Zeljka Zorz
![Palo Alto Networks](https://img.helpnetsecurity.com/wp-content/uploads/2020/06/30122417/palo_alto_networks-logo-400x200.jpg)
Critical RCE in Palo Alto Networks (PAN) firewalls revealed, patch ASAP! (CVE-2021-3064)
The existence of a critical RCE vulnerability (CVE-2021-3064) affecting certain versions of Palo Alto Networks (PAN) firewalls using the GlobalProtect Portal VPN has been …
![alert](https://img.helpnetsecurity.com/wp-content/uploads/2019/04/09094437/alert-400x200.jpg)
Vulnerabilities in Nucleus NET TCP/IP stack could lead to real-world damage
Researchers have unearthed 13 vulnerabilities affecting the Nucleus NET TCP/IP stack and have demonstrated how attackers could exploit them to cause serious real-world damage. …
![patch](https://img.helpnetsecurity.com/wp-content/uploads/2019/07/09093958/patch3-400x200.jpg)
Microsoft patches actively exploited Exchange, Excel zero-days (CVE-2021-42321, CVE-2021-42292)
It’s a light November 2021 Patch Tuesday from Microsoft: 55 fixed CVEs, of which two are zero-days under active exploitation: CVE-2021-42321, a Microsoft Exchange RCE, …
![GitLab](https://img.helpnetsecurity.com/wp-content/uploads/2016/11/09105940/gitlab-400x200.jpg)
Tens of thousands unpatched GitLab servers under attack via CVE-2021-22205
Attackers are actively exploiting an “old” vulnerability (CVE-2021-22205) to take over on-premise GitLab servers, Rapid7 researcher Jacob Baines warns. The …
![Google Play malware](https://img.helpnetsecurity.com/wp-content/uploads/2018/01/09102102/google_play_malware1-400x200.jpg)
Rooting malware discovered on Google Play, Samsung Galaxy Store
Researchers have discovered 19 mobile apps carrying rooting malware on official and third-party Android app stores, including Google Play and Samsung Galaxy Store. …
![MITRE ATT&CK](https://img.helpnetsecurity.com/wp-content/uploads/2021/02/15120235/mitre-attack-400x200.jpg)
Mapping ATT&CK techniques to CVEs should make risk assessment easier
Vulnerability reporters should start using MITRE ATT&CK technique references to describe what the attacker is trying to achieve by exploiting a given CVE-numbered …
![Hand](https://img.helpnetsecurity.com/wp-content/uploads/2017/07/09103603/hand-code-400x200.jpg)
Trojan Source bugs may lead to extensive supply-chain attacks on source code
Cambridge University researchers have detailed a new way targeted vulnerabilities can be introduced into source code while making them invisible to human code reviewers, …
![](https://img.helpnetsecurity.com/wp-content/uploads/2021/10/28104025/ellen_benaim_2_templafy-400x200.jpg)
Advice from a young, female CISO: Key lessons learned
Ellen Benaim, the newest CISO at Copenhagen-based SaaS provider Templafy, started her career at the company in June 2018 as technical support, but from the moment she sat down …
![Apple](https://img.helpnetsecurity.com/wp-content/uploads/2016/03/09113415/apple-1-400x200.jpg)
Apple fixes security feature bypass in macOS (CVE-2021-30892)
Apple has delivered a barrage of security updates for most of its devices this week, and among the vulnerabilities fixed are CVE-2021-30892, a System Integrity Protection …
![template](https://img.helpnetsecurity.com/wp-content/uploads/2019/09/09093222/template-400x200.jpg)
MVSP: A minimum cybersecurity baseline to simplify vendor security assessment
Any organization that’s actively working on managing its cybersecurity risk can’t ignore the risk that goes with third-party vendors having access to its critical …
![UA-Parser-js](https://img.helpnetsecurity.com/wp-content/uploads/2021/10/26125008/ua_parser_26102021-400x200.jpg)
Popular npm package hijacked, modified to deliver cryptominers
Several versions of the npm package for UA-parser.js, a widely used JavaScript library, have been modified to include malicious code and have been made available for download. …
![](https://img.helpnetsecurity.com/wp-content/uploads/2020/08/01173156/tunnel-dark-400x200.jpg)
SolarWinds hackers are going after cloud, managed and IT service providers
Nobelium, the advanced, persistent threat (APT) actor behind the 2020 SolarWinds supply chain attack that served as a springboard for breaching a variety of high-level …
Featured news
Sponsored
Don't miss
- Overlooked essentials: API security best practices
- SubSnipe: Open-source tool for finding subdomains vulnerable to takeover
- Void Banshee APT exploited “lingering Windows relic” in zero-day attacks
- SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts
- ChatGPTriage: How can CISOs see and control employees’ AI use?