Common Vulnerabilities and Exposures (CVE) stories - Page 8

Suspected espionage group UNC5221 exploited two zero-day vulnerabilities in Ivanti VPN and security appliances, using multiple custom malware families for post-exploitation espionage.

Over 40% of firms struggle to tackle vulnerabilities in the rising complexity of software supply chains, despite sizeable resource allocation, says Slim.AI's recent Container Report.

Cybersecurity firm Kaspersky uncovers a new potent malware, NKAbuse, exploiting the NKN technology to launch twin threats as a flooder and a backdoor/RAT, with victims emerging in Colombia, Mexico, and Vietnam.

Kaspersky's GReAT team has uncovered an undisclosed iPhone hardware feature used in Operation Triangulation attacks.

UK faces around 17 million daily cyber attacks in 2023, with most targeting remote desktop protocol, says Coalition.

Efforts to mitigate the Log4j vulnerability involve updating to patched versions of Log4j, but the process continues to be complex.

Team82 at Claroty uncovers substantial cybersecurity vulnerabilities in Operational Technology protocol clients, showing potential for full system control.

With all the benefits the cloud has to offer, it also introduces a new set of challenges, particularly for industries where security and compliance are priorities.

OpenSSF introduces new members including Patchstack and SparkFabrik, and outlines secure software development principles.

Rising cybersecurity threats prompt a shift from traditional, vulnerable password methods to phishing-resistant authentication solutions.

Check Point's latest Global Threat Index exposes a surge in Remote Access Trojan NJRat and an AgentTesla campaign.

Action1 Corp. is releasing an enterprise IT security solution integrating automated vulnerability remediation workflows.

Winter Vivern cyber group targets European governments using XSS vulnerability of Roundcube Webmail server, as ESET researchers have discovered.

CAST has launched their autumn release of software intelligence product, CAST Highlight, designed to enhance cloud migration and optimisation.

Azul's inaugural State of Java survey highlights Java's vital role in global tech, with 98% of firms reporting usage.

BackBox launches Network Vulnerability Manager, a tool for automated risk assessment and efficient remediation.

Hackuity, the risk-based vulnerability management provider, has launched Version 2.0 of its platform with major enhancements to support risk prioritisation.

Security Journey unveils tailored secure coding courses aimed at enhancing software security and regulatory compliance.

Keeper Security, a leader in password management, has become the first company in its field to join the CVE programme as a CNA.

Major security flaw, 'Looney Tunables', detected in glibc, threatens Linux distributions, urgent patch recommended.