKI series of serial device servers could be exploited to execute arbitrary commands on the OS level. Source: CyberDanube The …

Dragos
Dragos blocks ransomware attack, brushes aside extortion attempt

A ransomware group has tried and failed to extort money from Dragos, the industrial cybersecurity firm has confirmed on Wednesday, and reassured that none of its systems or …

laptop
Easily bypassed patch makes zero-click Outlook flaw exploitable again (CVE-2023-29324)

Among the vulnerabilities fixed by Microsoft on May 2023 Patch Tuesday is CVE-2023-29324, a bug in the Windows MSHTML platform that Microsoft rates as “important.” …

Patch Tuesday
Microsoft fixes two actively exploited bugs, one used by BlackLotus bootkit (CVE-2023-29336, CVE-2023-24932)

For May 2023 Patch Tuesday, Microsoft has delivered fixes for 38 CVE-numbered vulnerabilities, including a patch for a Windows bug (CVE-2023-29336) and a Secure Boot bypass …

MSI
MSI’s firmware, Intel Boot Guard private keys leaked

The cybercriminals who breached Taiwanese multinational MSI last month have apparently leaked the company’s private code signing keys on their dark web site. The breach …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released whent there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools