vulnerability disclosure
A critical vulnerability in Delinea Secret Server allows auth bypass, admin access
Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass …
Vulnerability disclosure: Legal risks and ethical considerations for researchers
In this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in …
Open-source vulnerability disclosure: Exploitable weak spots
Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks before patches are …
GNOME users at risk of RCE attack (CVE-2023-43641)
If you’re running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption …
Be prepared to patch high-severity vulnerability in curl and libcurl
UPDATE (October 11, 2023, 07:15 a.m. ET): Curl v8.4.0 is out and fixes both CVE-2023-38545, a SOCKS5 heap buffer overflow vulnerability and CVE-2023-38546, a cookie injection …
Critical zero-days in Exim revealed, only 3 have been fixed
Six zero-days in Exim, the most widely used mail transfer agent (MTA), have been revealed by Trend Micro’s Zero Day Initiative (ZDI) last Wednesday. Due to what seems to …
How EU lawmakers can make mandatory vulnerability disclosure responsible
There is a standard playbook and best practice for when an organization discovers or is notified about a software vulnerability: The organization works quickly to fix the …
CyFox disclose Stremio vulnerability, developers don’t agree on findings
UPDATE: August 2, 10:21 AM PT The Stremio team published a blog post saying that they’ve received a report from CyFox, but that they did not consider it valid, so they …
Owncast, EaseProbe security vulnerabilities revealed
Oxeye has uncovered two critical security vulnerabilities and recommends immediate action to mitigate risk. The vulnerabilities were discovered in Owncast (CVE-2023-3188) and …
GitHub introduces private vulnerability reporting for open source repositories
GitHub has announced that its private vulnerability reporting feature for open source repositories is now available to all project owners. General availability The private …
Samsung, Vivo, Google phones open to remote compromise without user interaction
Several vulnerabilities in Samsung’s Exynos chipsets may allow attackers to remotely compromise specific Samsung Galaxy, Vivo and Google Pixel mobile phones with no user …
ICS vulnerabilities: Insights from advisories, how CVEs are reported
SynSaber recently released its second Industrial Control Systems (ICS) Vulnerabilities & CVEs Report. In this Help Net Security video, Ronnie Fabela, CTO at SynSaber, …
Featured news
Sponsored
Don't miss
- Tech stack uniformity has become a systemic vulnerability
- How human-led threat hunting complements automation in detecting cyber threats
- 33 open-source cybersecurity solutions you didn’t know you needed
- Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)
- AI cybersecurity needs to be as multi-layered as the system it’s protecting