539 matches found
Vulnerability Disclosure in the Age of AI
New article: "Responsible Disclosure in the Age of AI: A Call for Urgent Action," by Melissa Hathaway. Abstract: Artificial intelligence is fundamentally reshaping the balance between vulnerability discovery and remediation. Frontier AI models are now capable of autonomously identifying exploitab...
Improper Check for Unusual or Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions through improper handling of error conditions in the PatchIndividualApplicationPFDManagement process. An attacker can cause the application to panic and return a 500 Internal Server...
EUVD-2026-27836
Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\SYSTEM...
CVE-2026-41288
Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\SYSTEM...
CVE-2026-41288
Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\SYSTEM...
CVE-2026-41288 WatchGuard Agent on Windows Privilege Escalation Vulnerability
Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\SYSTEM...
CVE-2026-41288
WatchGuard Agent on Windows is affected by an improper permission assignment in the patch management component, allowing an authenticated local user to escalate to NT AUTHORITY\SYSTEM. The CVE entry notes a local-privilege-escalation impact with high confidentiality, integrity, and availability i...
CVE-2026-41288 WatchGuard Agent on Windows Privilege Escalation Vulnerability
Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\SYSTEM...
PT-2026-37645
Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITYSYSTEM...
WatchGuard Agent 安全漏洞
WatchGuard Agent is a terminal security protection and device management agent provided by the American company WatchGuard. There is a security vulnerability in WatchGuard Agent, which stems from improper resource permission allocation in the patch management component. This vulnerability may all...
Converge Connect: Unlock Lower Premiums with Proven Qualys Security
Key Takeaways Qualys, in collaboration with Converge, has launched an offering that ties your security posture to your cyber insurance costs. The Qualys Converge Connect Insurance Report CCIR supplements manual insurance questionnaires with objective, platform-generated, real-time security data...
The Q1 vulnerability pulse
Welcome to this week's edition of the Threat Source newsletter. The first quarter of 2026 passed faster than a misconfigured firewall rule gets exploited -- and the last few weeks have been firmly stamped with the "software supply chain compromise" label, with headlines surrounding incidents...
The Mythos Inflection Point: Dealing With the Upcoming Vulnerability Disclosure Avalanche and Compressed Exploitation Window
Having spent years at Qualys working on vulnerability risk and remediation management, I have watched the disclosure and remediation cycles from every angle. I have seen vulnerability researchers find a critical flaw in OpenSSH and the industry scramble to respond. I have seen organizations...
Patch Management: A Complete Guide to Securing Your Organization
Your vulnerability scanners just returned 15,000 findings. Microsoft's Patch Tuesday alone dropped 97 fixes. Linux vendors released another 40. Third-party applications added dozens more. Your security team has exactly the same number of hours in the day as they did last month. This is the realit...
Inside the Talos 2025 Year in Review: A discussion on what the data means for defenders
Every year, the Cisco Talos Year in Review captures the patterns shaping the threat landscape. The 2025 report paints a clear picture: Attackers are moving faster than ever, while using identity-related attacks as the primary battleground. To unpack the biggest takeaways and what they mean for...
[SECURITY] Fedora 44 Update: stgit-2.5.5-5.fc44
Stacked Git, StGit for short, is an application for managing Git commits as a stack of patches. With a patch stack workflow, multiple patches can be developed concurrently a nd efficiently, with each patch focused on a single concern, resulting in both a clean Git commit history and improved...
Patch, track, repeat: The 2025 CVE retrospective
Welcome to this week's edition of the Threat Source newsletter. It's time to look back at a year that pushed the vulnerability landscape to new heights. I'll admit this retrospective is arriving a bit later than planned. With 48,196 CVEs in 2025 a stunning 132 vulnerabilities per day, the analysi...
Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft
CVE-2026-21509 Office Kill-Bit Manager PowerShell script to...
Tanium Patch Endpoint Tools 安全漏洞
Tanium Patch Endpoint Tools is a patch management component developed by the American company Tanium. Tanium Patch Endpoint Tools has a security vulnerability, which stems from an increase in local privileges...
Tanium Patch 安全漏洞
Tanium Patch is a patch management module developed by the American company Tanium. Tanium Patch has a security vulnerability, which stems from improper default permission settings...