CVEMap: Open-source tool to query, browse and search CVEs
CVEMap is an open-source command-line interface (CLI) tool that allows you to explore Common Vulnerabilities and Exposures (CVEs). It’s designed to offer a streamlined …
45% of critical CVEs left unpatched in 2023
Global attack attempts more than doubled in 2023, increasing 104%, according to Armis. Blind spots and critical vulnerabilities are worsening, with 45% of critical CVEs …
Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527)
Atlassian has patched a critical vulnerability (CVE-2023-22527) in Confluence Data Center and Confluence Server that could lead to remote code execution. The good news is that …
Creating a formula for effective vulnerability prioritization
In this Help Net Security interview, Michael Gorelik, CTO and Head of Malware Research at Morphisec, provides insights into the business impact of vulnerabilities. Gorelik …
December 2023 Patch Tuesday: 33 fixes to wind the year down
Microsoft’s December 2023 Patch Tuesday is a light one: 33 patches, only four of which are deemed critical. “This month, Microsoft did not patch any zero-day …
The hidden costs of Java, and the impact of pricing changes
An overwhelming 98% of all the businesses surveyed use Java in their software applications or infrastructure, and 57% of those organizations indicate that Java is the backbone …
Dangerous vulnerability can be exploited to carry out massive DDoS attacks (CVE-2023-44487)
Cloudflare, Google, and Amazon AWS revealed that a zero-day vulnerability in the HTTP/2 protocol has been used to mount massive, high-volume DDoS attacks, which they dubbed …
October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty
UPDATE: October 10, 12:10 PM PT – October 2023 Patch Tuesday is now live: Microsoft fixes exploited WordPad, Skype for Business zero-days September has been a packed …
Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802)
September 2023 Patch Tuesday is here, with fixes for actively exploited vulnerabilities in Adobe Acrobat and Reader (CVE-2023-26369), Microsoft Word (CVE-2023-36761), and …
The ransomware rollercoaster continues as criminals advance their business models
Ransomware shows no signs of slowing, with ransomware activity ending 13 times higher than at the start of 2023 as a proportion of all malware detections, according to …
Owncast, EaseProbe security vulnerabilities revealed
Oxeye has uncovered two critical security vulnerabilities and recommends immediate action to mitigate risk. The vulnerabilities were discovered in Owncast (CVE-2023-3188) and …
High-risk vulnerabilities patched in ABB Aspect building management system
Prism Infosec has identified two high-risk vulnerabilities within the Aspect Control Engine building management system (BMS) developed by ABB. ABB’s Aspect BMS enables users …