EUVD-2013-1165

Malware in sbrugna...

EUVD-2020-5990

Malware in sbrugna...

EUVD-2023-1493

Malicious code in bioql PyPI...

CVE-2025-50090

...

CVE-2025-30728

...

CVE-2025-30704

...

Microsoft and Adobe Patch Tuesday, March 2025 Security Update Review

March 2025 Patch Tuesday is here, and Microsoft has rolled out critical security updates that address multiple vulnerabilities across its product suite. Here’s a quick breakdown of what you need to know. Microsoft Patch Tuesday for March 2025 Microsoft Patch's Tuesday, March 2025 edition addresse...

GHSA-98QH-7X9H-4W89 vulnerabilities

Vulnerabilities for packages: mysql...

GHSA-2FG8-6GGF-J2JG vulnerabilities

Vulnerabilities for packages: firefox-esr...

GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs

GitLab has shipped another round of updates to close out security flaws in its software development platform, including a critical bug that allows an attacker to run pipeline jobs as an arbitrary user. Tracked as CVE-2024-6385, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10....

New Fickle Stealer Exploits Software Flaws to Steal Crypto, Browser Data

Fortinet's FortiGuard Labs exposes the Fickle Stealer, a malware using multiple attack methods to steal logins, financial details, and more. Learn how to protect yourself from this evolving threat...

China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws

A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable of delivering additional backdoors on compromised Linux hosts as part of an "aggressive" campaign. Google-owned Mandiant is tracking the activity under its...

GHSA-MQ39-4GV4-MVPX vulnerabilities

Vulnerabilities for packages: docker-compose, cadvisor, crossplane, kaniko, up, syft, grype, tkn, datadog-agent, cilium-cli, trivy, ctop, buf, kubescape, wolfictl, buildkitd, kargo, aactl, conftest, dagger, zot, spire-server, melange, ko...

Fujitsu Bugs That Sent Innocent People to Prison Were Known ‘From the Start’

Software flaws were allegedly hidden from lawyers of wrongly convicted UK postal workers...

Explained: Fuzzing for security

Fuzzing, or fuzz testing, is defined as an automated software testing method that uses a wide range of invalid and unexpected data as input to find flaws in the software undergoing the test. The flaws do not necessarily have to be security vulnerabilities. Fuzzing can also bring other undesirable...

The vulnerability of NETGEAR’s Wi-Fi router software, including models RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, arises from insufficient cleaning of input data. This allows attackers to execute arbitrary commands.

The vulnerability of NETGEAR Wi-Fi router microprogramming systems, such as RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, is related to insufficient cleaning of input data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...

The vulnerabilities of the microprogrammed software of ZyXEL routers of the USG, UAG, ATP, VPN, and NXC series allow attackers to cause service failures or gain unauthorized access to protected information.

The vulnerability of microprogrammed ZyXEL routers of the USG, UAG, ATP, VPN, and NXC series is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures or gain unauthorized access to protected information...

How to get Ahead of Vulnerabilities and Protect your Enterprise Business

Security vulnerabilities are popping up all the time, and can put any business that uses technological assets at risk. In a nutshell, vulnerabilities represent the ideal opportunity for malicious actors to break into systems and wreak all types of havoc. From data theft to information compromise...

19-year-old ethical hacker is a millionaire now; thanks to his skills

By Carolina Argentina’s Santiago Lopez is now a millionaire due to his prowess on identifying flaws in online services as well as software. The ethical hacker who uses the moniker @trytohack became part of HackerOne’s bug bounty program in 2015 and so far he has reported more than 1,670 unique...

Intel, Microsoft Announce New Bug Bounties

Intel announced its first bug bounty program, offering up to $30,000 to researchers who find critical vulnerabilities in its hardware. The invite-only program, which is being run on the HackerOne platform, was announced today at the CanSecWest conference in Vancouver. Intel said its software,...