Latest News

Researchers discovered new variants of the malware, which is tied to a China-nexus threat group, targeting Windows environments of critical infrastructure networks in Europe.

Trend Micro researchers detailed an emerging ransomware campaign by a new group known as "CrazyHunter" that is targeting critical sectors in Taiwan.

The CVE Program is the primary way software vulnerabilities are tracked. Its long-term future remains in limbo even after a last-minute renewal of the US government contract that funds it.

Changes aim to tighten integration with the National Institute of Standards and Technology's Cybersecurity Framework and help organizations develop a stronger posture to handle privacy risks.

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. <math>, <svg>, etc contexts).

An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query.

Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when this setting is disabled.

MITRE avoids CVE program shutdown with last-minute contract extension. Questions remain about long-term funding and the future of…

A fix for a critical flaw in a tool allowing organizations to run GPU-accelerated containers released last year did not fully mitigate the issue, spurring the need to patch a secondary flaw to protect organizations that rely on NVIDIA processors for AI workloads.

Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities. The issues have been uncovered in a binary named "schtasks.exe," which enables an administrator to create, delete, query, change,