Cross-Site Scripting Is 2024’s Most Dangerous Software Weakness
MITRE and CISA's 2024 list of the 25 most dangerous software weaknesses exposes the need for organizations to continue to…
MITRE shares 2024’s top 25 most dangerous software weaknesses
MITRE has shared this year's top 25 list of the most common and dangerous software weaknesses behind more than 31,000…
18-year-old security flaw in Firefox and Chrome exploited in attacks
A vulnerability disclosed 18 years ago, dubbed "0.0.0.0 Day", allows malicious websites to bypass security in Google Chrome, Mozilla Firefox,…
What’s Bugging the NSA? A Vuln in Its ‘SkillTree’ Training Platform
Even the NSA leaves bugs in its software. In this case, it's the kind of cross-site issue that regularly slips…
Critical GitLab bug lets attackers run pipelines as any user
A critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines…
CISO Corner: Federal Cyber Deadlines Loom; Private Chatbot Danger
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also…
Flawed AI Tools Create Worries for Private LLMs, Chatbots
Companies are looking to large language models to help their employees glean information from unstructured data, but vulnerabilities could lead…
High-severity GitLab flaw lets attackers take over accounts
GitLab patched a high-severity vulnerability that unauthenticated attackers could exploit to take over user accounts in cross-site scripting (XSS) attacks. [...]
CISA warns of hackers exploiting Chrome, EoL D-Link bugs
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three security vulnerabilities to its 'Known Exploited Vulnerabilities' catalog, one…
How Do We Integrate LLMs Security Into Application Development?
Large language models require rethinking how to bake security into the software development process earlier.