What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-10-04 20:39:00 | Researchers Report Supply Chain Vulnerability in Packagist PHP Repository (lien direct) | Researchers have disclosed details about a now-patched high-severity security flaw in Packagist, a PHP software package repository, that could have been exploited to mount software supply chain attacks. "This vulnerability allows gaining control of Packagist," SonarSource researcher Thomas Chauchefoin said in a report shared with The Hacker News. Packagist is used by the PHP package manager | Vulnerability | ||
|
2022-10-04 13:35:00 | ProxyNotShell – the New Proxy Hell? (lien direct) | Nicknamed ProxyNotShell, a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery (SSRF) vulnerability CVE-2022-41040 and a second vulnerability, CVE-2022-41082 that allows Remote Code Execution (RCE) when PowerShell is available to unidentified attackers. Based on ProxyShell, this new zero-day abuse risk leverage a chained attack similar to | Vulnerability | ||
|
2022-10-03 16:26:00 | Hackers Exploiting Dell Driver Vulnerability to Deploy Rootkit on Targeted Computers (lien direct) | The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver, highlighting new tactics adopted by the state-sponsored adversary. The Bring Your Own Vulnerable Driver (BYOVD) attack, which took place in the autumn of 2021, is another variant of the threat actor's espionage-oriented activity called Operation In(ter) | Vulnerability Threat Medical | APT 38 | |
|
2022-10-01 12:05:00 | CISA Warns of Hackers Exploiting Critical Atlassian Bitbucket Server Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed critical flaw impacting Atlassian's Bitbucket Server and Data Center to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2022-36804, the issue relates to a command injection vulnerability that could allow malicious actors to gain arbitrary | Vulnerability | ||
|
2022-09-28 10:33:00 | Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely (lien direct) | WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices. One of them concerns CVE-2022-36934 (CVSS score: 9.8), a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call. The issue impacts the WhatsApp and | Hack Vulnerability Guideline | ||
|
2022-09-24 10:33:00 | Hackers Actively Exploiting New Sophos Firewall RCE Vulnerability (lien direct) | Security software company Sophos has warned of cyberattacks targeting a recently addressed critical vulnerability in its firewall product. The issue, tracked as CVE-2022-3236 (CVSS score: 9.8), impacts Sophos Firewall v19.0 MR1 (19.0.1) and older and concerns a code injection vulnerability in the User Portal and Webadmin components that could result in remote code execution. The company said it | Vulnerability | ||
|
2022-09-23 15:51:00 | CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed security flaw in Zoho ManageEngine to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. "Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability which allows for remote code execution," the agency | Vulnerability | ||
|
2022-09-22 16:10:00 | Researchers Disclose Critical Vulnerability in Oracle Cloud Infrastructure (lien direct) | Researchers have disclosed a new severe Oracle Cloud Infrastructure (OCI) vulnerability that could be exploited by users to access the virtual disks of other Oracle customers. "Each virtual disk in Oracle's cloud has a unique identifier called OCID," Shir Tamari, head of research at Wiz, said in a series of tweets. "This identifier is not considered secret, and organizations do not treat it as | Vulnerability | ||
|
2022-09-22 14:47:00 | 15-Year-Old Unpatched Python Vulnerability Potentially Affects Over 350,000 Projects (lien direct) | As many as 350,000 open source projects are believed to be potentially vulnerable to exploitation as a result of a security flaw in a Python module that has remained unpatched for 15 years. The open source repositories span a number of industry verticals, such as software development, artificial intelligence/machine learning, web development, media, security, IT management. The shortcoming, | Vulnerability | ||
|
2022-09-22 11:47:00 | Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners (lien direct) | A now-patched critical security flaw affecting Atlassian Confluence Server that came to light a few months ago is being actively exploited for illicit cryptocurrency mining on unpatched installations. "If left unremedied and successfully exploited, this vulnerability could be used for multiple and more malicious attacks, such as a complete domain takeover of the infrastructure and the deployment | Vulnerability | ||
|
2022-09-16 16:28:00 | Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies (lien direct) | Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware. Cybersecurity company Trend Micro said it found the financially-motivated group leveraging the vulnerability to drop Python scripts with capabilities to disable operating system (OS) security features such as | Vulnerability | ||
