vulnerability disclosure
How to get better results from bug bounty programs without wasting money
The wrong bug bounty strategy can flood your team with low-value reports. The right one can surface critical vulnerabilities that would otherwise slip through. A new academic …
Ruckus network management solutions riddled with unpatched vulnerabilities
Claroty researcher Noam Moshe has discovered serious vulnerabilities in two Ruckus Networks (formerly Ruckus Wireless) products that may allow attackers to compromise the …
Vulnerabilities found in NASA’s open source software
Vulnerabilities in open source software developed and used in-house by NASA could be exploited to breach their systems, claims Leon Juranić, security researcher and founder of …
CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)
A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known …
Funding uncertainty may spell the end of MITRE’s CVE program
The future of the Common Vulnerabilities and Exposures (CVE) program hangs in the balance: MITRE, the not-for-profit US organization that runs it, could lose the US federal …
EU adopts Cyber Resilience Act to secure connected products
The EU Council has adopted the Cyber Resilience Act (CRA), a new law that aims to make consumer products with digital components safe(r) to use. CRA requirements The CRA …
A critical vulnerability in Delinea Secret Server allows auth bypass, admin access
Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass …
Vulnerability disclosure: Legal risks and ethical considerations for researchers
In this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in …
Open-source vulnerability disclosure: Exploitable weak spots
Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks before patches are …
GNOME users at risk of RCE attack (CVE-2023-43641)
If you’re running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption …
Be prepared to patch high-severity vulnerability in curl and libcurl
UPDATE (October 11, 2023, 07:15 a.m. ET): Curl v8.4.0 is out and fixes both CVE-2023-38545, a SOCKS5 heap buffer overflow vulnerability and CVE-2023-38546, a cookie injection …
Critical zero-days in Exim revealed, only 3 have been fixed
Six zero-days in Exim, the most widely used mail transfer agent (MTA), have been revealed by Trend Micro’s Zero Day Initiative (ZDI) last Wednesday. Due to what seems to …
Featured news
Resources
Don't miss
- Hackers used Cisco zero-day to plant rootkits on network switches (CVE-2025-20352)
- Microsoft revokes 200 certs used to sign malicious Teams installers
- A new approach to blockchain spam: Local reputation over global rules
- SAP zero-day wake-up call: Why ERP systems need a unified defense
- “Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253)