vulnerabilities
-
Blog
Rising API Vulnerabilities Demand a Multi-Layered Defense
APIs as a Critical Asset Under Threat An application programming interface (API) is the foundation of modern digital ecosystems, enabling seamless communication and interoperability between various applications, services, and platforms. It facilitates data exchange and accelerates the deployment of advanced technologies across industries, from finance and healthcare to e-commerce and cloud computing. However, as APIs become more integral to business…
Read More » -
Blog
Old ServiceNow vulnerabilities could cause havoc for unpatched customers
Hackers are having another go at exploiting ServiceNow vulnerabilities first revealed a year ago, researchers at threat intelligence firm GreyNoise have warned. The three vulnerabilities – CVE-2024-4879 (Critical), CVE-2024-5217 (Critical) and CVE-2024-5178 (Medium) – were first discovered by researchers at Assetnote in May last year. ServiceNow deployed a patch immediately at the time, and later disclosed the issues in July…
Read More » -
Blog
GitLab patches critical authentication bypass vulnerabilities
GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. All flaws were addressed in GitLab CE/EE versions 17.7.7, 17.8.5, and 17.9.2, while all versions before those are vulnerable. GitLab.com is already patched, and GitLab Dedicated customers will be updated automatically, but users who maintain…
Read More » -
Blog
Critical Zero-Day Vulnerabilities Found in These VMware Products
Broadcom has patched three actively exploited zero-day vulnerabilities in VMware ESXi, Workstation, and Fusion, discovered by Microsoft’s Threat Intelligence Center. The flaws, which were being leveraged in real-world attacks at the time of discovery, could allow attackers with administrator or root access to a virtual machine to breach the underlying hypervisor, potentially exposing all connected VMs and sensitive data. How…
Read More » -
Blog
Google Just Patched 43 Security Vulnerabilities in Android
Google’s first Pixel Drop of 2025 happened this week with a long list of upgrades for the company’s flagship phones, tablets, and watches. Google followed the update closely with the March 2025 Android Security Bulletin, with fixes for 43 malicious bugs—including two zero-day vulnerabilities that may actively be under “limited, targeted exploitation” on devices running Android OS. The patches cover…
Read More » -
Blog
CISA tags Windows, Cisco vulnerabilities as actively exploited
CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems. While the cybersecurity agency has tagged these flaws as actively exploited in the wild, it has yet to provide specific details regarding this malicious activity and who is behind it. The first flaw (tracked as CVE-2023-20118) enables attackers to execute arbitrary…
Read More » -
Blog
86% of enterprise codebases contain open source vulnerabilities
Security vulnerabilities in open source projects have been a major threat to enterprises for years – and new research shows the issue is still causing havoc. Research from Black Duck’s annual open source security report found 86% of codebases contained open source vulnerabilities. The report added that 81% of those were classified as high or critical risk, marking a s…
Read More » -
Blog
Five Eyes cyber agencies issue guidance on edge device vulnerabilities
A host of cybersecurity agencies have teamed up to offer guidance on how to secure edge devices from ever-increasing threats. The advice covers network edge devices and appliances, such as firewalls, routers, virtual private networks (VPN) gateways, Internet of Things (IoT) devices, internet-facing servers and internet-facing operational technology (OT) systems. Issued by the UK’s National Cyber Security Centre (NCSC), CISA,…
Read More » -
Blog
CISA Adds Four Vulnerabilities to Catalog for Federal Enterprise
Welcome. Tell us a little bit about you. This will help us provide you with customized content. First Name Last Name Job Title Company Name Company Size Select a size 1 – 4 5 – 9 10 – 24 25 – 49 50 – 99 100 – 249 250 – 499 500 – 999 1000 – 4999 5000 – 9999…
Read More » -
Blog
Google just fixed a zero-day kernel flaw used by hackers and 47 other vulnerabilities — update your Android phone right now
Keeping your phone up to date and running the latest security patches is the easiest way to stay safe from hackers which is why if you own one of the best Android phones, you’re going to want to install the February 2025 Android security updates right away. As reported by BleepingComptuer, Google has released this month’s Android security updates which…
Read More »