Researchers Keep a Wary Eye on Critical New Vulnerability in Apache Commons Text
There's nothing yet to suggest CVE-2022-42889 is the next Log4j. But proof-of-concept code is available, and interest appears to be…
House January 6 committee votes to subpoena Trump during Thursday’s hearing
The House select committee investigating the January 6, 2021, US Capitol attack voted to subpoena former President Donald Trump for…
Critical VM2 flaw lets attackers run code outside the sandbox
Researchers are warning of a critical remote code execution flaw in 'vm2', a JavaScript sandbox library downloaded over 16 million…
Federal judge temporarily blocks parts of New York gun law
A federal judge has temporarily blocked the enforcement of parts of a New York gun law that was enacted in…
Alec Baldwin, ‘Rust’ producers settle with Halyna Hutchins’ family
The family of Halyna Hutchins, the cinematographer who was shot and killed on the set of the movie "Rust" last…
Live support service hacked to spread malware in supply chain attack
The official installer for the Comm100 Live Chat application, a widely deployed SaaS (software-as-a-service) that businesses use for customer communication…
Microsoft: Two New 0-Day Flaws in Exchange Server
Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations…
Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet
The "ProxyNotShell" security vulnerabilities can be chained for remote code execution and total takeover of corporate email platforms.
Microsoft confirms new Exchange zero-days are used in attacks
Microsoft has confirmed that two recently reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 are being exploited in…
Congress flirts with government shutdown as Manchin permitting bill may drag down funding package
Congress faces an end-of-month race to keep the government funded if a continuing resolution with an energy proposal from Sen.…