EUVD-2024-54922

Malicious code in bioql PyPI...

CVE-2024-13980

H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...

CVE-2024-13980 H3C Intelligent Management Center (iMC) /byod/index.xhtml RCE

H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...

CVE-2024-13980 H3C Intelligent Management Center (iMC) /byod/index.xhtml RCE

H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...

A New Maturity Model for Browser Security: Closing the Last-Mile Risk

Despite years of investment in Zero Trust, SSE, and endpoint protection, many enterprises are still leaving one critical layer exposed: the browser. It's where 85% of modern work now happens. It's also where copy/paste actions, unsanctioned GenAI usage, rogue extensions, and personal devices crea...

The Verizon 2025 Data Breach Investigations Report (DBIR): Six Trends You Can’t Ignore

Executive Summary The 2025 Data Breach Investigations Report reveals critical trends that security teams and leaders must address to protect their organizations against evolving cyber threats. Once again, Qualys contributed to this report to help unpack critical patterns and equip organizations...

ASB-A-335232744

In shouldWrite of OwnersData.java, there is a possible edge case that prevents MDM policies from being persisted due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

Microsoft Recall snapshots can be easily grabbed with TotalRecall tool

Microsofts Recall feature has been criticized heavily by pretty much everyone since it was announced last month. Now, researchers have demonstrated the risks by creating a tool that can find, extract, and display everything Recall has stored on a device. For those unaware, Recall is a feature...

The 2024 Browser Security Report Uncovers How Every Web Session Could be a Security Minefield

With the browser becoming the most prevalent workspace in the enterprise, it is also turning into a popular attack vector for cyber attackers. From account takeovers to malicious extensions to phishing attacks, the browser is a means for stealing sensitive data and accessing organizational system...

Why less is more: 10 steps to secure customer data

In an advisory aimed at the protection of customers’ personal data, the Australian Cyber Security Centre ACSC has emphasized that businesses should only collect personal data from customers that they need in order to operate effectively. While that may seem like kicking in an open door, it’s real...

RFP Template for Browser Security

Increasing cyber threats and attacks have made protecting organizational data a paramount concern for businesses of all sizes. A group of experts have recognized the pressing need for comprehensive browser security solutions and collaborated to develop "The Definitive Browser Security RFP...

How small businesses can secure employees' mobile devices

Fact: 77% of organizations are convinced they're capable of protecting their mobile devices--smartphones, tablets, and laptops including Chromebooks--from cybersecurity threats. Another fact: A third of those organizations aren't protecting their mobile devices at all. And that matters--in its...

Crushing the two biggest threats to mobile endpoint security in 2023

Dont let their small size fool you: mobile devices can have a big impact on your security posture. Its easy to see why, considering that almost half of organizations said they suffered a mobile-related compromise in 2022. Malware and phishing are two particular mobile threats that you need to...

Enable Screen sharing for BYOD Chromebook devices using Citrix Cloud

Users who use bring your own device Chromebook require teams and the ability to screen share...

Implementing Zero Trust access to business data on BYOD with Trustd MTD and Microsoft Entra

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. As more employees work remotely on a variety of devices and networks, businesses need a security model that supports this new operational efficiency. An expanding perimeter poses...

Interested in Reducing Your Risk Profile? Jamf Has a Solution for That

The threat landscape has changed dramatically over the past decade. While cybercriminals continue to look for new ways to gain access to networks and steal sensitive information, the mobile attack surface is also expanding. Mobile devices are not only becoming more powerful but also more vulnerab...

Twilio breached after social engineering attack on employees

Cloud-based communication platform provider Twilio has announced a breach via a social engineering attack on employees. On August 4, 2022, Twilio says it became aware of unauthorized access to information related to a limited number of Twilio customer accounts, through the social engineering atta...

4 best practices to implement a comprehensive Zero Trust security approach

Today’s threat actors don’t see barriers, they see opportunities. As the old firewalls protecting the corporate network become obsolete amid the rush to adopt a hybrid workspace, implementing Zero Trust security has become an imperative across all sectors, both public and private. During this tim...

Information disclosure

An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration. This product...

CVE-2022-0018 GlobalProtect App: Information Exposure Vulnerability When Connecting to GlobalProtect Portal With Single Sign-On Enabled

An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration. This product...