vulnerability
-
Blog
Update Google Chrome ASAP to Fix a Critical Vulnerability
If you use Google Chrome, you need to update your browser right now. Google just released an emergency patch for a three security vulnerabilities, one of which is a zero-day that has been actively exploited. Zero-days are high-severity flaws that are either actively exploited in the wild or publicly disclosed before the developer pushes an update to fix the vulnerability.…
Read More » -
Blog
Asus routers at risk from backdoor vulnerability
Analysts at cybersecurity firm GreyNoise have discovered an “ongoing wave of exploitation targeting Asus routers” that are exposed to the internet. According to the company, thousands of routers have been confirmed as being compromised, with the number continuing to increase. In a full analysis published by one the company, it was noted that “anomalous network payloads … are attempting to…
Read More » -
Blog
Shifting left might improve software security, but developers are becoming overwhelmed – communication barriers, tool sprawl, and ‘vulnerability overload’ is causing serious headaches for development teams
Nearly half of enterprises are trying to “shift left” in a bid to shore up software security, but false positives, the faster pace of development thanks to AI, and challenges integrating tools are limiting success for developers. That’s according to research by AI security firm Pynt that focused on the adoption of shift left practices — referring to a strategy…
Read More » -
Blog
Google patches Chrome vulnerability used for account takeover and MFA bypass
“Unlike other browsers, Chrome resolves the Link header on subresource requests. But what’s the problem? The issue is that the Link header can set a referrer-policy. We can specify unsafe-url and capture the full query parameters,” he wrote. Link headers are used by websites to tell a browser about important page resources, for example, images, that it should preload. As…
Read More » -
Blog
The EU just launched its own vulnerability database
Cybersecurity experts have hailed the launch of the EU’s new vulnerability database as a positive step toward enhancing regional security. The new European Vulnerability Database (EUVD), unveiled by the ENISA, will provide organizations with a centralized platform aimed at providing up-to-date information on security flaws akin to MITRE’s CVE database. “The database provides aggregated, reliable, and actionable information such as…
Read More » -
Blog
MITRE’s near miss: Lessons learned for security and vulnerability management
In April, the MITRE Corporation’s Common Vulnerabilities and Exposures (CVEs) database was handed a last minute reprieve amid concerns over funding from the U.S. government. It had been a long and stressful day, with the security industry wondering whether MITRE’s database would be able to operate. This could have left many firms without a way to track security flaws and…
Read More » -
Blog
Businesses are taking their eye off the ball with vulnerability patching
Security leaders are overconfident in their organization’s security posture while allowing vulnerability patching to fall by the wayside, new research suggests. According to penetration testing firm Cobalt’s 2025 State of Pentesting Report , only 48% of exploitable vulnerabilities uncovered during penetration testing are fixed – although this increases to 69% for those that have a severity rating of high or…
Read More » -
Blog
Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’
Image: nicescene/Adobe Stock Microsoft has detected a zero-day vulnerability in the Windows Common Log File System (CLFS) being exploited in the wild to deploy ransomware. Target industries include IT, real estate, finance, software, and retail, with companies based in the US, Spain, Venezuela, and Saudi Arabia. The vulnerability, tracked as CVE-2025-29824 and rated “important,” is present in the CLFS kernel…
Read More » -
Blog
Apple Passwords App Vulnerability Exposed Users for Months
Apple’s Passwords app, designed to enhance security for iOS users, ironically left them vulnerable to phishing attacks for nearly three months. Security researchers recently revealed that the flaw exposed sensitive information, raising concerns about cybersecurity risks — even with trusted software. The vulnerability explained Researchers at Mysk identified the flaw, which stemmed from the app’s use of unencrypted HTTP connections…
Read More » -
Blog
Cisco IOS XR vulnerability lets attackers crash BGP on routers
Cisco has patched a denial of service (DoS) vulnerability that lets attackers crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message. IOS XR runs on the company’s carrier-grade, Network Convergence System (NCS), and Carrier Routing System (CRS) series of routers, such as the ASR 9000, NCS 5500, and 8000 series. This high-severity flaw (tracked as CVE-2025-20115) was found…
Read More »