Desired Effect provides an ethical vulnerability exchange marketplace to help defenders get ahead of attackers.
The post Ethical Zero Day Marketplace Desired Effect Emerges From Stealth appeared first on SecurityWeek.
SSL.com Scrambles to Patch Certificate Issuance Vulnerability
A vulnerability in SSL.com has resulted in nearly a dozen certificates for legitimate domains being wrongly issued.
The post SSL.com Scrambles to Patch Certificate Issuance Vulnerability appeared first on SecurityWeek.
Fresh Windows NTLM Vulnerability Exploited in Attacks
A Windows NTLM vulnerability patched in March has been exploited in attacks targeting government and private institutions.
The post Fresh Windows NTLM Vulnerability Exploited in Attacks appeared first on SecurityWeek.
Vulnerabilities Patched in Atlassian, Cisco Products
Atlassian and Cisco have released patches for multiple high-severity vulnerabilities, including remote code execution bugs.
The post Vulnerabilities Patched in Atlassian, Cisco Products appeared first on SecurityWeek.
Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking
Servers exposed to complete takeover due to CVE-2025-32433, an unauthenticated remote code execution flaw in Erlang/OTP SSH.
The post Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking appeared first on SecurityWeek.
SonicWall Flags Old Vulnerability as Actively Exploited
A SonicWall SMA 100 series vulnerability patched in 2021, which went unnoticed at the time of patching, is being exploited in the wild.
The post SonicWall Flags Old Vulnerability as Actively Exploited appeared first on SecurityWeek.
Apple Pushes iOS, MacOS Patches to Quash Two Zero-Days
The vulnerabilities are described as code execution and mitigation bypass issues that affect Apple’s iOS, iPadOS and macOS platforms.
The post Apple Pushes iOS, MacOS Patches to Quash Two Zero-Days appeared first on SecurityWeek.
MITRE CVE Program Gets Last-Hour Funding Reprieve
The US government’s cybersecurity agency CISA has “executed the option period on the contract” to keep the vulnerability catalog operational.
The post MITRE CVE Program Gets Last-Hour Funding Reprieve appeared first on SecurityWeek.
Critical Vulnerability Found in Apache Roller Blog Server
A critical vulnerability in Apache Roller could be used to maintain persistent access by reusing older sessions even after password changes.
The post Critical Vulnerability Found in Apache Roller Blog Server appeared first on SecurityWeek.
Chrome 135, Firefox 137 Updates Patch Severe Vulnerabilities
Chrome 135 and Firefox 137 updates have been rolled out with patches for critical- and high-severity vulnerabilities.
The post Chrome 135, Firefox 137 Updates Patch Severe Vulnerabilities appeared first on SecurityWeek.