Americas

Asia

Europe

  • United Kingdom

Oceania

Popular Topics

Topics

About

Policies

Our Network

More

HomeVulnerabilities

Vulnerabilities

Vulnerabilities | News, how-tos, features, reviews, and videos

Jump to
Latest Articles Events Resources Podcasts
news
Image

Google ups bug bounties for ‘high quality’ Chrome hunters

Security researchers can now earn a quarter million dollars reporting high-impact memory corruption vulnerabilities in Chrome.

By CSO Staff and Mikael Markander
29 Aug 20243 mins
Vulnerabilities
news
Image

Critical plugin flaw opens over a million WordPress sites to RCE attacks

By Shweta Sharma
28 Aug 20243 mins
Vulnerabilities
feature
Image

Is the vulnerability disclosure process glitched? How CISOs are being left in the dark

By Cynthia Brumfield
26 Aug 202410 mins
CSO and CISOThreat and Vulnerability ManagementData and Information Security
news

WordPress users not on Windows urged to update due to critical LiteSpeed Cache flaw

By Lynn Greiner
23 Aug 20243 mins
Threat and Vulnerability ManagementIdentity and Access ManagementVulnerabilities
news analysis

Chinese APT group Velvet Ant deployed custom backdoor on Cisco Nexus switches

By Lucian Constantin
23 Aug 20244 mins
Advanced Persistent ThreatsNetwork SecurityVulnerabilities
news

GitHub fixes critical Enterprise Server bug granting admin privileges

By Shweta Sharma
23 Aug 20243 mins
Vulnerabilities
news

SolarWinds fixes critical developer oversight

By Shweta Sharma
23 Aug 2024
Vulnerabilities
feature

11 top bug bounty programs launched in 2024

By John Leyden
16 Aug 20249 mins
HackingSecurity PracticesVulnerabilities
news

Major GitHub repos leak access tokens putting code and clouds at risk

By Lucian Constantin
15 Aug 20246 mins
GitHubVulnerabilities

Articles

news analysis

Thousands of NetSuite stores leak sensitive data due to access control misconfiguration

Customers of Oracle subsidiary NetSuite’s ERP offering may be unaware that their custom record types grant unauthenticated access to sensitive data readily consumable via NetSuite’s APIs.

By Lucian Constantin
15 Aug 2024 7 mins
Access ControlVulnerabilities
news analysis

Microsoft Outlook security hole lets attackers in without opening a tainted message

The zero-click hole, which was patched by Microsoft Tuesday, could point to far more vulnerabilities in the form-based architecture of Outlook.

By Evan Schuman
14 Aug 2024 4 mins
Email SecurityCyberattacksVulnerabilities
news

SAP patches critical bugs allowing full system compromise

Both the vulnerabilities score above 9 on CVSS and can allow access to sensitive data if not patched immediately.

By Shweta Sharma
14 Aug 2024 3 mins
Vulnerabilities
news analysis

Microsoft patches six actively exploited vulnerabilities

Microsoft’s August Patch Tuesday covered 10 zero-day flaws, of which six are being exploited in the wild and four are publicly disclosed.

By Lucian Constantin
13 Aug 2024 6 mins
Zero-day vulnerabilityVulnerabilities
news

Mitre, Microsoft differ on how severe MS Office flaw really is

Security analyst sides with Mitre, describes flaw as ‘fantastic win for phishing campaigns.’

By Paul Barker
13 Aug 2024 4 mins
Vulnerabilities
news

AMD addresses Sinkclose vulnerability but older processors left unattended

The company has decided not to extend these updates to its Ryzen 1000, 2000, and 3000 series processors or its Threadripper 1000 and 2000 models.

By Gyana Swain
12 Aug 2024 4 mins
Vulnerabilities
news

AMD CPUs impacted by 18-year-old SMM flaw that enables firmware implants

Security reseachers estimate the ‘Sinkclose’ vulnerability affects ‘hundreds of millions of laptops, desktops, and servers,’ allowing attackers to execute malicious code on the most privileged execution mode on a computer.

