vulnerability
81% of codebases contain known open source vulnerabilities
Synopsys released a report which examines the results of more than 2,400 audits of commercial and proprietary codebases from merger and acquisition transactions, and …
Critical Microsoft RPC runtime bug: No PoC exploit yet, but patch ASAP! (CVE-2022-26809)
Three days have passed since Microsoft’s latest Patch Tuesday, and CVE-2022-26809 has emerged as the vulnerability with the most exploitation potential. It’s easy …
Attackers are exploiting VMware RCE to deliver malware (CVE-2022-22954)
Cyber crooks have begun exploiting CVE-2022-22954, a RCE vulnerability in VMware Workspace ONE Access and Identity Manager, to deliver cryptominers onto vulnerable systems. …
Top attack techniques for breaching enterprise and cloud environments
In this video for Help Net Security, Zur Ulianitzky, Head of Research at XM Cyber, talks about the top attack techniques used by threat actors to compromise critical assets in …
Potential threats to uninterruptible power supply (UPS) devices
In this video for Help Net Security, Chris Westphal, Cybersecurity Evangelist at Ordr, talks about an alert that came out recently from CISA and the Department of Energy …
Cybersecurity must be at the forefront of a blockchain project
In this video for Help Net Security, Dr. Dmitry Mikhailov, CTO at Farcana Metaverse, talks about cybersecurity in the crypto industry and the vulnerability of a blockchain …
Steady rise in severe web vulnerabilities
Invicti Security released a research which reveals a rise in severe web vulnerabilities and the need for executive leaders to intertwine their application security and digital …
86% of developers don’t prioritize application security
Secure Code Warrior released findings from its survey, which found that developers’ actions and attitudes toward software security are in conflict. While many developers …
How often do developers push vulnerable code?
A Tromzo report reveals developers remediate only 32% of vulnerabilities and regularly push vulnerable code. The report was based on a survey of more than 400 U.S.-based …
CISA adds Spring4Shell to list of exploited vulnerabilities
It’s been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) came to light and since the Spring development team fixed it in new versions of the Spring …
Vulnerabilities and cyberattacks that marked the year 2021
Rapid7 announced the release of a report examining the 50 most notable security vulnerabilities and high-impact cyberattacks in 2021. On any given day, security professionals …
Spring4Shell: New info and fixes (CVE-2022-22965)
In this video for Help Net Security, Ax Sharma, Senior Security Researcher at Sonatype, talks about the latest developments regarding Spring4Shell, the unauthenticated RCE …
Featured news
Resources
Don't miss
- January 2026 Patch Tuesday forecast: And so it continues
- How AI agents are turning security inside-out
- Security teams are paying more attention to the energy cost of detection
- Recently fixed HPE OneView flaw is being exploited (CVE-2025-37164)
- PoC released for unauthenticated RCE in Trend Micro Apex Central (CVE-2025-69258)