Despite Post-Log4J Security Gains, Developers Can Still Improve
Developers need more software security safeguards earlier in the process, especially as AI becomes more common.
Why Dwell Time is the Biggest Threat to Security Operations Center (SOC) Teams in 2023
By Sanjay Raja, VP of Product, Gurucul Dwell time, or the length of time a cyber attacker remains hidden within…
Super Admin elevation bug puts 900,000 MikroTik devices at risk
A critical severity 'Super Admin' privilege elevation flaw puts over 900,000 MikroTik RouterOS routers at risk, potentially enabling attackers to…
CISA warns govt agencies to patch Ivanti bug exploited in attacks
The Cybersecurity and Infrastructure Security Agency (CISA) warned U.S. federal agencies today to secure their systems against a maximum severity…
Apple fixes new zero-day used in attacks against iPhones, Macs
Apple has released security updates to address zero-day vulnerabilities exploited in attacks targeting iPhones, Macs, and iPads. [...]
Over 15K Citrix servers likely vulnerable to CVE-2023-3519 attacks
Thousands of Citrix Netscaler ADC and Gateway servers exposed online are likely vulnerable against a critical remote code execution (RCE) bug…
GitHub warns of Lazarus hackers targeting devs with malicious projects
GitHub is warning of a social engineering campaign targeting the accounts of developers in the blockchain, cryptocurrency, online gambling, and…
New critical Citrix ADC and Gateway flaw exploited as zero-day
Citrix today is alerting customers of a critical-severity vulnerability (CVE-2023-3519) in NetScaler ADC and NetScaler Gateway that already has exploits…
LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack
[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of…
Critical ColdFusion flaws exploited in attacks to drop webshells
Hackers are actively exploiting two ColdFusion vulnerabilities to bypass authentication and remotely execute commands to install webshells on vulnerable servers.…