1+ week, 14+ hour ago  (508+ words) Chromium " the open-source browser that underpins Google Chrome, Microsoft Edge, and Opera, among others " contains an unpatched vulnerability that attackers can exploit to execute Java Script code persistently across browser restarts. As a result, the flaw can be used to…...

1+ week, 3+ day ago  (586+ words) Until a few days ago, a publicly-accessible Git Hub repository exposed credentials for both US government AWS accounts and internal Cybersecurity and Infrastructure Security Agency (CISA) systems. That's according to cybersecurity reporter Brian Krebs, who first broke the news over…...

2+ week, 1+ day ago  (514+ words) Cisco has disclosed a max-severity authentication bypass vulnerability affecting its Catalyst SD-WAN Controller and Catalyst SD-WAN Manager platforms, warning that the flaw has already been found to be exploited in the wild. The disclosure follows an earlier authentication bypass vulnerability…...

2+ week, 1+ day ago  (371+ words) Researchers have found a critical vulnerability in the widely used Nginx web server that can potentially lead to remote code execution under certain conditions. The flaw is a heap buffer overflow that has gone undetected in the program's code for…...

2+ week, 1+ day ago  (303+ words) Linux admins reeling from handling last month's Copy Fail and last week's Dirty Frag kernel vulnerabilities have a new headache to deal with: Fragnesia. "This is a significant vulnerability," Robert Beggs, head of incident response firm Digital Defence, told CSO....

2+ week, 2+ day ago  (232+ words) A newly disclosed authentication bypass flaw in the open-source AI orchestration framework Praison AI was probed by internet scanners less than four hours after its public disclosure. According to Sysdig observations, roughly three hours and 44 minutes after a Git Hub…...

2+ week, 2+ day ago  (387+ words) Fortinet released a batch of patches across its products on Patch Tuesday, including two critical vulnerabilities that can lead to remote code execution. Fortinet flaws, both zero-day and n-day, have been exploited in the wild many times in the past,…...

2+ week, 4+ day ago  (600+ words) A newly disclosed c Panel vulnerability is being exploited at scale, giving attackers a route into web hosting environments that many enterprises may not monitor closely. Analysts say the risk highlights weak visibility into hosting supply chains. The flaw, tracked…...

2+ week, 5+ day ago  (454+ words) The Google Threat Intelligence Group (GTIG) today released evidence of a zero-day exploit developed by a cybercriminal group with the help of AI. It marks the first time the security research group has identified what it believes to be an…...

3+ week, 17+ hour ago  (270+ words) The five new vulnerabilities discovered in Ivanti's on-premises mobile endpoint management solution are a "classic example of the legacy trap" that CSOs must avoid, says an expert. "Patch today to survive the weekend," said Robert Enderle of the Enderle Group,…...