Vulnerabilities

Vulnerabilities | News, how-tos, features, reviews, and videos

A circuit board with CPU / chip displaying glowing binary code.
cisco logo fit

Microsoft logo

Microsoft security vulnerabilities drop after five-year rise

While elevated privilege attacks remain a critical security concern when using Microsoft products, a new report says that the raw number of vulnerabilities is dropping.

A magnifying lens exposes an exploit amid binary code.

CISA issues emergency warning over two new VMware vulnerabilities

The U.S. Cybersecurity and Infrastructure Agency issues emergency security directive over VMware vulnerabilities CVE-2022-22972 and CVE-2022-22973, which threat actors are likely to exploit.

security system vulnerabilities - a grid of locks with several unlocked

TLS implementation flaws open Aruba and Avaya network switches to RCE attacks

The network switch vulnerabilities are considered critical and could allow attackers to break network segmentation, exfiltrate data, and escape captive portals.

Red flag warning button [alert / danger / disaster]

CISA warns of attacks against internet-connected UPS devices

Threat actors have targeted power supplies whose control interfaces are connected to the internet, and CISA says that they should be disconnected immediately.

A circuit board with CPU / chip displaying glowing binary code.

New attack bypasses hardware defenses for Spectre flaw in Intel and ARM CPUs

Though not as easy to exploit, this proof of concept shows that some Intel and ARM processors are still vulnerable to side-channel attacks.

security system vulnerabilities - a grid of locks with several unlocked

Critical flaws in APC uninterruptible power supplies poses risks to mission-critical devices

Attackers can exploit cloud-connected APC Smart-UPS units to take control of the devices they protect.

medical network h/ ealthcare IoT / hospital connections and communications

Critical flaws in remote management agent impacts thousands of medical devices

The Axeda platform, used by hundreds of IoT devices, has seven vulnerabilities, three of which allow for remote code execution.

security system vulnerabilities - a grid of locks with several unlocked

Access broker found exploiting Log4j vulnerability in VMware

The Prophet Spider gang uses the Log4Shell vulnerability to target the Tomcat service in unpatched VMware Horizon systems.

Load More