vulnerabilities

  • Blog
    digitpatrox2 days ago
    22

    Rising API Vulnerabilities Demand a Multi-Layered Defense

    APIs as a Critical Asset Under Threat An application programming interface (API) is the foundation of modern digital ecosystems, enabling seamless communication and interoperability between various applications, services, and platforms. It facilitates data exchange and accelerates the deployment of advanced technologies across industries, from finance and healthcare to e-commerce and cloud computing. However, as APIs become more integral to business…

    Read More »
  • Blog
    digitpatrox2 days ago
    25

    Old ServiceNow vulnerabilities could cause havoc for unpatched customers

    Hackers are having another go at exploiting ServiceNow vulnerabilities first revealed a year ago, researchers at threat intelligence firm GreyNoise have warned. The three vulnerabilities – CVE-2024-4879 (Critical), CVE-2024-5217 (Critical) and CVE-2024-5178 (Medium) – were first discovered by researchers at Assetnote in May last year. ServiceNow deployed a patch immediately at the time, and later disclosed the issues in July…

    Read More »
  • Blog
    digitpatrox1 week ago
    71

    GitLab patches critical authentication bypass vulnerabilities

    GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. All flaws were addressed in GitLab CE/EE versions 17.7.7, 17.8.5, and 17.9.2, while all versions before those are vulnerable.  GitLab.com is already patched, and GitLab Dedicated customers will be updated automatically, but users who maintain…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    97

    Critical Zero-Day Vulnerabilities Found in These VMware Products

    Broadcom has patched three actively exploited zero-day vulnerabilities in VMware ESXi, Workstation, and Fusion, discovered by Microsoft’s Threat Intelligence Center. The flaws, which were being leveraged in real-world attacks at the time of discovery, could allow attackers with administrator or root access to a virtual machine to breach the underlying hypervisor, potentially exposing all connected VMs and sensitive data. How…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    42

    Google Just Patched 43 Security Vulnerabilities in Android

    Google’s first Pixel Drop of 2025 happened this week with a long list of upgrades for the company’s flagship phones, tablets, and watches. Google followed the update closely with the March 2025 Android Security Bulletin, with fixes for 43 malicious bugs—including two zero-day vulnerabilities that may actively be under “limited, targeted exploitation” on devices running Android OS. The patches cover…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    39

    CISA tags Windows, Cisco vulnerabilities as actively exploited

    CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems. While the cybersecurity agency has tagged these flaws as actively exploited in the wild, it has yet to provide specific details regarding this malicious activity and who is behind it. The first flaw (tracked as CVE-2023-20118) enables attackers to execute arbitrary…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    49

    86% of enterprise codebases contain open source vulnerabilities

    Security vulnerabilities in open source projects have been a major threat to enterprises for years – and new research shows the issue is still causing havoc. Research from Black Duck’s annual open source security report found 86% of codebases contained open source vulnerabilities. The report added that 81% of those were classified as high or critical risk, marking a s…

    Read More »
  • Blog
    digitpatroxFebruary 6, 2025
    71

    Five Eyes cyber agencies issue guidance on edge device vulnerabilities

    A host of cybersecurity agencies have teamed up to offer guidance on how to secure edge devices from ever-increasing threats. The advice covers network edge devices and appliances, such as firewalls, routers, virtual private networks (VPN) gateways, Internet of Things (IoT) devices, internet-facing servers and internet-facing operational technology (OT) systems. Issued by the UK’s National Cyber Security Centre (NCSC), CISA,…

    Read More »
  • Blog
    digitpatroxFebruary 6, 2025
    60

    CISA Adds Four Vulnerabilities to Catalog for Federal Enterprise

    Welcome. Tell us a little bit about you. This will help us provide you with customized content. First Name Last Name Job Title Company Name Company Size Select a size 1 – 4 5 – 9 10 – 24 25 – 49 50 – 99 100 – 249 250 – 499 500 – 999 1000 – 4999 5000 – 9999…

    Read More »
  • Blog
    digitpatroxFebruary 4, 2025
    55

    Google just fixed a zero-day kernel flaw used by hackers and 47 other vulnerabilities — update your Android phone right now

    Keeping your phone up to date and running the latest security patches is the easiest way to stay safe from hackers which is why if you own one of the best Android phones, you’re going to want to install the February 2025 Android security updates right away. As reported by BleepingComptuer, Google has released this month’s Android security updates which…

    Read More »
Load More
Back to top button
close