vulnerabilities
-
Blog
DDoS attackers are pouncing on unpatched vulnerabilities
IoT manufacturers are failing to help prevent DDoS attacks by fixing known vulnerabilities, allowing criminals to launch years-long campaigns. Unpatched or poorly secured devices, purpose-built to keep costs down, allowed attackers to launch over 27,000 botnet-driven DDoS attacks during March alone. New figures from NetScout reveal that service providers were hit with an average of one attack every two minutes.…
Read More » -
Blog
SMA100 VPN vulnerabilities now exploited in attacks
Cybersecurity company SonicWall has warned customers that several vulnerabilities impacting its Secure Mobile Access (SMA) appliances are now being actively exploited in attacks. On Tuesday, SonicWall updated security advisories for the CVE-2023-44221 and CVE-2024-38475 security flaws to tag the two vulnerabilities as “potentially being exploited in the wild.” CVE-2023-44221 is described as a high-severity command injection vulnerability caused by improper…
Read More » -
Blog
Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day
Microsoft CEO Satya Nadella. Image: Microsoft News Microsoft’s Patch Tuesday security update for April included 134 flaws, one of which is an actively exploited zero-day flaw. The security patches for Windows 10 were unavailable when the Windows 11 patches were released. The Windows 10 patches have since arrived, but the delay was unusual. Tyler Reguly, associate director of security R&D…
Read More » -
Blog
Google’s Latest Patch Fixes 62 Security Vulnerabilities in Android
Google has released its April 2025 Android Security Bulletin, which includes patches for 62 vulnerabilities affecting Android devices. Two of the fixes address critical zero-day flaws that may have been exploited in “limited, targeted” attacks, according to Google. Zero-days are security vulnerabilities that are exploited before the software developer can identify the flaw and issue a patch. The security update…
Read More » -
Blog
Apple Patches Critical Vulnerabilities in iOS 15 and 16
Image: ink drop/Adobe Stock On Monday, Apple issued critical security updates that retroactively address three actively exploited zero-day vulnerabilities affecting legacy versions of its operating systems. CVE-2025-24200 The first vulnerability, designated CVE-2025-24200, was patched in iOS 16.7.11, iPadOS 16.7.11, iOS 15.8.4, and iPadOS 15.8.4. CVE-2025-24200 allows a physical attacker to disable USB Restricted Mode on an Apple device. This is…
Read More » -
Blog
What are business logic vulnerabilities?
Cybersecurity often focuses on traditional threats like SQL injection, malware, and phishing attacks, but a more insidious risk is quietly undermining the security of many companies —business logic vulnerabilities. Business logic vulnerabilities pose a serious yet often overlooked threat to modern businesses. Unlike traditional security vulnerabilities, such as SQL injection or cross-site scripting (XSS), which exploit technical weaknesses, business logic…
Read More » -
Blog
OpenAI now pays researchers $100,000 for critical vulnerabilities
Artificial intelligence company OpenAI has announced a fivefold increase in the maximum bug bounty rewards for “exceptional and differentiated” critical security vulnerabilities from $20,000 to $100,000. OpenAI says its services and platforms are used by 400 million users across businesses, enterprises, and governments worldwide every week. “We are significantly increasing the maximum bounty payout for exceptional and differentiated critical findings…
Read More » -
Blog
Rising API Vulnerabilities Demand a Multi-Layered Defense
APIs as a Critical Asset Under Threat An application programming interface (API) is the foundation of modern digital ecosystems, enabling seamless communication and interoperability between various applications, services, and platforms. It facilitates data exchange and accelerates the deployment of advanced technologies across industries, from finance and healthcare to e-commerce and cloud computing. However, as APIs become more integral to business…
Read More » -
Blog
Old ServiceNow vulnerabilities could cause havoc for unpatched customers
Hackers are having another go at exploiting ServiceNow vulnerabilities first revealed a year ago, researchers at threat intelligence firm GreyNoise have warned. The three vulnerabilities – CVE-2024-4879 (Critical), CVE-2024-5217 (Critical) and CVE-2024-5178 (Medium) – were first discovered by researchers at Assetnote in May last year. ServiceNow deployed a patch immediately at the time, and later disclosed the issues in July…
Read More » -
Blog
GitLab patches critical authentication bypass vulnerabilities
GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. All flaws were addressed in GitLab CE/EE versions 17.7.7, 17.8.5, and 17.9.2, while all versions before those are vulnerable. GitLab.com is already patched, and GitLab Dedicated customers will be updated automatically, but users who maintain…
Read More »