vulnerability

Common insecure configuration opens Apache Superset servers to compromise
An insecure default configuration issue (CVE-2023-27524) makes most internet-facing Apache Superset servers vulnerable to attackers, Horizon3.ai researchers have discovered. …

VMware fixes critical flaws in virtualization software (CVE-2023-20869, CVE-2023-20870)
VMware has fixed one critical (CVE-2023-20869) and three important flaws (CVE-2023-20870, CVE-2023-20871, CVE-2023-20872) in its VMware Workstation and Fusion virtual user …

PoC exploit for abused PaperCut flaw is now public (CVE-2023-27350)
An unauthenticated RCE flaw (CVE-2023-27350) in widely-used PaperCut MF and NG print management software is being exploited by attackers to take over vulnerable application …

VMware plugs security holes in VMware Aria Operations for Logs (CVE-2023-20864, CVE-2023-20865)
VMware has fixed two vulnerabilities (CVE-2023-20864, CVE-2023-20865) in VMware Aria Operations for Logs (formerly vRealize Log Insight), a widely used cloud solution for log …

Study of past cyber attacks can improve organizations’ defense strategies
Ransomware operators have been increasingly launching frequent attacks, demanding higher ransoms, and publicly exposing victims, leading to the emergence of an ecosystem that …

Security beyond software: The open source hardware security evolution
Mention IT security, and most people immediately think of software-based protections against software-based threats: ransomware, viruses, and other forms of malware. But …

HashiCorp Vault vulnerability could lead to RCE, patch today! (CVE-2023-0620)
Oxeye discovered a new vulnerability (CVE-2023-0620) in the HashiCorp Vault Project, an identity-based secrets and encryption management system that controls access to API …

IT and security pros pressured to keep quiet about data breaches
Organizations globally are under tremendous pressure to address evolving threats like ransomware, zero-day vulnerabilities, and espionage, and they face challenges in …

Vulnerabilities impacting multiple QNAP operating systems (CVE-2022-27597, CVE-2022-27598)
Two vulnerabilities affecting various QNAP operating systems (CVE-2022-27597 and CVE-2022-27598) have been uncovered by Sternum. These vulnerabilities enable authenticated …

Millions still exposed despite available fixes
Although KEV catalog vulnerabilities are frequent targets of APT Groups, a large and exploitable attack surface remains due to software vendors’ lack of awareness and …

A bug revealed ChatGPT users’ chat history, personal and billing data
A vulnerability in the redis-py open-source library was at the root of last week’s ChatGPT data leak, OpenAI has confirmed. Not only were some ChatGPT users able to see …

The era of passive cybersecurity awareness training is over
Despite increased emphasis on cybersecurity from authorities and high-profile breaches, critical gaps in vulnerability management within organizations are being overlooked by …