![F5](https://img.helpnetsecurity.com/wp-content/uploads/2023/06/12101425/f5-1-400x200.jpg)
F5 fixes BIG-IP Next Central Manager flaws with public PoCs (CVE-2024-21793, CVE-2024-26026)
Eclypsium researchers have published details and PoC exploits for two remotely exploitable injection vulnerabilities (CVE-2024-21793, CVE-2024-26026) affecting F5’s BIG-IP …
![CVE](https://img.helpnetsecurity.com/wp-content/uploads/2024/02/23122922/cve-1400-400x200.jpg)
CISA starts CVE “vulnrichment” program
The US Cybersecurity and Infrastructure Agency (CISA) has announced the creation of “Vulnrichment,” a new project that aims to fill the CVE enrichment gap created …
![TunnelVision](https://img.helpnetsecurity.com/wp-content/uploads/2024/05/08150250/tunnelvision-1500-400x200.webp)
Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661)
Researchers have brought to light a new attack method – dubbed TunnelVision and uniquely identified as CVE-2024-3661 – that can be used to intercept and snoop on …
![Veeam](https://img.helpnetsecurity.com/wp-content/uploads/2024/05/08110557/veeam-1500-400x200.webp)
Veeam fixes RCE flaw in backup management platform (CVE-2024-29212)
Veeam has patched a critical vulnerability (CVE-2024-29212) in Veeam Service Provider Console (VSPC) and is urging customers to implement the patch. About CVE-2024-29212 Veeam …
![CVE](https://img.helpnetsecurity.com/wp-content/uploads/2024/02/23122922/cve-1400-400x200.jpg)
Why cloud vulnerabilities need CVEs
When considering vulnerability management’s purpose in a modern world, it’s imperative to recognize the huge transition to new technologies and how you manage risk …
![printer](https://img.helpnetsecurity.com/wp-content/uploads/2020/05/14114130/printer-windows-400x200.jpg)
Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028)
For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulnerability in Windows Print …
![CrushFTP](https://img.helpnetsecurity.com/wp-content/uploads/2024/04/23114915/crush_ftp-23042024-1456x816px-400x200.webp)
CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040)
A vulnerability (CVE-2024-4040) in enterprise file transfer solution CrushFTP is being exploited by attackers in a targeted fashion, according to Crowdstrike. The …
![Ivanti](https://img.helpnetsecurity.com/wp-content/uploads/2024/01/19151341/ivanti-blocks2-1400-400x200.jpg)
Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)
The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of …
![Patch Tuesday](https://img.helpnetsecurity.com/wp-content/uploads/2024/03/12195711/patch_tuesday_2024-400x200.webp)
Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234)
On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked …
![NIST NVD](https://img.helpnetsecurity.com/wp-content/uploads/2024/04/03121316/nist_nvd-1500-400x200.webp)
NVD: NIST is working on longer-term solutions
The recent conspicuous faltering of the National Vulnerability Database (NVD) is “based on a variety of factors, including an increase in software and, therefore, …
![Linux alert](https://img.helpnetsecurity.com/wp-content/uploads/2024/03/29183422/linux-alert-1500-2-400x200.webp)
Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)
UPDATE: April 9, 09:23 AM ET Two stories have been published since this initial release: Which Linux distros are affected and what can you do? XZ Utils backdoor: Detection …
![CVE](https://img.helpnetsecurity.com/wp-content/uploads/2024/02/23122922/cve-1400-400x200.jpg)
CVE count set to rise by 25% in 2024
The report from Coalition indicates an anticipated 25% rise in the total count of published common vulnerabilities and exposures (CVEs) for 2024, reaching 34,888 …
Featured news
Sponsored
Don't miss
- Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327)
- Docker fixes critical auth bypass flaw, again (CVE-2024-41110)
- Learning from CrowdStrike’s quality assurance failures
- BIND 9.20 released: Enhanced DNSSEC support, application infrastructure improvements
- How CISOs enable ITDR approach through the principle of least privilege