#vulnerability

From zero-day exploits to 5G network vulnerabilities, these are the threats that are expected to persist over the next 12 months.

iProov uncovers a major Dark Web operation selling stolen identities with matching biometrics, posing a serious threat to KYC verification systems

Stay protected from SEO poisoning, a cyber threat exploiting search engine rankings to spread malware and phishing scams.…

A US court ruled against NSO Group, an Israeli spyware maker, finding them liable for hacking WhatsApp users. The ruling has major implications for the surveillance technology industry."

Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances. "These vulnerabilities affect both the Reyee platform, as well as Reyee OS network devices," Claroty researchers Noam Moshe and Tomer Goldschmidt said in a recent analysis. "The vulnerabilities, if

The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in the database. The SQL injection vulnerability, tracked as CVE-2024-45387, is rated 9.9 out of 10.0 on the CVSS scoring system. "An SQL injection

Fintech thrives on innovation, but cybersecurity requires a proactive approach. AI, predictive intelligence, and tailored strategies safeguard against…

The `ObjectSerializationDecoder` in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious serialized data, potentially leading to remote code execution (RCE) attacks. This issue affects MINA core versions 2.0.X, 2.1.X and 2.2.X, and will be fixed by the releases 2.0.27, 2.1.10 and 2.2.4. It's also important to note that an application using MINA core library will only be affected if the IoBuffer#getObject() method is called, and this specific method is potentially called when adding a ProtocolCodecFilter instance using the `ObjectSerializationCodecFactory` class in the filter chain. If your application is specifically using those classes, you have to upgrade to the latest version of MINA core library. Upgrading will  not be enough: you also need to explicitly allow the classes th...

Thousands of Postman workspaces leaked sensitive data like API keys and tokens. Learn best practices to secure your API development environment and protect your organization

The ABB BMS/BAS controller suffers from an authenticated reflected cross-site scripting vulnerability. Input passed to the GET parameter 'name' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.