Security News

A security flaw has been disclosed in OpenWrt's Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The...

Iranian threat actors are utilizing a new malware named IOCONTROL to compromise Internet of Things (IoT) devices and OT/SCADA systems used by critical infrastructure in Israel and the United States. [...]

Cleo has released security updates for a zero-day flaw in its LexiCom, VLTransfer, and Harmony software, currently exploited in data theft attacks. [...]

More details released after devs allowed weeks to apply fixes We now know the remote code execution vulnerability in Apache Struts 2 disclosed back in November carries a near-maximum severity...

Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker Ivanti just put out a security advisory warning of three critical vulnerabilities in its Cloud Services...

Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code...

Identity security is all the rage right now, and rightfully so. Securing identities that access an organization’s resources is a sound security model. But IDs have their limits, and there are many...

Redmond threat intel maven talks explains this persistent pain to The Reg A Chinese government-linked group that Microsoft tracks as Storm-0227 yesterday started targeting critical infrastructures...

Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day,...

Researchers have published a proof-of-concept (PoC) exploit for CVE-2024-8785, a critical remote code execution vulnerability affecting Progress WhatsUp Gold, a popular network monitoring solution...