Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP!
The day after VMware released fixes for a critical RCE flaw (CVE-2021-21972) found in a default vCenter Server plugin, opportunistic attackers began searching for publicly …
57% of vulnerabilities in 2020 were classified as critical or high severity
NIST logged more than 18,000 vulnerabilities in 2020, over 10,000 of which were critical or high severity – an all-time high. Redscan’s analysis looks beyond severity scores, …
Nearly 40% of consumers lost money to phone scams in 2020
Businesses and consumers are relying on the voice call more than ever during the pandemic with voice traffic up 184% in 2020 compared to 2019, according to a Hiya report. …
Accellion to retire enterprise file-sharing product targeted in recent attacks
U.S.-based cloud solutions company Accellion will soon retire FTA, its legacy enterprise file-sharing solution, vulnerabilities in which have recently been exploited by …
When it comes to vulnerability triage, ditch CVSS and prioritize exploitability
When it comes to software security, one of the biggest challenges facing developers today is information overload. Thanks in part to the widespread proliferation and use of …
Top 10 most exploited vulnerabilities from 2020
Vulnerability intelligence-as-a-service outfit vFeed has compiled a list of the top 10 most exploited vulnerabilities from 2020, and among them are SMBGhost, Zerologon, and …
Out-of-band Drupal security updates fix bugs with known exploits
Drupal has released out-of-band security updates to fix two critical code execution flaws (CVE-2020-28948, CVE-2020-28949) in Drupal core, as “there are known exploits …
The effectiveness of vulnerability disclosure and exploit development
New research into what happens after a new software vulnerability is discovered provides an unprecedented window into the outcomes and effectiveness of responsible …
Critical vulnerabilities in Cisco Security Manager fixed, researcher discloses PoCs
Cisco has patched two vulnerabilities in its Cisco Security Manager solution, both of which could allow unauthenticated, remote attackers to gain access to sensitive …
Git LFS vulnerability allows attackers to compromise targets’ Windows systems (CVE-2020-27955)
A critical vulnerability (CVE-2020-27955) in Git Large File Storage (Git LFS), an open source Git extension for versioning large files, allows attackers to achieve remote code …
Google fixes two actively exploited Chrome zero-days (CVE-2020-16009, CVE-2020-16010)
For the third time in two weeks, Google has patched Chrome zero-day vulnerabilities that are being actively exploited in the wild: CVE-2020-16009 is present in the desktop …
Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882)
A critical and easily exploitable remote code execution vulnerability (CVE-2020-14882) in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned. Oracle …
Featured news
Resources
Don't miss
- CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)
- Deepfake attacks could cost you more than money
- Coinbase suffers data breach, gets extorted (but won’t pay)
- Samsung patches MagicINFO 9 Server vulnerability exploited by attackers
- Building cybersecurity culture in science-driven organizations