|
2022-09-14 07:21:00 | Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day Vulnerability (lien direct) | A zero-day flaw in the latest version of a WordPress premium plugin known as WPGateway is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites. Tracked as CVE-2022-3180 (CVSS score: 9.8), the issue is being weaponized to add a malicious administrator user to sites running the WPGateway plugin, WordPress security company Wordfence | Vulnerability | ||
|
2022-09-12 16:34:00 | Why Vulnerability Scanning is Critical for SOC 2 (lien direct) | SOC 2 may be a voluntary standard, but for today's security-conscious business, it's a minimal requirement when considering a SaaS provider. Compliance can be a long and complicated process, but a scanner like Intruder makes it easy to tick the vulnerability management box. Security is critical for all organisations, including those that outsource key business operation to third parties like | Vulnerability | ||
|
2022-09-09 13:49:00 | Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in ~5 Million Attempts (lien direct) | A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed. "This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information," it said. BackupBuddy allows users to back up their entire WordPress installation from within the | Vulnerability | ||
|
2022-09-08 09:18:00 | Cisco Releases Security Patches for New Vulnerabilities Impacting Multiple Products (lien direct) | Cisco on Wednesday rolled out patches to address three security flaws affecting its products, including a high-severity weakness disclosed in NVIDIA Data Plane Development Kit (MLNX_DPDK) late last month. Tracked as CVE-2022-28199 (CVSS score: 8.6), the vulnerability stems from a lack of proper error handling in DPDK's network stack, enabling a remote adversary to trigger a denial-of-service ( | Vulnerability | ||
|
2022-09-07 10:58:00 | Critical RCE Vulnerability Affects Zyxel NAS Devices - Firmware Patch Released (lien direct) | Networking equipment maker Zyxel has released patches for a critical security flaw impacting its network-attached storage (NAS) devices. Tracked as CVE-2022-34747 (CVSS score: 9.8), the issue relates to a "format string vulnerability" affecting NAS326, NAS540, and NAS542 models. Zyxel credited researcher Shaposhnikov Ilya for reporting the flaw. "A format string vulnerability was found in a | Vulnerability | ||
|
2022-09-03 09:26:00 | Google Release Urgent Chrome Update to Patch New Zero-Day Vulnerability (lien direct) | Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier CVE-2022-3075, concerns a case of insufficient data validating in Mojo, which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC). An | Vulnerability | ||
|
2022-09-01 12:43:00 | Microsoft Discover Severe \'One-Click\' Exploit for TikTok Android App (lien direct) | Microsoft on Wednesday disclosed details of a now-patched "high severity vulnerability" in the TikTok app for Android that could let attackers take over accounts when victims clicked on a malicious link. "Attackers could have leveraged the vulnerability to hijack an account without users' awareness if a targeted user simply clicked a specially crafted link," Dimitrios Valsamaras of the Microsoft | Vulnerability | ★★★★★ | |
|
2022-09-01 08:54:00 | Apple Releases iOS Update for Older iPhones to Fix Actively Exploited Vulnerability (lien direct) | Apple on Wednesday backported security updates to older iPhones, iPads, and iPod touch devices to address a critical security flaw that has been actively exploited in the wild. The issue, tracked as CVE-2022-32893 (CVSS score: 8.8), is an out-of-bounds write issue affecting WebKit that could lead to arbitrary code execution when processing maliciously crafted web content. The tech | Vulnerability Guideline | ||
|
2022-08-31 11:12:00 | Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks (lien direct) | Google on Monday introduced a new bug bounty program for its open source projects, offering payouts anywhere from $100 to $31,337 (a reference to eleet or leet) to secure the ecosystem from supply chain attacks. Called the Open Source Software Vulnerability Rewards Program (OSS VRP), the offering is one of the first open source-specific vulnerability programs. With the tech giant the maintainer | Vulnerability | ||
|
2022-08-27 01:09:00 | Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center (lien direct) | Atlassian has rolled out fixes for a critical security flaw in Bitbucket Server and Data Center that could lead to the execution of malicious code on vulnerable installations. Tracked as CVE-2022-36804 (CVSS score: 9.9), the issue has been characterized as a command injection vulnerability in multiple endpoints that could be exploited via specially crafted HTTP requests. “An | Vulnerability Guideline | ||
|
