Vulnerabilities

The National Safety Council has leaked nearly 10,000 emails and passwords of their members, exposing 2000 companies, including governmental organizations and big corporations. The National Safety Council (NSC) is a non-profit organization in the United States providing workplace and driving safety training. On its digital platform, NSC provides online resources …

A list of security patches  has been released by oracle for more than 130+ products. These products are being used in industries, including banking, communication, enterprise, development and so on. Oracle patched the severity categorically as critical, high, medium, and low and it is based on their CVSS 3.1 score. …

SpyCloud reports that 53% of security leaders are extremely concerned about attacks that use malware to steal authentication data. Only less than 1% of leaders are not concerned at all. Malware infection responses: Many people still don’t have the tools to investigate the security and organizational impact of these infections …

Apple released Rapid Security Response updates for its Safari web browser, iOS, iPadOS, and macOS to address a zero-day vulnerability that was being actively exploited. By exploiting the WebKit vulnerability known as CVE-2023-37450, malicious actors may execute arbitrary code while handling specially designed web content. The iPhone maker said it …

Google has released its monthly security updates for the Android operating system, addressing 46 new software vulnerabilities. Three of these vulnerabilities have been identified as actively exploited in targeted attacks. One vulnerability, tracked as CVE-2023-26083, is a memory leak flaw affecting the Arm Mali GPU driver for Bifrost, Avalon, and …

A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers that are used by …

A new tool is available on GitHub that gives attackers a way to leverage a recently disclosed vulnerability in Microsoft Teams and automatically deliver malicious files to targeted Teams users in an organization. The tool, dubbed “TeamsPhisher,” works in environments where an organization allows communications between its internal Teams users …

Hundreds of thousands of FortiGate firewalls are vulnerable to a critical security issue identified as CVE-2023-27997, almost a month after Fortinet released an update that addresses the problem. The vulnerability is a remote code execution with a severity score of 9.8 out of 10 resulting from a heap-based buffer overflow problem in FortiOS, …

MITRE, a non-profit organization that provides research and development in the areas of cybersecurity and information assurance, has released its list of the top 25 most dangerous software weaknesses. The list is based on data from the Common Vulnerabilities and Exposures (CVE) database, which is a repository of known security …

IBM QRadar is a popular SIEM (Security Incident and Event Management) tool that organizations use to detect and monitor threats. It can be used in the form of a physical appliance, a software-only solution, or a virtual appliance. As of 2023, over 1,130 companies worldwide use IBM QRadar as part …