Please turn on your JavaScript for this page to function normally.

vulnerability disclosure

Delinea Secret Server
A critical vulnerability in Delinea Secret Server allows auth bypass, admin access

Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass …

Eddie Zhang
Vulnerability disclosure: Legal risks and ethical considerations for researchers

In this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in …

open-source software
Open-source vulnerability disclosure: Exploitable weak spots

Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks before patches are …

GNOME users at risk of RCE attack (CVE-2023-43641)

If you’re running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption …

Be prepared to patch high-severity vulnerability in curl and libcurl

UPDATE (October 11, 2023, 07:15 a.m. ET): Curl v8.4.0 is out and fixes both CVE-2023-38545, a SOCKS5 heap buffer overflow vulnerability and CVE-2023-38546, a cookie injection …

Critical zero-days in Exim revealed, only 3 have been fixed

Six zero-days in Exim, the most widely used mail transfer agent (MTA), have been revealed by Trend Micro’s Zero Day Initiative (ZDI) last Wednesday. Due to what seems to …

How EU lawmakers can make mandatory vulnerability disclosure responsible

There is a standard playbook and best practice for when an organization discovers or is notified about a software vulnerability: The organization works quickly to fix the …

CyFox disclose Stremio vulnerability, developers don’t agree on findings

UPDATE: August 2, 10:21 AM PT The Stremio team published a blog post saying that they’ve received a report from CyFox, but that they did not consider it valid, so they …

Owncast, EaseProbe security vulnerabilities revealed

Oxeye has uncovered two critical security vulnerabilities and recommends immediate action to mitigate risk. The vulnerabilities were discovered in Owncast (CVE-2023-3188) and …

GitHub introduces private vulnerability reporting for open source repositories

GitHub has announced that its private vulnerability reporting feature for open source repositories is now available to all project owners. General availability The private …

Samsung Exynos
Samsung, Vivo, Google phones open to remote compromise without user interaction

Several vulnerabilities in Samsung’s Exynos chipsets may allow attackers to remotely compromise specific Samsung Galaxy, Vivo and Google Pixel mobile phones with no user …

ICS vulnerabilities: Insights from advisories, how CVEs are reported

SynSaber recently released its second Industrial Control Systems (ICS) Vulnerabilities & CVEs Report. In this Help Net Security video, Ronnie Fabela, CTO at SynSaber, …

Don't miss

Cybersecurity news