Zeljka Zorz
Crypto audit of Threema revealed many vulnerabilities
Researchers have discovered cryptographic vulnerabilities in Swiss-based secure messaging application Threema that may have allowed attackers to do things like break …
Microsoft plugs actively exploited zero-day hole (CVE-2023-21674)
To mark the January 2023 Patch Tuesday, Microsoft has released patches for 98 CVE-numbered vulnerabilities, including one exploited in the wild (CVE-2023-21674) and one …
You must build a security team. Where do you start?
Security veteran Chris Deibler, the new VP of Security at DataGrail, has been brought in to build the company’s security team to support its growth. A former Director of …
Rackspace ransomware attack was executed by using previously unknown security exploit
The MS Exchange exploit chain recently revealed by Crowdstrike researchers is how the Play ransomware gang breached the Rackspace Hosted Exchange email environment, the …
LastPass says attackers got users’ info and password vault data
The August 2022 LastPass breach has resulted in potentially catastrophic consequences for the company and some of its users: attackers have made off with unencrypted customer …
New Microsoft Exchange exploit chain lets ransomware attackers in (CVE-2022-41080)
Ransomware-wielding attackers are using a new exploit chain that includes one of the ProxyNotShell vulnerabilities (CVE-2022-41082) to achieve remote code execution on …
OSV-Scanner: A free vulnerability scanner for open-source software
After releasing the Open Source Vulnerabilities database (OSV.dev) in February, Google has launched the OSV-Scanner, a free command line vulnerability scanner that open source …
Microsoft fixes exploited zero-day, revokes certificate used to sign malicious drivers (CVE-2022-44698)
It’s December 2022 Patch Tuesday, and Microsoft has delivered fixes for 50+ vulnerabilities, including a Windows SmartScreen bypass flaw (CVE-2022-44698) exploited by …
State-sponsored attackers actively exploiting RCE in Citrix devices, patch ASAP! (CVE-2022-27518)
An unauthenticated remote code execution flaw (CVE-2022-27518) is being leveraged by a Chinese state-sponsored group to compromise Citrix Application Delivery Controller (ADC) …
Critical FortiOS pre-auth RCE vulnerability exploited by attackers (CVE-2022-42475)
A critical RCE vulnerability (CVE-2022-42475) in Fortinet’s operating system, FortiOS, is being exploited by attackers, reportedly by a ransomware group. “Fortinet …
Vulnerability with public PoC affects Cisco IP phones, fix unavailable (CVE-2022-20968)
A high-risk stack overflow vulnerability (CVE-2022-20968) may allow attackers to DoS or possibly even execute code remotely on Cisco 7800 and 8800 Series IP phones, the …
Apple unveils end-to-end encryption for iCloud backup, Photos, etc.
Apple is expanding end-to-end encryption options for users and finally offering E2EE for their iCloud backup. Advanced Data Protection for iCloud “iCloud already …
Featured news
Resources
Don't miss
- Security work keeps expanding, even with AI in the mix
- Ivanti provides temporary patches for actively exploited EPMM zero-day (CVE-2026-1281)
- Google disrupts proxy network used by 550+ threat groups
- eScan AV users targeted with malicious updates
- Google agrees to pay $135 million over Android data harvesting claims