For most companies ransomware is the scariest of all cyberattacks
SonicWall released the 2022 SonicWall Threat Mindset Survey which found that 66% of customers are more concerned about cyberattacks in 2022, with the main threat being focused …
Microsoft patches Windows flaw exploited in the wild (CVE-2022-41033)
October 2022 Patch Tuesday is here, with fixes for 85 CVE-numbered vulnerabilities, including CVE-2022-41033, a vulnerability in Windows COM+ Event System Service that has …
Auth bypass bug in FortiOS, FortiProxy is exploited in the wild (CVE-2022-40684)
After privately warning customers last week that they need to patch or mitigate CVE-2022-40684, a critical vulnerability affecting FortiOS, FortiProxy, and FortiSwitchManager, …
Unpatched Zimbra RCE bug exploited by attackers (CVE-2022-41352)
A still unpatched vulnerability (CVE-2022-41352) in Zimbra Collaboration is being exploited by attackers to achieve remote code execution on vulnerable servers. About the …
Critical vm2 sandbox escape flaw uncovered, patch ASAP! (CVE-2022-36067)
Oxeye researchers discovered a severe vm2 vulnerability (CVE-2022-36067) that has received the maximum CVSS score of 10.0. Called SandBreak, this new vulnerability requires …
Lack of transparency, systemic risks weaken national cybersecurity preparedness
What is critical infrastructure? If you ask 5 different people, you may receive 5 different answers. The term critical infrastructure has lost much of its meaning as a …
Microsoft Teams: A channel for sensitive business information sharing that needs better backup
Hornetsecurity has found an urgent need for greater backup for Microsoft Teams with 45% of users sending confidential and critical information frequently via the platform. …
Board members should make CISOs their strategic partners
Proofpoint released their Cybersecurity: The 2022 Board Perspective report, which explores board of directors’ perceptions about their key challenges and risks. Cybersecurity …
Week in review: 7 cybersecurity audiobooks to read, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: MS Exchange zero-days: The calm before the storm? CVE-2022-41040 and …
October 2022 Patch Tuesday forecast: Looking for treats, not more tricks
We’ve entered the final quarter of 2022 with a favorite holiday for many – Halloween, at the end of the month. Unfortunately, Microsoft has continued to play a few tricks on …
New infosec products of the week: October 7, 2022
Here’s a look at the most interesting products from the past week, featuring releases from HashiCorp, Legit Security, LiveAction, LogRhythm, Pentest People, and Verica. …
Shadow APIs hit with 5 billion malicious requests
Cequence Security released its first half 2022 report titled, “API Protection Report: Shadow APIs and API Abuse Explode.” Chief among the findings was approximately 5 billion …
Featured news
Resources
Don't miss
- What vibe hunting gets right about AI threat hunting, and where it breaks down
- Health insurance lead sites sell personal data within seconds of form submission
- Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197)
- Acrobat Reader zero-day exploited in the wild for many months
- AI agent intent is a starting point, not a security strategy