#vulnerabilities

[ follow ]
#cybersecurity
Privacy professionals
fromITPro
2 months ago

February was the worst month on record for ransomware attacks - and one threat group had a field day

February 2025 recorded 962 ransomware attacks, the highest ever, with Clop taking a leading role by exploiting new software vulnerabilities.
Information security
fromTheregister
2 months ago

Ransomware scum abusing Microsoft Windows-signed driver

Ransomware attackers are exploiting vulnerabilities in Paragon Partition Manager's kernel-level driver to gain SYSTEM-level control over compromised Windows systems.
Information security
fromThe Hacker News
2 months ago

CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List

CISA added five critical vulnerabilities to its KEV catalog, highlighting active exploitation threats.
Immediate patch application required by March 31, 2025, for federal agencies.
Tech industry
fromThe Hacker News
2 months ago

PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors

A malicious campaign has been targeting Japanese organizations, exploiting CVE-2024-4577 and using Cobalt Strike for persistent access.
Tech industry
fromTechCrunch
2 months ago

Broadcom urges VMware customers to patch 'emergency' zero-day bugs under active exploitation | TechCrunch

Broadcom warns of active exploitation of VMware vulnerabilities threatening corporate networks.
Privacy professionals
fromITPro
2 months ago

February was the worst month on record for ransomware attacks - and one threat group had a field day

February 2025 recorded 962 ransomware attacks, the highest ever, with Clop taking a leading role by exploiting new software vulnerabilities.
Information security
fromTheregister
2 months ago

Ransomware scum abusing Microsoft Windows-signed driver

Ransomware attackers are exploiting vulnerabilities in Paragon Partition Manager's kernel-level driver to gain SYSTEM-level control over compromised Windows systems.
Information security
fromThe Hacker News
2 months ago

CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List

CISA added five critical vulnerabilities to its KEV catalog, highlighting active exploitation threats.
Immediate patch application required by March 31, 2025, for federal agencies.
Tech industry
fromThe Hacker News
2 months ago

PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors

A malicious campaign has been targeting Japanese organizations, exploiting CVE-2024-4577 and using Cobalt Strike for persistent access.
Tech industry
fromTechCrunch
2 months ago

Broadcom urges VMware customers to patch 'emergency' zero-day bugs under active exploitation | TechCrunch

Broadcom warns of active exploitation of VMware vulnerabilities threatening corporate networks.
more#cybersecurity
#software-security
more#software-security
#software-development
European startups
fromTechCrunch
1 month ago

Endor Labs, which builds tools to scan AI-generated code for vulnerabilities, lands $93M | TechCrunch

AI-generated code brings new security challenges, with many organizations facing issues frequently.
Endor Labs shifted focus to address vulnerabilities in AI-created code, leading to significant funding success.
European startups
fromTechCrunch
1 month ago

Endor Labs, which builds tools to scan AI-generated code for vulnerabilities, lands $93M | TechCrunch

AI-generated code brings new security challenges, with many organizations facing issues frequently.
Endor Labs shifted focus to address vulnerabilities in AI-created code, leading to significant funding success.
more#software-development
#security
Ruby on Rails
fromThe Hacker News
2 months ago

GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks

High-severity security flaws in ruby-saml library could allow authentication bypass.
Updating to versions 1.12.4 and 1.18.0 is essential for security.
DevOps
fromDevOps.com
1 month ago

GitHub Brings Together Security, Developers to Fix Code Flaws - DevOps.com

GitHub is enhancing security for developers by linking them with experts to address vulnerabilities in code before they reach production.
fromITProUK
1 month ago
Information security

Businesses are taking their eye off the ball with vulnerability patching

Ruby on Rails
fromThe Hacker News
2 months ago

GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks

High-severity security flaws in ruby-saml library could allow authentication bypass.
Updating to versions 1.12.4 and 1.18.0 is essential for security.
DevOps
fromDevOps.com
1 month ago

GitHub Brings Together Security, Developers to Fix Code Flaws - DevOps.com

GitHub is enhancing security for developers by linking them with experts to address vulnerabilities in code before they reach production.
fromITProUK
1 month ago
Information security

Businesses are taking their eye off the ball with vulnerability patching

more#security
fromDevOps.com
1 month ago

Report: Bulk of Application Vulnerabilities Don't Require Immediate Attention - DevOps.com

An analysis of over 101 million application security alerts shows that only 2-5% require immediate action, indicating a need for better context-based prioritization to address alerts effectively.
Software development
Information security
fromTechzine Global
1 month ago

AI is making the software supply chain more perilous than ever

The JFrog report highlights security risks in the software supply chain, detailing threats from vulnerabilities, malicious packages, exposed secrets, and human error.
Artificial intelligence
fromWIRED
2 months ago

Researchers Propose a Better Way to Report Dangerous AI Flaws

AI researchers discovered a glitch in GPT-3.5 that led to incoherent output and exposure of personal information.
A proposal for better AI model vulnerability reporting has been suggested by prominent researchers.
[ Load more ]