vulnerability

White House launches AI Cyber Challenge to make software more secure
The Biden-Harris Administration has launched a major two-year competition using AI to protect the United States’ most important software, such as code that helps run the …

Downfall attacks can gather passwords, encryption keys from Intel processors
A variety of Intel Core processors and the devices using them are vulnerable to “Downfall”, a new class of attacks made possible by CVE-2022-40982, which enables …

Data exfiltration is now the go-to cyber extortion strategy
The abuse of zero-day and one-day vulnerabilities in the past six months led to a 143% increase in victims when comparing Q1 2022 with Q1 2023, according to Akamai. Ransomware …

PaperCut fixes bug that can lead to RCE, patch quickly! (CVE-2023-39143)
Horizon3.ai researchers have published some details (but no PoC for now, thankfully!) about CVE-2023-39143, two vulnerabilities in PaperCut application servers that could be …

Top 12 vulnerabilities routinely exploited in 2022
Cybersecurity agencies from member countries of the Five Eyes intelligence alliance have released a list of the top 12 vulnerabilities routinely exploited in 2022, plus 30 …

VPNs remain a risky gamble for remote access
Organizations are expressing deep concerns about their network security due to the risks from VPNs, according to a new Zscaler report. The report stresses the need for …

Ivanti discloses another vulnerability in MobileIron Core (CVE-2023-35082)
Ivanti has disclosed a critical vulnerability (CVE-2023-35082) affecting old, out-of-support versions of MobileIron Core, an enterprise device solution that has since been …

Salesforce and Meta suffer phishing campaign that evades typical detection methods
The Guardio research team discovered an email phishing campaign exploiting a zero-day vulnerability in Salesforce’s legitimate email services and SMTP servers. Phishing email …

Android n-day bugs pose zero-day threat
In the Android ecosystem, n-day vulnerabilities are almost as dangerous as zero-days, according to Google’s review of zero-days exploited in the wild in 2022. N-days …

CyFox disclose Stremio vulnerability, developers don’t agree on findings
UPDATE: August 2, 10:21 AM PT The Stremio team published a blog post saying that they’ve received a report from CyFox, but that they did not consider it valid, so they …

Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081)
Another actively exploited zero-day vulnerability (CVE-2023-35081) affecting Ivanti Endpoint Manager Mobile (EPMM) has been identified and fixed. The first zero-day spotted …

New persistent backdoor used in attacks on Barracuda ESG appliances
The Cybersecurity and Infrastructure Agency (CISA) has published an analysis report on the backdoors dropped by attackers exploiting CVE-2023-2868, a remote command injection …
Featured news
Resources
Don't miss
- Google patches actively exploited Chrome (CVE‑2025‑6554)
- Federal Reserve System CISO on aligning cyber risk management with transparency, trust
- How cybercriminals are weaponizing AI and what CISOs should do about it
- How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics
- CitrixBleed 2 might be actively exploited (CVE-2025-5777)