Security News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, the open-source, unified stream-processing and batch-processing...

As organizations in the healthcare sector continue to be a prime target for ransomware gangs and CISA warns about a vulnerability in a healthcare-specific platform being leveraged by attackers, the Advanced Research Projects Agency for Health has announced the Universal PatchinG and Remediation for Autonomous DEfense program aimed at developing a vulnerability management platform for healthcare IT teams. CVE-2023-43208, an easily exploitable unauthenticated remote code execution vulnerability affecting NextGen HealthCare's Mirth Connect data integration platform, has been patched by the company and publicly disclosed by Horizon3.

Cybersecurity researchers have discovered a critical security flaw in a popular logging and metrics utility called Fluent Bit that could be exploited to achieve denial-of-service (DoS),...

Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard that tricks victims into connecting to a less secure wireless network and...

New versions of Git are out, with fixes for five vulnerabilities, the most critical of which can be used by attackers to remotely execute code during a "Clone" operation.CVE-2024-32002 is a critical vulnerability that allows specially crafted Git repositories with submodules to trick Git into writing files into a.git/ directory instead of the submodule's worktree.

Let's explore why open-source AI security is lacking and what security professionals can do to improve it. First, it's essential to acknowledge that AI is not something different from software; it is software.

Google has rolled out fixes to address a set of nine security issues in its Chrome browser, including a new zero-day that has been exploited in the wild. Assigned the CVE identifier CVE-2024-4947,...

Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild. The high-severity vulnerability, tracked...

Google has patched another Chrome zero-day: On Thursday, Google said an anonymous source notified it of the vulnerability. The vulnerability carries a severity rating of 8.8 out of 10. In...

In this Help Net Security video, Itamar Sher, CEO of Seal Security, discusses how AI affects the risk and operational aspects of managing vulnerabilities in open-source software. One of the core issues around open-source vulnerability patch management has been the coupling between security patches and other code changes.