Aggregator

A vulnerability, which was classified as problematic, has been found in Brocade Fabric OS. This issue affects some unknown processing. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2022-33180. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in BusyBox up to 1.32.1. Affected is the function huft_build of the file decompress_gunzip.c of the component gzip Data Handler. The manipulation leads to handling of exceptional conditions. This vulnerability is traded as CVE-2021-28831. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Samba 3.6.24/4.0.24/4.1.16/4.2.0. Affected is the function _netr_ServerPasswordSet of the component smbd. The manipulation leads to code. This vulnerability is traded as CVE-2015-0240. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Cybercriminals are flocking to take part in the newly inflamed fight between India and Pakistan.

The voluntary Software Security Code of Practice is the latest initiative to come out of the United Kingdom to boost best practices in application security and software development.

Cybersecurity experts have uncovered a sophisticated attack campaign targeting IT administrators through search engine optimization (SEO) poisoning tactics. Threat actors are leveraging advanced SEO techniques to push malicious versions of commonly used administrative tools to the top of search engine results, creating a dangerous trap for unsuspecting IT professionals. When administrators search for legitimate tools, […]

The post Hackers Attacking IT Admins by Poisoning SEO to Move Malware on Top of Search Results appeared first on Cyber Security News.

A 2025 cybersecurity threat report based on analysis of data collected from tens of millions of endpoints by OpenText shows that the malware infection rate for business PCs now stands at 2.39%, with 87% of that malware being based on some type of variant that was specifically created to evade detection by cybersecurity tools.

The post OpenText Report Shines Spotlight on Malware Infection Rates appeared first on Security Boulevard.

Эксперимент в CERN может привести к самому странному выводу за десятилетия.

Exposed data from LockBit's affiliate panel includes Bitcoin addresses, private chats with victim organizations, and user information such as credentials.

Author/Presenter: Mário Leitão-Teixeira

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – Proving Ground – CVSS v4 – A Better Version Of An Imperfect Solution appeared first on Security Boulevard.

Ascension, one of the largest private healthcare systems in the United States, has revealed that the personal and healthcare information of over 430,000 patients was exposed in a data breach disclosed last month. [...]

Get details on the AI risks Legit unearthed in enterprises' software factories.

The post The 2025 State of Application Risk Report: Understanding AI Risk in Software Development appeared first on Security Boulevard.

Sens. Cassidy and Rosen cite the possibility that the use of DeepSeek to carry out contract work may put sensitive federal data in the hands of the Chinese government.

The post Senators move to quash the use of Chinese AI system by federal contractors  appeared first on CyberScoop.

On Dark Reading's 19-year anniversary, Editor-in-Chief Kelly Jackson Higgins stops by Informa TechTarget's RSAC 2025 Broadcast Alley studio to discuss how things have changed since the early days of breaking Windows and browsers, lingering challenges, and what's next beyond AI.

A cyberattack briefly disrupted South African Airways’ website, app, and systems, but core flight operations remained unaffected. South African Airways (SAA) is the national flag carrier of South Africa, the airline is wholly owned by the South African government and has subsidiaries including SAA Technical and Air Chefs. A cyberattack hit South African Airways, briefly […]

The world of cybersecurity is always changing, with rapid evolution in both threat and response creating a continual churn in knowledge, technology, and standards. Frameworks meant to help protect systems and businesses, especially the government, tend to be comparatively slow. It takes a lot of momentum and effort to get a new framework iteration through […]

The post The CMMC Rev 2 to Rev 3 Memo: What’s Changed? appeared first on Security Boulevard.

A vulnerability was found in MH-WikiBot. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2020-5302. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Fortinet FortiADC. This issue affects some unknown processing of the component Dashboard. The manipulation of the argument Name as part of Parameter leads to cross site scripting. The identification of this vulnerability is CVE-2020-6647. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in eWON Flexy and Cosy and classified as problematic. This issue affects some unknown processing of the component Password Change Handler. The manipulation leads to cross site scripting (Reflected). The identification of this vulnerability is CVE-2020-10633. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.