Security News

Threat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader along with a previously undocumented .NET compiled loader codenamed NETXLOADER as part of a...

As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024. "We continue to see vulnerabilities being exploited at a fast pace...

Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. [...]

A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public...

US agencies blasted 'unforgivable' SQLi flaws earlier this year Open-source enterprise network and application monitoring provider Zabbix is warning customers of a new critical vulnerability that...

Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287, which was actively exploited as a zero-day to download files. [...]

The Securities and Exchange Commission charged four current and former public companies – Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited – with...

The U.S. Securities and Exchange Commission (SEC) has charged four current and former public companies for making "materially misleading disclosures" related to the large-scale cyber attack that...

Unisys, Avaya, Check Point, and Mimecast settled with the agency without admitting or denying wrongdoing Four high-profile tech companies reached an agreement with the Securities and Exchange...

WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site. [...]