Vulnerabilities | News, how-tos, features, reviews, and videos
Browser needs to be updated to fix a zero-day bug that’s already being exploited.
Six holes in the configuration migration tool could allow theft of cleartext passwords and more.
Cross-site scripting vulnerabilities (XSS) have vexed cybersecurity professionals for 30 years. Following a CISA and FBI alert, experts say unless these flaws are fixed soon, AI models may ingest and perpetuate them.
Patch Tuesday update addresses five zero days, with eight other vulnerabilities likely to be exploited within weeks.
Despite layers of protection rolled out by Adobe, active CosmicSting exploits plague Adobe Commerce customers.
The SQL injection flaw allowing RCE is confirmed to have in-the-wild exploits despite Ivanti fixing it in May.
Several vulnerabilities can be chained together to remotely register rogue printers and execute commands as root on many Linux systems.
Fortra has announced what it dubs a Microsoft security hole. There is no dispute that the privilege escalation issue exists, but there is much argument over whether it’s a flaw.
The flaw allows a rogue user to escape their container and access entire file systems of the underlying host to perform code execution, and denial of service.
Chinese APT group, Salt Typhoon, hacked into ISP networks to steal sensitive US data and establish persistence.