vulnerability
Top 10 open source projects hit by HTTP/2 ‘Rapid Reset’ zero-day
Executive summary In this blog post we list at least 10 open source packages affected by the HTTP/2 'Rapid Reset' vulnerability, disclosed by Cloudflare this week ...
GNOME Libcue Flaw is a Risk to Linux Systems
A flaw in a relatively obscure component of the popular GNOME desktop environment for Linux could allow bad actors to gain control of the system if exploited ...
Heads Up: Patch for ‘Worst Curl Security Flaw’ Coming This Week
Developers who use the popular curl open-source data transfer tool will be able to patch two vulnerabilities in the software on October 11, one of which the lead developer called the “worst ...
Unpatched Critical Zero-Day Bug Puts Exim Servers at Risk
Millions of Exim servers could be impacted by a flaw found in all versions of Exim, according to an advisory from Trend Micro ...
NSFOCUS Receives CNVD Outstanding Contribution Award for Original Vulnerability Submission
The CNVD (China National Vulnerability Database) platform recently initiated the 2022 annual technical group support unit’s capability assessment. A comprehensive assessment was conducted across six capability domains, including vulnerability collection, vulnerability discovery, ...
GitLab Releases Urgent Security Updates for Critical Flaw
GitLab is rolling out security patches that fix a bug that could let attackers leverage scheduled security scan policies to run pipelines as an arbitrary user. Bad actors exploiting the flaw could ...
Zero-Day Flaws an Evolving Weapon in Ransomware Groups’ Arsenals
Ransomware gangs have for years gotten their malicious payloads into targeted systems primarily through phishing attacks or being dropped as a secondary payload from command-and-control frameworks. That is changing, according to researchers ...
Tunnel Vision: CloudflareD AbuseD in the WilD
Introduction Across the cybersecurity community, defenders are constantly finding threat actors using novel and innovative techniques to further their exploitation […] ...
New EMA Research Report Spotlights SSL/TLS Certificate Management Challenges
Digital certificates are essential for enabling trust and protecting online transactions and communications. They are employed to guard against many forms of cyberattacks, authenticate users, and encrypt sensitive data. However, because digital ...
How to avoid CVE burnout and alert fatigue in vulnerability scans?
An image of red alertsCVE ( Common Vulnerabilities and Exposures) scans are essential to securing your software applications. However, with the increasing complexity of software stacks, identifying and addressing all CVEs can be ...