Common Vulnerabilities and Exposures (CVE) stories - Page 6

A new vulnerability in GitHub Enterprise Server allowing attackers to bypass authentication has raised alarms over supply chain attacks, urging immediate software updates.

ThroughTek Kalay's platform vulnerabilities affect over 100 million IoT devices, exposing them to potential attacks. Vendors race to patch issues.

Rapid7’s 2024 Attack Intelligence Report highlights a sharp rise in zero-day vulnerabilities causing mass breaches and underscores the necessity for faster patching and robust MFA protocols.

Microsoft's Patch Tuesday addresses 59 CVEs, including one critical and three zero-days, with notable exploits in DWM Core and MSHTML surfaces.

Microsoft's May 2024 Patch Tuesday addresses 61 vulnerabilities, including three zero-days. Two critical RCE flaws and browser patches are also highlighted.

Cato Networks exposes systemic cybersecurity gaps in inaugural threat report, revealing insecure protocols employed across WAN by all examined organisations.

ForAllSecure reveals new AI-powered tool, Mayhem, a dynamic software bill of materials tool that proactively battles exploitable application vulnerabilities.

Virtual Network Computing (VNC) was the most targeted remote desktop tool in the past year, clouds over a new Barracuda data report.

Azul broadens its Intelligence Cloud to all OpenJDK JVMs and Oracle JDK, utilising production Java data to enhance developer productivity and identify vulnerabilities.

Sevco Security further evolves asset protection by prioritising, automating and validating exposure issues resolution with its upgraded platform, aiding cyber risk management for businesses.

Beyond the CVE addresses how neglecting device misconfigurations can exacerbate vulnerabilities and risk breaches, demanding constant scrutiny and remediation.

BeyondTrust's 2024 Microsoft Vulnerabilities Report shows Elevation of Privilege (EoP) dominating the vulnerability class for a fourth year.

Cyber security firm, Cado Security, uncovers revelations about a Linux variant of Cerber ransomware exploiting vulnerabilities in Confluence servers using the CVE-2023-22518 exploit.

In response to rising AI-driven cyber threats, Darktrace is repositioning to a platform-based strategy aimed at better equipping businesses to anticipate and counter these advanced cyber attacks.

Mandiant reveals new findings on threat actors exploiting vulnerabilities in Ivanti Connect Secure appliances, laying bare a disturbing mix of state-linked and profit-driven cyberattacks.

BackBox enhances network vulnerability management with an update to its Network Vulnerability Manager, allowing organisations to mark mitigated Common Vulnerabilities and Exposures, thus refining their risk scores and optimising remediation efforts.

An analysis by Rapid7 Labs highlights the importance of the external attack surface in APAC cybersecurity, shedding light on threat activities and how regionally-targeted campaigns are utilised by ransomware actors.

After Avast releases a BianLian decryptor, the hacking group resorts to extortion-only operations, exploiting vulnerabilities like TeamCity servers, reports GuidePoints.

Emily Reeve steps into the role of Executive General Manager - Legal and Risk at Kordia, utilising her strong legal pedigree and industry experience.

Akamai Technologies boosts security with significant upgrades to its App and API Protector, providing advanced DDoS defenses, browser impersonation detection, and improved API security.