Vulnerabilities | News, how-tos, features, reviews, and videos

padlock unlocked security hole flaw
'Danger' warning emblazoned across a glitched flag of China.

A broken link in a digital chaing / weakness / vulnerability

Unpatched old vulnerabilities continue to be exploited: Report

The top five exploited vulnerabilities in 2022 include several high-severity flaws in Microsoft Exchange, Zoho ManageEngine products, and virtual private network solutions from Fortinet, Citrix and Pulse Secure.

A firmware message appears on a circuit board.

Researchers show techniques for malware persistence on F5 and Citrix load balancers

Tests show that deploying malware in a persistent manner on load balancer firmware is within reach of less sophisticated attackers.

A circuit board with CPU / chip displaying glowing binary code.

New speculative execution attack Retbleed impacts Intel and AMD CPUs

Unlike other speculative execution attacks like Spectre, Retbleed exploits return instructions rather than indirect jumps or calls.

cisco logo fit

Cisco reports vulnerabilities in products including email and web manager

New vulnerabilities found in Cisco internal testing allow remote access and scripting that could lead to the loss of sensitive user data.

Microsoft logo

Microsoft security vulnerabilities drop after five-year rise

While elevated privilege attacks remain a critical security concern when using Microsoft products, a new report says that the raw number of vulnerabilities is dropping.

A magnifying lens exposes an exploit amid binary code.

CISA issues emergency warning over two new VMware vulnerabilities

The U.S. Cybersecurity and Infrastructure Agency issues emergency security directive over VMware vulnerabilities CVE-2022-22972 and CVE-2022-22973, which threat actors are likely to exploit.

security system vulnerabilities - a grid of locks with several unlocked

TLS implementation flaws open Aruba and Avaya network switches to RCE attacks

The network switch vulnerabilities are considered critical and could allow attackers to break network segmentation, exfiltrate data, and escape captive portals.

Red flag warning button [alert / danger / disaster]

CISA warns of attacks against internet-connected UPS devices

Threat actors have targeted power supplies whose control interfaces are connected to the internet, and CISA says that they should be disconnected immediately.

A circuit board with CPU / chip displaying glowing binary code.

New attack bypasses hardware defenses for Spectre flaw in Intel and ARM CPUs

Though not as easy to exploit, this proof of concept shows that some Intel and ARM processors are still vulnerable to side-channel attacks.

security system vulnerabilities - a grid of locks with several unlocked

Critical flaws in APC uninterruptible power supplies poses risks to mission-critical devices

Attackers can exploit cloud-connected APC Smart-UPS units to take control of the devices they protect.

medical network h/ ealthcare IoT / hospital connections and communications

Critical flaws in remote management agent impacts thousands of medical devices

The Axeda platform, used by hundreds of IoT devices, has seven vulnerabilities, three of which allow for remote code execution.

security system vulnerabilities - a grid of locks with several unlocked

Access broker found exploiting Log4j vulnerability in VMware

The Prophet Spider gang uses the Log4Shell vulnerability to target the Tomcat service in unpatched VMware Horizon systems.

Top News