Security News

159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure
2025-04-24 12:58

As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024. "We continue to see vulnerabilities being exploited at a fast pace...

Hackers exploit WordPress plugin auth bypass hours after disclosure
2025-04-10 19:11

Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. [...]

Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure
2025-03-17 17:08

A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public...

Zabbix urges upgrades after critical SQL injection bug disclosure
2024-11-29 17:44

US agencies blasted 'unforgivable' SQLi flaws earlier this year Open-source enterprise network and application monitoring provider Zabbix is warning customers of a new critical vulnerability that...

Oracle warns of Agile PLM file disclosure flaw exploited in attacks
2024-11-19 19:56

Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287, which was actively exploited as a zero-day to download files. [...]

SEC fines tech companies for misleading SolarWinds disclosures
2024-10-25 12:06

The Securities and Exchange Commission charged four current and former public companies – Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited – with...

SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures
2024-10-25 09:36

The U.S. Securities and Exchange Commission (SEC) has charged four current and former public companies for making "materially misleading disclosures" related to the large-scale cyber attack that...

Tech firms to pay millions in SEC penalties for misleading SolarWinds disclosures
2024-10-22 16:31

Unisys, Avaya, Check Point, and Mimecast settled with the agency without admitting or denying wrongdoing Four high-profile tech companies reached an agreement with the Securities and Exchange...

Jetpack fixes critical information disclosure flaw existing since 2016
2024-10-14 19:30

WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site. [...]

ZDI shames Microsoft for – yet another – coordinated vulnerability disclosure snafu
2024-07-15 15:00

Exclusive A Microsoft zero-day exploit that Trend Micro's Zero Day Initiative team claims it found and reported to Redmond in May was disclosed and patched by the Windows giant in July's Patch Tuesday - but without any credit given to ZDI. The flaw, tracked as CVE-2024-38112, is in MSHTML - Microsoft's proprietary browser engine for Internet Explorer. This entire series of unfortunate events not only highlights problems with Microsoft's bug reporting program, but also the coordinated vulnerability disclosure process in general, according to Childs.