By Lucian Constantin
09 Aug 2024 4 mins
Vulnerabilities
news

S3 shadow buckets leave AWS accounts open to compromise

Attackers can gain access to AWS accounts or sensitive data by creating in advance S3 storage buckets with predictable names that will be automatically used by various services and tools.

By Lucian Constantin
08 Aug 2024 7 mins
Cloud SecurityVulnerabilities
news

Black Hat: Latest news and insights

The Black Hat series of international cybersecurity conferences brings together top IT security pros, researchers, and thought leaders to discuss the latest cyber techniques, vulnerabilities, threats, and more. Here’s the latest to know.

By CSO Staff
08 Aug 2024 4 mins
Advanced Persistent ThreatsWindows SecurityThreat and Vulnerability Management
news

Back to the future: Windows Update is now a trojan horse for hackers

A newly discovered vulnerability can make a fully patched Windows machine susceptible to thousands of past vulnerabilities.

By Gyana Swain
08 Aug 2024 5 mins
Windows SecurityVulnerabilities
news

Black Hat preview: AI and cloud security take center stage

This year’s Black Hat USA sees LLMs in the crosshairs, rising attacks against hyperscale cloud vendors, and CISOs in need of advice for legal liabilities.

By John Leyden
06 Aug 2024 5 mins
Windows SecurityCloud SecurityData and Information Security
news

New critical Apache OFBiz vulnerability patched as older flaw is actively exploited

Researchers discovered a new RCE flaw while analyzing the patch for a different flaw currently targeted by attackers. As the fifth critical flaw this year for the ERP framework, users are urged to update ASAP.

By Lucian Constantin
05 Aug 2024 3 mins
Open SourceVulnerabilities
View all

Resources

whitepaper

Best Practices in Cybersecurity and Cyber Resilience

In today’s digital world, consumers and employees expect organizations of all types and sizes to operate without interruption. In fact, contractual obligations and service level agreements demand it.

The post Best Practices in Cybersecurity and Cyber Resilience appeared first on Whitepaper Repository –.

By Cohesity Inc.
26 Aug 2024
Business OperationsCybercrimeData and Information Security
Image
whitepaper

Cyber resilience in the ransomware era

By Cohesity Inc.
26 Aug 2024
Business OperationsCybercrimeSecurity
Image
whitepaper

Unlock the power of AI and ML for data protection

By Cohesity Inc.
26 Aug 2024
Artificial IntelligenceBusiness OperationsMachine Learning
Image
View all

Video on demand

video

Printers: The overlooked security threat in your enterprise | TECHtalk

Printers, often a forgotten target in the enterprise, are vulnerable to all the usual cyberattacks. Watch as IDG TECH(talk) hosts Ken Mingis and Juliet Beauchamp and CSO Online’s J.M. Porup discuss the threats to these devices, plus how to secure them and protect your network.

07 Nov 2019 20 mins
HackingPrintersVulnerabilities
See all videos

Explore a topic

Show me more

feature

How to ensure cybersecurity strategies align with the company’s risk tolerance

By Rosalyn Page
03 Sep 202410 mins
CSO and CISORisk Management
Image
news

North Korean hackers actively exploited a critical Chromium zero-day

By Shweta Sharma
02 Sep 20243 mins
Zero-day vulnerability
Image
feature

Ransomware recovery: 8 steps to successfully restore from backup

By Maria Korolov
02 Sep 202417 mins
RansomwareMalwareBackup and Recovery
Image
podcast

CSO Executive Sessions: Guardians of the Games – How to keep the Olympics and other major events cyber safe

07 Aug 202417 mins
CSO and CISO
Image
podcast

CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi)

17 Jul 202417 mins
CSO and CISO
Image
podcast

CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands

08 Jul 202418 mins
CSO and CISO
Image
video

CSO Executive Sessions: Guardians of the Games – How to keep the Olympics and other major events cyber safe

07 Aug 202417 mins
RansomwareZero TrustCloud Security
Image
video

CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi)

17 Jul 202417 mins
CSO and CISO
Image
video

Cybersecurity Insights for Tech Leaders: Addressing Dynamic Threats and AI Risks with Resilience

10 Jul 202424 mins
CSO and CISO
Image