Vulnerabilities | News, how-tos, features, reviews, and videos
Operational technology threats aren’t just for industrial CISOs anymore, as enterprises from nearly every vertical increasingly connect OT devices to their IT networks.
Several vulnerabilities can be chained together to remotely register rogue printers and execute commands as root on many Linux systems.
Despite a decade of warnings, devices used to monitor fuel tanks have critical vulnerabilities and poor code quality that could allow attackers to disable systems, steal fuel or even cause dangerous leaks.
The cyberespionage group exploited a command injection flaw in Cisco's NX-OS software patched in July in order to deploy the malware implant
Customers of Oracle subsidiary NetSuite’s ERP offering may be unaware that their custom record types grant unauthenticated access to sensitive data readily consumable via NetSuite’s APIs.
The zero-click hole, which was patched by Microsoft Tuesday, could point to far more vulnerabilities in the form-based architecture of Outlook.
Microsoft’s August Patch Tuesday covered 10 zero-day flaws, of which six are being exploited in the wild and four are publicly disclosed.
PKfail: An AMI Platform Key discovered on GitHub led researchers to uncover test keys in firmware images from major PC and server vendors, something hackers could exploit if leaked to gain kernel control.
Last week’s patched Microsoft file spoofing flaw has been exploited in the wild by APT group Void Banshee by resurrecting Internet Explorer without the user’s knowledge.
The Indirector attack discovered by University of California San Diego researchers focuses on the indirect branch predictor of a CPU.