Cisco Talos discovered eight vulnerabilities in the Open Automation Software, two of them critical, that pose risk for critical infrastructure networks. [...]

The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server. [...]

2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur. [...]

Following a recent Supreme Court ruling, the Justice Department will no longer prosecute “good faith” security researchers with cybercrimes: The policy for the first time directs that good-faith security research should not be charged. Good faith security research means accessing a computer solely for purposes of good-faith testing, investigation …

Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites. [...]

Researchers say a GitHub proof-of-concept exploitation of recently announced VMware bugs is being abused by hackers in the wild. [...]

Microsoft researchers say they are tracking a botnet that is leveraging bugs in the Spring Framework and WordPress plugins. [...]

Wireless features Bluetooth, NFC and UWB stay on even when the device is powered down, which could allow attackers to execute pre-loaded malware. [...]

Microsoft's May Patch Tuesday update is triggering authentication errors. [...]

Tony Lauro, director of security technology and strategy at Akamai, discusses reducing your company's attack surface and the "blast radius" of a potential attack. [...]

Dell and HP were among the first to release patches and fixes for the bug. [...]

Microsoft's May Patch Tuesday roundup also included critical fixes for a number of flaws found in infrastructure present in many enterprise and cloud environments. [...]

Why a private college that stayed in business for 157 years had to close after the combo of COVID-19 and ransomware proved too much. [...]

The bug has a severe rating of 9.8, public exploits are released. [...]

A huge spike in fraudulent activities related to attacks leveraging business email accounts is a billion-dollar-problem. [...]

The vulnerability is 'critical' with a CVSS severity rating of 9.8 out of 10. [...]

A flaw in all versions of the popular C standard libraries uClibe and uClibe-ng can allow for DNS poisoning attacks against target devices. [...]

A deep dive into securing containerized environments and understanding how they present unique security challenges. [...]

Exclusive Threatpost research examines organizations’ top cloud security concerns, attitudes towards zero-trust and DevSecOps. [...]

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of organizations. [...]

The Botnet appears to use a new delivery method for compromising Windows systems after Microsoft disables VBA macros by default. [...]

Both Google and Mandiant are reporting a significant increase in the number of zero-day vulnerabilities reported in 2021. Google: 2021 included the detection and disclosure of 58 in-the-wild 0-days, the most ever recorded since Project Zero began tracking in mid-2014. That’s more than double the previous maximum of …

Four months after the critical flaw was discovered, attackers have a massive attack surface from which they can exploit the flaw and take over systems, researchers found. [...]

Researchers propose fresh approaches to cloud-security bugs and mitigating exposure, impact and risk. [...]

How to use zero-trust architecture effectively in today's modern cloud-dependent infrastructures. [...]