-
Signalgate lessons learned: If creating a culture of security is the goal, America is screwed
Just when it seems they couldn’t be that careless, US officials tasked with defending the nation go and do something else that puts …
-
US wants to nix the EU AI Act’s code of practice, leaving enterprises to develop their own risk standards
The European Union (EU) AI Act may seem like a done deal, but stakeholders are still drafting the code of practice that will lay out rules …
-
CVE-2025-2801 – The The Create custom forms for WordPress with a smart form plugin for smart businesses …
The The Create custom forms for WordPress with a smart form plugin for smart businesses plugin for WordPress is vulnerable to arbitrary …
-
Beating the AI Game, Ripple, Numerology, Darcula, Special Guests from Hidden Layer… – Malcolm Harkins, Kasimir Schulz – SWN #471
Beating the AI Game, Ripple, Numerology, Darcula, Special Guests from Hidden Layer… – Malcolm Harkins, Kasimir Schulz – SWN #471 …
-
Amid CVE funding fumble, ‘we were mushrooms, kept in the dark,’ says board member
Kent Landfield, a founding member of the Common Vulnerabilities and Exposures (CVE) program and member of the board, learned through social …
-
Critical Commvault Flaw Allows Full System Takeover – Update NOW
Enterprises using Commvault Innovation Release are urged to patch immediately against CVE-2025-34028. This critical flaw allows attackers …
-
Identity and Access Management to steal the spotlight at RSAC 2025
It’s been nearly five decades since the question “Who Are You?” was posited by the eponymous British rock band The Who. Fifty years …
-
RSAC 2025: Securing AI agents, non-human identities in the spotlight
It’s been nearly five decades since the question “Who Are You?” was posited by the eponymous British rock band The Who. Fifty years …
-
SAP patches zero day rated 10.0 in NetWeaver
Attackers observed exploiting vulnerability in SAP’s NetWeaver Visual Composer …
-
More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans
Ivanti VPN users should stay alert as IP scanning for the vendor’s Connect Secure and Pulse Secure systems surged by 800 percent last week, …
-
Navigating the 8D city: Why multi-dimensional network security is no longer optional
As a Field CTO, my work takes me across the globe. Some cities feel like old friends – the hustle-and-bustle of Santa Clara; the sunny, …
-
DragonForce and Anubis Ransomware Gangs Launch New Affiliate Programs
Secureworks Counter Threat Unit (CTU) researchers have uncovered innovative strategies deployed by the DragonForce and Anubis ransomware …
●●●
NVD
- CVE-2025-2801 – The The Create custom forms for WordPress with a smart form plugin for smart businesses …
- CVE-2025-46544 – In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by …
- CVE-2025-3606 – Vestel AC Charger version 3.75.0 contains a vulnerability that could enable an …
- CVE-2025-43865 – React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, …
- CVE-2025-43864 – React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, …
EXPLOITS
- Firefox ESR 115.11 – PDF.js Arbitrary JavaScript execution
- Microsoft Windows 11 – Kernel Privilege Escalation
- code-projects Online Exam Mastering System 1.0 – Reflected Cross-Site Scripting (XSS)
- WordPress Core 6.2 – Directory Traversal
- tar-fs 3.0.0 – Arbitrary File Write/Overwrite
SECURELIST
- Triada strikes back
- Operation SyncHole: Lazarus APT goes back to the well
- Russian organizations targeted by backdoor masquerading as secure networking software upda
- Lumma Stealer – Tracking distribution channels
- Phishing attacks leveraging HTML code inside SVG files