Americas

Asia

Europe

Oceania

Popular Topics

Topics

About

Policies

Our Network

More

HomeVulnerabilities

Vulnerabilities

Vulnerabilities | News, how-tos, features, reviews, and videos

Jump to
Latest Articles Events Resources Podcasts
news
Image

Androxgh0st botnet integrates Mozi payloads to target IoT devices

The malware has added exploits for more web applications and devices to its arsenal and some of them seem to be inherited from an older botnet called Mozi.

By Lucian Constantin
08 Nov 20245 mins
BotnetsThreat and Vulnerability ManagementVulnerabilities
news
Image

Cisco IoT wireless access points hit by severe command injection flaw

By John E. Dunn
07 Nov 20241 min
Wireless SecurityNetwork SecurityVulnerabilities
news
Image

Infostealers are using BYOVD to steal critical system data

By Shweta Sharma
07 Nov 20243 mins
VulnerabilitiesSecurity
opinion

Kicking dependency: Why cybersecurity needs a better model for handling OSS vulnerabilities

By Chris Hughes
06 Nov 202411 mins
Threat and Vulnerability ManagementSupply ChainSecurity Software
news

Okta’s ‘secure by design’ pledge suffers a buggy setback

By Shweta Sharma
05 Nov 20244 mins
AuthenticationVulnerabilitiesSecurity
news

A new SharePoint vulnerability is already being exploited

By Daniel Olszewski
04 Nov 20243 mins
Windows SecurityVulnerabilitiesSecurity
news

Critical SolarWinds flaw finds exploitations in the wild despite available fixes

By Shweta Sharma
17 Oct 20243 mins
VulnerabilitiesSecurity
news analysis

10 most critical LLM vulnerabilities

By Maria Korolov and Michael Hill
15 Oct 202414 mins
Generative AIVulnerabilities
news

Open source package entry points could be used for command jacking

By Howard Solomon
14 Oct 20247 mins
VulnerabilitiesOpen SourceSecurity

Articles

news

Iranian hackers use Windows holes to attack critical Gulf and Emirates systems

The group deployed sophisticated backdoors to exfiltrate sensitive data from compromised Exchange servers.

By Shweta Sharma
14 Oct 2024 3 mins
CyberattacksWindows SecurityVulnerabilities
news

Mozilla reveals critical vulnerability in Firefox

Browser needs to be updated to fix a zero-day bug that’s already being exploited.

By Howard Solomon
10 Oct 2024 3 mins
Browser SecurityZero-day vulnerabilityVulnerabilities
news

Admins warned to update Palo Alto Networks Expedition tool immediately

Six holes in the configuration migration tool could allow theft of cleartext passwords and more.

By Howard Solomon
10 Oct 2024 3 mins
Network SecurityVulnerabilities
feature

What’s old is new again: AI is bringing XSS vulnerabilities back to the spotlight

Cross-site scripting vulnerabilities (XSS) have vexed cybersecurity professionals for 30 years. Following a CISA and FBI alert, experts say unless these flaws are fixed soon, AI models may ingest and perpetuate them.

By Cynthia Brumfield
10 Oct 2024 10 mins
CSO and CISOSecurity PracticesSecurity Software
news

Microsoft October update patches two zero-day vulnerabilities it says are being actively exploited

Patch Tuesday update addresses five zero days, with eight other vulnerabilities likely to be exploited within weeks.

By John E. Dunn
09 Oct 2024 4 mins
Windows SecurityZero-day vulnerabilityVulnerabilities
news

Hackers steal sensitive customer data from thousands of online stores that use Adobe tools

Despite layers of protection rolled out by Adobe, active CosmicSting exploits plague Adobe Commerce customers.

By Shweta Sharma
04 Oct 2024 3 mins
VulnerabilitiesSecurity
news

Critical Ivanti flaw exploited despite available patches

The SQL injection flaw allowing RCE is confirmed to have in-the-wild exploits despite Ivanti fixing it in May.

By Shweta Sharma
03 Oct 2024 3 mins
Vulnerabilities
news analysis

Remote code execution exploit for CUPS printing service puts Linux desktops at risk

Several vulnerabilities can be chained together to remotely register rogue printers and execute commands as root on many Linux systems.