2022-08-23 23:21:00 | GitLab Issues Patch for Critical Flaw in its Community and Enterprise Software (lien direct) | DevOps platform GitLab this week issued patches to address a critical security flaw in its software that could lead to arbitrary code execution on affected systems. Tracked as CVE-2022-2884, the issue is rated 9.9 on the CVSS vulnerability scoring system and impacts all versions of GitLab Community Edition (CE) and Enterprise Edition (EE) starting from 11.3.4 before 15.1.5, 15.2 before 15.2.3, | Vulnerability Guideline | ||
|
2022-08-22 20:03:00 | CISA Warns of Active Exploitation of Palo Alto Networks\' PAN-OS Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a security flaw impacting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2022-0028 (CVSS score: 8.6), is a URL filtering policy misconfiguration that could allow an unauthenticated, remote attacker to | Vulnerability | ||
|
2022-08-22 06:05:00 | "As Nasty as Dirty Pipe" - 8 Year Old Linux Kernel Vulnerability Uncovered (lien direct) | Details of an eight-year-old security vulnerability in the Linux kernel have emerged that the researchers say is "as nasty as Dirty Pipe." Dubbed DirtyCred by a group of academics from Northwestern University, the security weakness exploits a previously unknown flaw (CVE-2022-2588) to escalate privileges to the maximum level. "DirtyCred is a kernel exploitation concept that swaps unprivileged | Vulnerability | ||
|
2022-08-21 22:54:00 | Hackers Stole Crypto from Bitcoin ATMs by Exploiting Zero-Day Vulnerability (lien direct) | Bitcoin ATM manufacturer General Bytes confirmed that it was a victim of a cyberattack that exploited a previously unknown flaw in its software to plunder cryptocurrency from its users. "The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration | Vulnerability | ||
|
2022-08-20 07:19:00 | CISA Adds 7 New Actively Exploited Vulnerabilities to Catalog (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday moved to add a critical SAP security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The issue in question is CVE-2022-22536, which has received the highest possible risk score of 10.0 on the CVSS vulnerability scoring system and was addressed by SAP as part of its Patch | Vulnerability | ||
|
2022-08-19 01:23:06 | New Amazon Ring Vulnerability Could Have Exposed All Your Camera Recordings (lien direct) | Retail giant Amazon patched a high-severity security issue in its Ring app for Android in May that could have enabled a rogue application installed on a user's device to access sensitive information and camera recordings. The Ring app for Android has over 10 million downloads and enables users to monitor video feeds from smart home devices such as video doorbells, security cameras, and alarm | Vulnerability | ||
|
2022-08-18 02:26:20 | Penetration Testing or Vulnerability Scanning? What\'s the Difference? (lien direct) | Pentesting and vulnerability scanning are often confused for the same service. The problem is, business owners often use one when they really need the other. Let's dive in and explain the differences. People frequently confuse penetration testing and vulnerability scanning, and it's easy to see why. Both look for weaknesses in your IT infrastructure by exploring your systems in the same way an | Vulnerability | ||
|
2022-08-17 05:02:28 | New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild (lien direct) | Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild. Tracked as CVE-2022-2856, the issue has been described as a case of insufficient validation of untrusted input in Intents. Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on | Vulnerability Threat | ||
|
2022-08-16 07:58:22 | ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors (lien direct) | A group of researchers has revealed details of a new vulnerability affecting Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. Dubbed ÆPIC Leak, the weakness is the first-of-its-kind to architecturally disclose sensitive data in a manner that's akin to an "uninitialized memory read in the CPU itself." "In contrast to transient execution | Vulnerability | ||
|
2022-08-12 13:02:30 | Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders (lien direct) | A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that allow bypass of the UEFI Secure Boot feature. "These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load the vulnerable loader | Vulnerability | ||
|
2022-08-12 01:48:31 | Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions (lien direct) | Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances. The issue, assigned the identifier CVE-2022-20866 (CVSS score: 7.4), has been described as a "logic error" when handling RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) | Vulnerability Threat | ||
|
2022-08-11 23:14:20 | Researchers Warn of Ongoing Mass Exploitation of Zimbra RCE Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two flaws to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The two high-severity issues relate to weaknesses in Zimbra Collaboration, both of which could be chained to achieve unauthenticated remote code execution on affected email servers - CVE-2022-27925 (CVSS score: 7.2) | Vulnerability | ||
