Collaborate Disseminate
Microsoft warns that a recently patched Windows vulnerability was exploited in the wild as a zero-day prior to July 2024.
The post Microsoft Says Recent Windows Vulnerability Exploited as Zero-Day appeared first on SecurityWeek.
Continue reading Microsoft Says Recent Windows Vulnerability Exploited as Zero-Day
SolarWinds has announced patches for a critical-severity remote code execution vulnerability in Access Rights Manager.
The post SolarWinds Patches Critical Vulnerability in Access Rights Manager appeared first on SecurityWeek.
Continue reading SolarWinds Patches Critical Vulnerability in Access Rights Manager
The Ivanti Cloud Service Appliance vulnerability CVE-2024-8190 has been exploited in the wild, with attacks starting just days after disclosure.
The post Ivanti CSA Vulnerability Exploited in Attacks Days After DIsclosure appeared first on SecurityWeek.
Continue reading Ivanti CSA Vulnerability Exploited in Attacks Days After DIsclosure
Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.
The post Apple Suddenly Drops NSO Group Spyware Lawsuit appeared first on SecurityWeek.
Continue reading Apple Suddenly Drops NSO Group Spyware Lawsuit
Noteworthy stories that might have slipped under the radar: a possible Adobe Reader zero-day, researchers mistakenly hijack .mobi TLD, and an exploited WhatsApp View Once bypass.
The post In Other News: Possible Adobe Reader Zero-Day, Hijacking Mobi TL… Continue reading In Other News: Possible Adobe Reader Zero-Day, Hijacking Mobi TLD, WhatsApp View Once Exploit
Apple has released a patch for Vision Pro after researchers showed how an attacker can obtain passwords typed by looking at keys.
The post Apple Patches Vision Pro Vulnerability to Prevent GAZEploit Attacks appeared first on SecurityWeek.
Continue reading Apple Patches Vision Pro Vulnerability to Prevent GAZEploit Attacks
GitLab has released security updates to resolve multiple vulnerabilities in GitLab CE/EE, including a critical-severity pipeline execution flaw.
The post GitLab Updates Resolve Critical Pipeline Execution Vulnerability appeared first on SecurityWeek.
Continue reading GitLab Updates Resolve Critical Pipeline Execution Vulnerability
Palo Alto Networks has fixed medium- and high-severity vulnerabilities in PAN-OS, Cortex XDR, ActiveMQ Content Pack, and Prisma Access Browser.
The post Palo Alto Networks Patches Dozens of Vulnerabilities appeared first on SecurityWeek.
Continue reading Palo Alto Networks Patches Dozens of Vulnerabilities
Cisco has announced security updates that patch eight vulnerabilities in IOS XR software, including six high-severity bugs.
The post Cisco Patches High-Severity Vulnerabilities in Network Operating System appeared first on SecurityWeek.
Continue reading Cisco Patches High-Severity Vulnerabilities in Network Operating System
Minor updates break clients 94% of the time, while version upgrades cause issues 95% of the time, according to Endor Labs researchers. Continue reading Three Quarters of Dependency Vulnerability Patches Lead to Breakages, Report Finds