vulnerability
Critical holes plugged in Cisco 220 Series smart switches
Cisco has fixed three vulnerabilities in its Cisco 220 Series smart switches and is urging owners to upgrade their firmware as soon as possible. Among these are two critical …
Digital bank Monzo urges customers to change PINs following security breach
Monzo, a UK-based mobile-only bank, has notified a subset of its users that their PINs have been inadvertently leaked into internal log files and were accessible to some of …
Online skimming: An emerging threat that requires urgent awareness and attention
A growing threat that all merchants and service providers should be aware of is web-based or online skimming. These attacks infect e-commerce websites with malicious code, …
Research shows that devices banned by US government lack basic security practices
As the August 13 deadline looms for the US ban on Chinese surveillance cameras, the news cycle is re-engaged with the issue. The panic about banned cameras still being in …
AWDL flaws open Apple users to tracking, MitM, malware planting
Vulnerabilities in Apple Wireless Direct Link (AWDL), the wireless protocol that underpins Apple’s AirPlay and AirDrop services, could allow attackers to track users in …
200 million enterprise, industrial, and medical devices affected by RCE flaws in VxWorks RTOS
Armis researchers have discovered 11 vulnerabilities (including 6 critical RCE flaws) in Wind River VxWorks, a real-time operating system used by more than two billion devices …
Released: PoC for RCE flaw in Palo Alto Networks firewalls, gateways
Palo Alto Networks has silently patched a critical remote code execution vulnerability in its enterprise GlobalProtect SSL VPN, which runs on Palo Alto Networks’ …
Flaw in Iomega, LenovoEMC NAS devices exposes millions of files on the Internet
A vulnerability in legacy Iomega and LenovoEMC network-attached storage (NAS) devices has led to many terabytes of potentially sensitive data being accessible to anyone via …
Researcher releases PoC code for critical Atlassian Crowd RCE flaw
A researcher has released proof-of-concept code for a critical code execution vulnerability (CVE-2019-11580) in Atlassian Crowd, a centralized identity management solution …
CVSS 3.1: Refined and updated for easier adoption by the security community
The Forum of Incident Response and Security Teams (FIRST) has published an update of its internationally recognized Common Vulnerability Scoring System (CVSS). CVSS is a …
Small and mid-sized organizations remain especially vulnerable to persistent compromises
Despite sophisticated prevention security tools, small to mid-sized organizations continue to be especially vulnerable to long lasting breaches due to their inability to …
Citrix plugs critical Citrix SD-WAN flaws, patch ASAP!
Researchers have found critical vulnerabilities in Citrix SD-WAN, one of the most widely used SD-WAN solutions out there, and are urging administrators to patch them as soon …
Featured news
Resources
Don't miss
- Gainsight breach: Salesforce details attack window, issues investigation guidance
- New “HashJack” attack can hijack AI browsers and assistants
- Heineken CISO champions a new risk mindset to unlock innovation
- Small language models step into the fight against phishing sites
- Black Friday 2025 for InfoSec: How to spot real value and avoid the noise