vulnerability

TL;DR Imperva Threat Research discovered and reported a security flaw in the CoCalc Cloud environment. The flaw enabled potential attackers to completely take over a target’s account with only a single click ...

Over the past few weeks, vulnerabilities in proprietary Ivanti products, in particular Ivanti Connect Secure, Policy Secure, and ZTA gateways, have been making headlines for their active exploitation in the wild ...

There was an alarming surge of user-submitted web vulnerability submissions in 2023—with a 30% increase compared to 2022—as open-scoped bug bounty programs evolved ...

A Chinese espionage group spotted last year by Mandiant researchers abusing a flaw that affected VMware virtualization tools has been exploiting another zero-day vulnerability in VMware’s vCenter Server since at least late ...

A Rapid7 report found that last year was marked by an onslaught of ransomware attacks, and expects the same in 2024 ...

Apache ActiveMQ vulnerability, known as CVE-2023-46604, is a remote code execution (RCE) flaw rated at a critical 10.0 on the CVSS v3 scale ...

On December 7, 2023, Apache released a security advisory regarding CVE-2023-50164, a critical vulnerability in Apache Struts with CVSS score 9.8. Versions from 2.5.0 to 2.5.32 and 6.0.0 to 6.3.0 were affected.  ...

In the ever-evolving landscape of digital security, WordPress has recently released a critical code execution update, version 6.4.2, addressing a potential threat that could jeopardize the integrity of vulnerable sites. This update, ...

TL;DR This blog unveils a remote code execution vulnerability, identified as CVE-2023-22524, in Atlassian Companion for macOS, which has recently been patched. This critical vulnerability stemmed from an ability to bypass both ...

Application mapping can have many advantages for organizations managing complex IT infrastructure, not the least of which is security ...