Zeljka Zorz
How can SMBs extend their SecOps capabilities without adding headcount?
Which is more important for achieving organizational cybersecurity: security products or security people? The right answer to this (trick) question is that both are equally …
CTO of Security at Salesforce talks e-commerce cybersecurity threat trends for 2022
Online retailers are dealing with more cybersecurity threats than ever before, and the holiday (shopping) season is when they have to fend them off most aggressively. In this …
The Log4j saga: New vulnerabilities and attack vectors discovered
The Apache Log4j saga continues, as several new vulnerabilities have been discovered in the popular library since Log4Shell (CVE-2021-44228) was fixed by releasing Log4j …
Log4Shell: A new fix, details of active attacks, and risk mitigation recommendations
Due to the extraordinary widespread use of the open-source Apache Log4j library, the saga of the Log4Shell (CVE-2021-44228) vulnerability is nowhere near finished. As Dr. …
Microsoft patches spoofing vulnerability exploited by Emotet (CVE-2021-43890)
It’s the final Patch Tuesday of 2021 and Microsoft has delivered fixes for 67 vulnerabilities, including a spoofing vulnerability (CVE-2021-43890) actively exploited to …
Ransomware hits HR solutions provider Kronos, locking customers out of vital services
The end of the year chaos caused by the revelation of the Log4Shell vulnerability has, for some organizations, been augmented by a ransomware attack on Ultimate Kronos Group …
Enterprise email encryption without friction? Yes, it’s possible
Secure communication enables more efficient communication and the secure exchange of digital documents. It can also be a fantastic customer service tool and – crucially …
Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation
Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular …
Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228)
A critical zero-day vulnerability in Apache Log4j (CVE-2021-44228), a widely used Java logging library, is being leveraged by attackers in the wild – for now, …
Vulnerabilities in Eltima SDK affect popular cloud desktop and USB sharing services
SentinelOne researchers have unearthed a number of privilege escalation vulnerabilities in Eltima SDK, a library used by many cloud desktop and USB sharing services like …
QNAP NAS devices targeted by new bitcoin miner
Unsecured QNAP NAS devices are getting covertly saddled with a new bitcoin miner, QNAP has warned users. “Once a NAS is infected, CPU usage becomes unusually high where …
It’s time to patch your SonicWall SMA 100 series appliances again!
SonicWall has fixed a handful of vulnerabilities affecting its SMA 100 series appliances and is urging organizations to implement the patches as soon as possible. Although …
Featured news
Resources
Don't miss
- ProxyBridge: Open-source proxy routing for Windows applications
- Shadow AI risk: Navigating the growing threat of ungoverned AI adoption
- CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042)
- Attackers exploited another Gladinet Triofox zero-day (CVE-2025-12480)
- To get funding, CISOs are mastering the language of money