Security News

Like antivirus software, vulnerability scans rely on a database of known weaknesses. That’s why websites like VirusTotal exist, to give cyber practitioners a chance to see whether a malware...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw impacting GitLab to its Known Exploited Vulnerabilities (KEV) catalog, owing to active exploitation in...

A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in...

More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability in Flowmon, Progress Software's network monitoring/analysis and security solution, have been published. The critical vulnerability has been disclosed and patched by Progress earlier this month.

A vulnerability in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the "Heavily biased" ECDSA nonces, researchers have discovered. According to PuTTY maintainers, 521-bit ECDSA is the only affected key type.

Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass authentication, gain admin access and extract secrets. Delinea Secret Server is a privileged access management solution "For the modern, hybrid enterprise".

Palo Alto Networks has released hotfixes to address a maximum-severity security flaw impacting PAN-OS software that has come under active exploitation in the wild. Tracked as CVE-2024-3400 (CVSS...

Fortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieve arbitrary code execution. Tracked as CVE-2023-45590, the...

A critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks. The vulnerability, tracked as CVE-2024-24576, has a CVSS score...

The email your manager received and forwarded to you was something completely innocent, such as a potential customer asking a few questions. The innocent pretext disappeared and the real phishing email became visible.