Please turn on your JavaScript for this page to function normally.

vulnerability disclosure

The state of coordinated vulnerability disclosure policies in EU

The European Union Agency for Cybersecurity (ENISA) publishes a map of national coordinated vulnerability disclosure (CVD) policies in the EU Member States and makes …

ICS vulnerability disclosures surge 110% over the last four years

Industrial control system (ICS) vulnerability disclosures grew a staggering 110% over the last four years, with a 25% increase in the second half (2H) of 2021 compared to the …

28,695 vulnerabilities were disclosed in 2021 – the highest number on record

A total of 28,695 vulnerabilities were disclosed in 2021, according to a report from Risk Based Security. That total is the highest number on record, and it puts the amount of …

The Log4j debacle showed again that public disclosure of 0-days only helps attackers

On December 9, 2021, a (now deleted) tweet linking to a 0-day proof of concept (PoC) exploit (also now deleted) for the Log4Shell vulnerability on GitHub set the internet on …

CISA launches US federal vulnerability disclosure platform

Bug hunters who want to help the US federal government secure their online assets can now source all the relevant information from a vulnerability disclosure policy (VDP) …

5G network slicing vulnerability leaves enterprises exposed to cyberattacks

AdaptiveMobile Security today publicly disclosed details of a major security flaw in the architecture of 5G network slicing and virtualized network functions. The fundamental …

2020 vulnerability disclosures on track to exceed those from 2019

2020 vulnerability disclosures are on track to exceed 2019 despite a sharp decrease of 19.2% observed earlier in the year, according to Risk Based Security. The team …

2020 to reach vulnerability disclosure levels similar to those in 2019

The number of vulnerability disclosures is back on track to reach or bypass 2019 as we head into 2021, according to Risk Based Security. The team aggregated 17,129 …

D-Link DSR-1000AC router
D-Link routers vulnerable to remotely exploitable root command injection flaw

The Digital Defense Vulnerability Research Team uncovered a previously undisclosed vulnerability affecting D-Link VPN routers. D-Link DSR-150, DSR-250, DSR-500 and DSR-1000AC …

open source
Open source vulnerabilities go undetected for over four years

For its annual State of the Octoverse report, GitHub has analyzed over 45,000 active code directories to provide insight into open source security (vulnerabilities) and …

The effectiveness of vulnerability disclosure and exploit development

New research into what happens after a new software vulnerability is discovered provides an unprecedented window into the outcomes and effectiveness of responsible …

Google discloses actively exploited Windows zero-day (CVE-2020-17087)

Google researchers have made public a Windows kernel zero day vulnerability (CVE-2020-17087) that is being exploited in the wild in tandem with a Google Chrome flaw …

Don't miss

Cybersecurity news