Security News

5 Impactful AWS Vulnerabilities You're Responsible For
2025-03-31 11:00

If you're using AWS, it's easy to assume your cloud security is handled - but that's a dangerous misconception. AWS secures its own infrastructure, but security within a cloud environment remains...

OpenAI now pays researchers $100,000 for critical vulnerabilities
2025-03-28 17:54

Artificial intelligence company OpenAI has announced a fivefold increase in the maximum bug bounty rewards for "exceptional and differentiated" critical security vulnerabilities from $20,000 to...

Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover
2025-03-25 16:53

Wiz researchers have unearthed several critical vulnerabilities affecting Ingress NGINX Controller for Kubernetes (ingress-nginx) that may allow attackers to take over Kubernetes clusters. “Based...

Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility
2025-03-21 05:09

Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center. The two critical-rated vulnerabilities in...

GitLab patches critical authentication bypass vulnerabilities
2025-03-13 16:13

GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. [...]

GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks
2025-03-13 12:26

Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language (SAML) authentication...

Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack
2025-03-12 11:56

Threat intelligence firm GreyNoise is warning of a "coordinated surge" in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities spanning multiple platforms. "At least 400 IPs have...

CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List
2025-03-11 03:58

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited...

CISA Identifies Five New Vulnerabilities Currently Being Exploited
2025-03-05 12:00

Of the five, one is a Windows vulnerability, another is a Cisco vulnerability. We don’t have any details about who is exploiting them, or how. News article. Slashdot thread.

Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities
2025-03-04 04:07

Google has released its monthly Android Security Bulletin for March 2025 to address a total of 44 vulnerabilities, including two that it said have come under active exploitation in the wild. The...