344 matches found
PT-2025-29823
Name of the Vulnerable Software and Affected Versions: Lighthouse Studio versions prior to 9.16.14 Description: A template injection vulnerability exists in Lighthouse Studio’s Perl web application ciwweb.pl. Exploitation allows an unauthenticated attacker to execute arbitrary commands on the web...
Seeing is Securing: MDR VALUE at-a-glance with the Detection and Response Dashboard
Transparency is core to Managed Detection & Response MDR. It’s necessary between Rapid7 and our customers as we conduct security operations on their behalf. And it’s necessary for our customers to communicate transparently and effectively with their stakeholders. Scroll on – because there’s a new...
IBM AIX 安全漏洞
IBM AIX is an open standards-based UNIX operating system developed for the IBM Power architecture by International Business Machines IBM. A security vulnerability exists in IBM AIX versions 7.2 and 7.3, which stems from improper control of the nimsh service SSL/TLS protection mechanism process an...
CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks
A high-severity security flaw impacting the Craft content management system CMS has been added by the U.S. Cybersecurity and Infrastructure Security Agency CISA to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerability in question is...
A Tumultuous Week for Federal Cybersecurity Efforts
Image: Shutterstock. Greg Meland. President Trump last week issued a flurry of executive orders that upended a number of government initiatives focused on improving the nation's cybersecurity posture. The president fired all advisors from the Department of Homeland Security's Cyber Safety Review...
Interagency Security Committee Compliance Policy and Compliance Benchmarks, 2024 Edition
The Interagency Security Committee Compliance Policy and Compliance Benchmarks, 2024 Edition outlines the ISC Compliance Policy and updates Compliance Benchmarks in alignment with Executive Order 14111 and the updated Risk Management Process Standard of 2024. These updated compliance benchmarks a...
Unlock the Boardroom with Cyber Risk: How the Qualys Enterprise TruRisk™ Platform Empowers CISOs
The Changing Landscape for CISOs " If you can't measure it, you can't manage it." - Peter Drucker This timeless adage by Drucker resonates deeply in today's digital era, where managing cyber risks has become a business-critical priority. According to a recent survey from Splunk, Today, nearly 50%...
A New Jam-Packed Biden Executive Order Tackles Cybersecurity, AI, and More
US president Joe Biden just issued a 40-page executive order that aims to bolster federal cybersecurity protections, directs government use of AI—and takes a swipe at Microsoft’s dominance...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-3393link is external Palo Alto Networks PAN-OS Malformed DNS Packet Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber...
New Mobile Phishing Targets Executives with Fake DocuSign Links
Cybercriminals are using advanced techniques to target executives with mobile-specific phishing attacks...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-12356link is external BeyondTrust Privileged Remote Access PRA and Remote Support RS Command Injection Vulnerability These types of vulnerabilities are frequent...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20767link is external Adobe ColdFusion Improper Access Control Vulnerability CVE-2024-35250link is external Microsoft Windows Kernel-Mode Driver Untrusted...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-45727link is external North Grid Proself Improper Restriction of XML External Entity XEE Reference Vulnerability CVE-2024-11680link is external ProjectSend...
CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)
A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities KEV catalog by the U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-38094 CVSS score: 7.2,...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38094link is external link is externalMicrosoft SharePoint Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious...
ICE's $2 Million Contract With a Spyware Vendor Is Under White House Review
Immigration and Customs Enforcement's contract with Paragon Solutions faces scrutiny over whether it complies with the Biden administration's executive order on spyware, WIRED has learned...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-30088link is external Microsoft Windows Kernel TOCTOU Race Condition Vulnerability CVE-2024-9680link is external Mozilla Firefox Use-After-Free Vulnerability...
CISA’s VDP Platform 2023 Annual Report Showcases Success
Today, the Cybersecurity and Infrastructure Security Agency CISA released its Vulnerability Disclosure Policy VDP Platform 2023 Annual Report, highlighting the service’s remarkable success in 2023, its second full year of operation. Throughout 2023, CISA focused on advocating for the increased...
CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic Manager vTM to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2024-7593 CVSS...
OESA-2024-2140 microcode_ctl security update
This is a tool to transform and deploy microcode update for x86 CPUs. Security Fixes: Improper isolation in the IntelR CoreTM Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.CVE-2023-42667 Improper isolation in...