Security Issues, Vulnerabilities, Exploits & Government Alerts
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: ISPSoft Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an…
Find out how Reco keeps Microsoft 365 Copilot safe by spotting risky prompts, protecting data, managing user access, and identifying threats – all while keeping productivity high. Microsoft 365 Copilot promises to boost productivity by…
Apr 29, 2025Ravie LakshmananEnterprise Security / Vulnerability Google has revealed that it observed 75 zero-day vulnerabilities exploited in the wild in 2024, down from 98 in 2023. Of the 75 zero-days, 44% of them targeted…
Apr 29, 2025Ravie LakshmananCybersecurity / Malware In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware that’s capable of…
Apr 29, 2025Ravie LakshmananVulnerability / Web Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two high-severity security flaws impacting Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited…
Apr 28, 2025Ravie LakshmananCybersecurity / Hacking News What happens when cybercriminals no longer need deep skills to breach your defenses? Today’s attackers are armed with powerful tools that do the heavy lifting — from AI-powered…
Not every security vulnerability is high risk on its own – but in the hands of an advanced attacker, even small weaknesses can escalate into major breaches. These five real vulnerabilities, uncovered by Intruder’s bug-hunting…
Government and telecommunications sectors in Southeast Asia have become the target of a “sophisticated” campaign undertaken by a new advanced persistent threat (APT) group called Earth Kurma since June 2024. The attacks, per Trend Micro,…
Apr 28, 2025Ravie LakshmananWebsite Security / Malware Cybersecurity researchers are warning about a large-scale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a “critical patch” but deploy a backdoor…
Apr 28, 2025Ravie LakshmananWeb Application Security / Vulnerability Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access. The attacks,…