By Lucian Constantin
27 Sep 2024 8 mins
HackingThreat and Vulnerability ManagementVulnerabilities
news

Microsoft privilege escalation issue forces the debate: ‘When is something a security hole?’

Fortra has announced what it dubs a Microsoft security hole. There is no dispute that the privilege escalation issue exists, but there is much argument over whether it’s a flaw.

By Evan Schuman
27 Sep 2024 5 mins
Windows SecurityAccess ControlVulnerabilities
news

A critical Nvidia Container Toolkit bug can allow a complete host takeover

The flaw allows a rogue user to escape their container and access entire file systems of the underlying host to perform code execution, and denial of service.

By Shweta Sharma
27 Sep 2024 4 mins
Vulnerabilities
news

Chinese hackers allegedly hacked US ISPs for cyber espionage

Chinese APT group, Salt Typhoon, hacked into ISP networks to steal sensitive US data and establish persistence.

By Shweta Sharma
26 Sep 2024 3 mins
Advanced Persistent ThreatsVulnerabilities
news analysis

Thousands of internet-exposed fuel gauges could be hacked and dangerously exploited

Despite a decade of warnings, devices used to monitor fuel tanks have critical vulnerabilities and poor code quality that could allow attackers to disable systems, steal fuel or even cause dangerous leaks.

By Lucian Constantin
25 Sep 2024 7 mins
Mining, Oil, and GasEnergy IndustryUtilities Industry
View all

Resources

whitepaper

Best Practices in Cybersecurity and Cyber Resilience

In today’s digital world, consumers and employees expect organizations of all types and sizes to operate without interruption. In fact, contractual obligations and service level agreements demand it. 

The post Best Practices in Cybersecurity and Cyber Resilience appeared first on Whitepaper Repository –.

By Cohesity Inc.
08 Nov 2024
Business OperationsCybercrimeData and Information Security
Image
whitepaper

Global Cyber Resilience Report 2024

By Cohesity Inc.
08 Nov 2024
Business OperationsData and Information SecurityRansomware
Image
whitepaper

Global Data Insights Survey

By Digital Realty Trust, L.P.
25 Oct 2024
Artificial IntelligenceBusiness OperationsEnterprise
Image
View all

Video on demand

video

Printers: The overlooked security threat in your enterprise | TECHtalk

Printers, often a forgotten target in the enterprise, are vulnerable to all the usual cyberattacks. Watch as IDG TECH(talk) hosts Ken Mingis and Juliet Beauchamp and CSO Online’s J.M. Porup discuss the threats to these devices, plus how to secure them and protect your network.

07 Nov 2019 20 mins
HackingPrintersVulnerabilities
See all videos

Explore a topic

Show me more

news

US consumer protection agency bans employee mobile calls amid Chinese hack fears

By Gyana Swain
08 Nov 20244 mins
Hacking
Image
opinion

Choosing AI: the 7 categories cybersecurity decision-makers need to understand

By Christopher Whyte
08 Nov 202410 mins
CSO and CISOSecurity PracticesSecurity Software
Image
news

The US Department of Defense has finalized cyber rules for its suppliers

By John P. Mello Jr.
08 Nov 20245 mins
RegulationAerospace and Defense IndustryGovernment
Image
podcast

CSO Executive Sessions: Guardians of the Games – How to keep the Olympics and other major events cyber safe

07 Aug 202417 mins
CSO and CISO
Image
podcast

CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi)

17 Jul 202417 mins
CSO and CISO
Image
podcast

CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands

08 Jul 202418 mins
CSO and CISO
Image
video

CSO Executive Sessions: Open Source Institute’s Eric Nguyen on supply chain risks to critical infrastructure (Part 1)

04 Nov 202419 mins
Supply ChainCritical InfrastructureSecurity
Image
video

CSO Executive Sessions: Standard Chartered’s Alvaro Garrido on cybersecurity in the financial services industry

23 Oct 202410 mins
Financial Services IndustrySecurity
Image
video

CSO Executive Sessions: New World Development’s Dicky Wong on securing critical infrastructure

16 Oct 202412 mins
Critical InfrastructureSecurity
Image