Security News

Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a critical security flaw in its Outlook email service to gain unauthorized access to victims' accounts within...

Cybersecurity researchers from the firm Hunters discovered a vulnerability in Google Workspace that could allow unwanted access to Workspace APIs.According to the Hunters team, the vulnerability is based on Google Workspace's role in managing user identities across Google Cloud services.

The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called GoTitan as well as a .NET program...

Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the...

The conversation also touches on the broader ethical considerations in cybersecurity and the impact of emerging technologies on vulnerability disclosure practices and offers advice for cybersecurity professionals grappling with these critical decisions. Some might argue that in the interest of the public, public disclosure is the most ethical approach as it ensures the issue is closed as quick as possible.

Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and...

The Kinsing threat actors are actively exploiting a critical security flaw in vulnerable Apache ActiveMQ servers to infect Linux systems with cryptocurrency miners and rootkits. "Once Kinsing...

CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog, among them a critical vulnerability in Sophos Web Appliance that has been patched by the company in April 2023.CVE-2023-1671 is a pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance that allows attackers to execute arbitrary code.

Intel has published a fix for a potential vulnerability that affected some Intel processors. On Nov. 14, Intel addressed the potential flaw in a variety of processors.

For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established. The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection.