SEC Consult
Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes
September 2024 Patch Tuesday is here and Microsoft has delivered 79 fixes, including those for a handful of zero-days (CVE-2024-38217, CVE-2024-38226, CVE-2024-38014, …
9 million Xiongmai cameras, DVRs wide open to attack
SEC Consult researchers have issued a warning about a handful of critical vulnerabilities they discovered in video surveillance equipment by Chinese manufacturer Hangzhou …
Vulnerability research and responsible disclosure: Advice from an industry veteran
“Everything changes once you have to supervise and mentor and schedule and coordinate and keep in mind all the things others don’t. You often have to hold back your own …
Crypto flaw in Oracle Access Manager can let attackers pass through
A padding oracle vulnerability in Oracle Access Manager (CVE-2018-2879) can be exploited by attackers to bypass authentication and impersonate any user account. About the …
“Deliberately hidden” backdoor found on US government’s comms system
Researchers from Austrian infosec outfit SEC Consult have unearthed what they dubbed a “deliberately hidden backdoor account” in NX-1200, a network controller …
Featured news
Resources
Don't miss
- How state-sponsored attackers hijacked Notepad++ updates
- Open-source AI pentesting tools are getting uncomfortably good
- What boards need to hear about cyber risk, and what they don’t
- Security work keeps expanding, even with AI in the mix
- Ivanti provides temporary patches for actively exploited EPMM zero-day (CVE-2026-1281)