October 24, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a missing authentication vulnerability in Fortinet FortiManager, identified as CVE-2024-47575.

October 23, 2024

The Lazarus Group, a cybercrime unit linked to North Korea, is reportedly using a sophisticated scheme to defraud cryptocurrency investors worldwide.

October 23, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity flaw in Microsoft SharePoint to its Known Exploited Vulnerabilities (KEV) catalog, following evidence of active exploitation.

October 22, 2024

A vulnerability has been identified in Open Policy Agent (OPA) for Windows that could result in the leakage of authentication hashes.

October 22, 2024

Proof-of-concept exploit code has been made public for a vulnerability in Microsoft's Remote Registry client that could potentially allow an attacker to seize control of a Windows domain by downgrading the security of the authentication process.

October 22, 2024

Google's Threat Analysis Group (TAG) has alerted the public to a zero-day vulnerability in Samsung mobile processors, tracked as CVE-2024-44068.

October 22, 2024

VMware has rolled out an additional security patch for the critical vulnerability CVE-2024-38812 in its vCenter Server, after the initial patch released in September 2024 failed to completely rectify the issue.

October 20, 2024

F5 Networks recently rectified a high-severity elevation of privilege vulnerability in its BIG-IP product.

October 18, 2024

New speculative execution attacks have been identified that circumvent existing Spectre mitigations on Intel and AMD CPUs operating on Linux.

October 18, 2024

Microsoft has identified a vulnerability in Apple's Transparency, Consent, and Control (TCC) framework on macOS, which is designed to safeguard user privacy by controlling how applications access sensitive data and system resources.