Developers of the OpenSSL cryptography library have taken the unusual step of pre-warning that an update due to land next Tuesday (November 1) will fix a critical...
A security flaw in Parse Server that enabled brute-force guessing of sensitive user data on the API server module for Node.js and the Express WAF has...
Researchers at Johns Hopkins University have developed a graph-based code analysis tool that can detect a wide range of vulnerabilities in JavaScript programs. Called ODGen, the tool...
Vulnerabilities in a third-party module within the firmware of NETGEAR routers and Orbi WiFi Systems could lead to arbitrary code execution on affected devices. The component...
The maintainers of venerable open source content management system (CMS) TYPO3 have fixed a cross-site scripting (XSS) flaw with a raft of software updates. The XSS mechanism of...
Certificate authority Let’s Encrypt has announced plans to establish a platform that will support the revocation of digital certificates via Certificate Revocation Lists (CRLs). The CRL...
Security researchers from IHTeam have uncovered a serious vulnerability in a plugin to the pfSense firewall technology. The affected pfBlockerNG plugin is not installed by default...
WatchGuard has patched several vulnerabilities in two main firewall brands that have been rated between medium and critical severity. In combination, two of the flaws allowed...
Spring4Shell and Veeam RCE exploit topped the list in Q1 2022 API-related security vulnerabilities continue to be a thorn in the side of organizations, with access...
Now-patched RCE bug impacts dozens of DrayTek Vigor router models. A critical security vulnerability impacting DrayTek Vigor routers could allow unauthenticated attackers to gain full access...
Security chief counts new build system and greater intel sharing among positive legacies of watershed cyber-attack. From the infamous NotPetya campaign to the CCleaner backdoor, watershed infosec moments are not...
Malicious builds and wider infrastructural compromise were worst-case scenarios. Security researchers have identified multiple workflows in popular continuous integration and development (CI/CD) service GitHub Actions that...
Inadequate access control and CSRF protections spawn critical and high severity issues. Serious vulnerabilities in Cisco Nexus Dashboard give attackers a viable path to executing arbitrary...
Severity of code execution bug mitigated by ‘high uptake’ of previous patch. Zyxel has released patches for several of its firewall products following the discovery of...
DID has been designed to give users and organizations greater security and privacy. Decentralized Identifiers (DID) is now an official web standard, according to a news release from...
Privacy concerns raised over mandate to retain customer records. ANALYSIS Virtual private network (VPN) providers are digging in their heels, following the introduction of a new law...
Google is providing Titan Security Keys to maintainers of projects in top 1% of downloads. The Python Package Index (PyPI) is rolling out two-factor authentication (2FA) for “critical...
Green light for four ‘future-proofed’ encryption technologies ANALYSIS The first four standardized protocols for post-quantum cryptography have been unveiled, laying the foundations for the development of apps...
Apple has launched a security bug bounty for its new Lockdown Mode feature, which aims to give users heightened protection against spyware attacks. Lockdown Mode, which will ship...