Tag: vulnerabilities

June 29, 2022

The presence of these vulnerabilities within the infrastructure of an organization could potentially expose it to a broad range of attacks. “Welcome to the 2022 Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Weaknesses list (CWE™ Top 25). This […]

June 22, 2022

Researchers discovered 56 vulnerabilities affecting devices from 10 operational technology (OT) vendors, most of which they’ve attributed to inherent design flaws in equipment and a lax approach to security and risk management that have been plaguing the industry for decades, […]

June 22, 2022

The behavior, which is similar to that of suspicious or malicious applications, is related to Acrobat Reader’s use of the Chromium Embedded Framework (CEF), which has some incompatibility issues with certain security products. Minerva says it has observed a gradual […]

June 13, 2022

Machine learning and artificial intelligence (AI) are becoming a core technology for some threat detection and response tools. The ability to learn on the fly and automatically adapt to changing cyberthreats give security teams an advantage. However, some threat actors […]

June 10, 2022

Tracked as CVE-2022-2007, the first of these bugs is described as a use-after-free in WebGPU. The security hole was reported by David Manouchehri, who received a $10,000 bug bounty reward for his finding. Use-after-free issues are triggered when a program […]

June 6, 2022

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Food and Drug Administration (FDA) have issued an advisory about critical security vulnerabilities in Illumina’s next-generation sequencing (NGS) software. Three of the flaws are rated 10 out of 10 for severity […]

May 23, 2022

Compromised credentials and identities, third-party breaches, API attacks, and application exploits are all foundational entry points for today’s hackers. Recent months have brought many high-profile breaches from Samsung and Nvidia to Okta and the continued aftermath of Log4j. Still, ultimately, […]

May 19, 2022

The actively exploited vulnerabilities are tracked as CVE-2022-22954 and CVE-2022-22960, and they allow remote code execution and privilege escalation, respectively. They affect VMware Workspace ONE Access, Identity Manager, and vRealize Automation, and they were patched in early April. Both vulnerabilities […]

May 18, 2022

Tracked as CVE-2021-25094 (CVSS score of 8.1), the vulnerability exists because one of the supported actions does not require authentication when uploading a zip file that is extracted under the WordPress upload directory. While the plugin includes an extension control, […]

May 17, 2022

The exploited vulnerabilities, tracked as CVE-2022-22675 and CVE-2022-22674, were disclosed in late March. However, at the time, they were only patched in iOS, iPadOS and macOS Monterey, leaving Big Sur and Catalina users exposed. Apple has now patched CVE-2022-22675 with […]