MITRE is unable to compile a list of all new vulnerabilities, and NIST is unable to subsequently, and consequently, provide an enriched database of al...

How can security practitioners make sense of the vendor landscape and separate those who talk a good game from those who can execute, perform, and sol...

An analysis by Forescout shows 300,000 Chinese devices in the US, up 40% compared to the previous year, despite bans. The post Number of Chinese Devic...

Google patches 28 vulnerabilities in Android and 25 bugs in Pixel devices, including two flaws exploited in the wild. The post Google Patches Exploite...

The discovery of the XZ Utils backdoor reminds an F-Droid developer of a similar incident that occurred a few years ago. The post XZ Utils Backdoor At...

Google pushes a new Chrome update to patch another zero-day vulnerability demonstrated at a hacking contest. The post Google Patches Chrome Flaw That ...

Google is bringing to Chrome new features to bind browser sessions to the device and protect users against cookie theft. The post Chrome to Fight Cook...

Twenty-seven cybersecurity-related merger and acquisition (M&A) deals were announced in March 2024. The post Cybersecurity M&A Roundup: 27 Deals Annou...

Self check-in kiosks at Ibis Budget hotels were affected by a vulnerability that exposed keypad codes that could be used to enter rooms.  The post Hot...

A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages. The post Sec...

MarineMax confirms suffering a data breach as a result of a recent ransomware attack, with the attackers claiming to have obtained 180,000 files.  The...

The OWASP Foundation says a wiki misconfiguration exposed resumes filed over a decade ago by aspiring members. The post OWASP Data Breach Caused by Se...

Prudential Financial says the names, addresses, and ID numbers of over 36,000 were stolen in a February data breach. The post Prudential Financial Dat...

Heartbleed made most certificates vulnerable. The future problem is that quantum decryption will make all certificates and everything else using RSA e...

Google agreed to purge billions of records containing personal information collected from more than 136 million people using its Chrome web browser as...

Veracode announces a deal to acquire Longbow Security, a Texas seed-stage startup working on automated root cause analysis technology. The post Veraco...

NCC Group researchers warn that the Android banking malware ‘Vultur’ has been updated with device interaction and file tampering capabilities. The pos...

A vulnerability in util-linux, a core utilities package in Linux systems, allows attackers to leak user passwords and modify the clipboard. The post ‘...

Urgent security alerts issued as malicious code was found embedded in the XZ Utils data compression library used in many Linux distributions. The post...

Software developers relying on AI chatbots for building applications may end up using hallucinated software packages. The post AI Hallucinated Package...