|
2022-08-10 23:07:07 | GitHub Dependabot Now Alerts Developers On Vulnerable GitHub Actions (lien direct) | Cloud-based code hosting platform GitHub has announced that it will now start sending Dependabot alerts for vulnerable GitHub Actions to help developers fix security issues in CI/CD workflows. "When a security vulnerability is reported in an action, our team of security researchers will create an advisory to document the vulnerability, which will trigger an alert to impacted repositories," | Vulnerability | ||
|
2022-08-09 23:59:19 | CISA Issues Warning on Active Exploitation of UnRAR Software for Linux Systems (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. Tracked as CVE-2022-30333 (CVSS score: 7.5), the issue concerns a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a | Vulnerability | ★★★★ | |
|
2022-08-09 23:12:13 | (Déjà vu) Microsoft Issues Patches for 121 Flaws, Including Zero-Day Under Active Attack (lien direct) | As many as 121 new security flaws were patched by Microsoft as part of its Patch Tuesday updates for the month of August, which also includes a fix for a Support Diagnostic Tool vulnerability that the company said is being actively exploited in the wild. Of the 121 bugs, 17 are rated Critical, 102 are rated Important, one is rated Moderate, and one is rated Low in severity. Two of the issues | Tool Vulnerability | ★★★★ | |
|
2022-08-04 22:54:43 | CISA Adds Zimbra Email Vulnerability to its Exploited Vulnerabilities Catalog (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed high-severity vulnerability in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue in question is CVE-2022-27924 (CVSS score: 7.5), a command injection flaw in the platform that could lead to the execution of arbitrary | Vulnerability Guideline | ||
|
2022-08-04 06:10:59 | Critical RCE Bug Could Let Hackers Remotely Take Over DrayTek Vigor Routers (lien direct) | As many as 29 different router models from DrayTek have been identified as affected by a new critical, unauthenticated, remote code execution vulnerability that, if successfully exploited, could lead to full compromise of the device and unauthorized access to the broader network. "The attack can be performed without user interaction if the management interface of the device has been configured | Vulnerability Guideline | ||
|
2022-08-04 05:55:40 | New Woody RAT Malware Being Used to Target Russian Organizations (lien direct) | An unknown threat actor has been targeting Russian entities with a newly discovered remote access trojan called Woody RAT for at least a year as part of a spear-phishing campaign. The advanced custom backdoor is said to be delivered via either of two methods: archive files and Microsoft Office documents leveraging the now-patched "Follina" support diagnostic tool vulnerability (CVE-2022-30190) | Malware Tool Vulnerability Threat | ★★★★★ | |
|
2022-08-02 05:05:19 | New \'ParseThru\' Parameter Smuggling Vulnerability Affects Golang-based Applications (lien direct) | Security researchers have discovered a new vulnerability called ParseThru affecting Golang-based applications that could be abused to gain unauthorized access to cloud-based applications. "The newly discovered vulnerability allows a threat actor to bypass validations under certain conditions, as a result of the use of unsafe URL parsing methods built in the language," Israeli cybersecurity firm | Vulnerability Threat | ★★★ | |
|
2022-07-29 03:49:50 | Dahua IP Camera Vulnerability Could Let Attackers Take Full Control Over Devices (lien direct) | Details have been shared about a security vulnerability in Dahua's Open Network Video Interface Forum (ONVIF) standard implementation, which, when exploited, can lead to seizing control of IP cameras. Tracked as CVE-2022-30563 (CVSS score: 7.4), the "vulnerability could be abused by attackers to compromise network cameras by sniffing a previous unencrypted ONVIF interaction and replaying the | Vulnerability Guideline | ||
|
2022-07-28 20:22:24 | Latest Critical Atlassian Confluence Vulnerability Under Active Exploitation (lien direct) | A week after Atlassian rolled out patches to contain a critical flaw in its Questions For Confluence app for Confluence Server and Confluence Data Center, the shortcoming has now come under active exploitation in the wild. The bug in question is CVE-2022-26138, which concerns the use of a hard-coded password in the app that could be exploited by a remote, unauthenticated attacker to gain | Vulnerability | ||
|
2022-07-27 04:00:30 | Taking the Risk-Based Approach to Vulnerability Patching (lien direct) | Software vulnerabilities are a major threat to organizations today. The cost of these threats is significant, both financially and in terms of reputation.Vulnerability management and patching can easily get out of hand when the number of vulnerabilities in your organization is in the hundreds of thousands of vulnerabilities and tracked in inefficient ways, such as using Excel spreadsheets or | Vulnerability Threat Patching | ||
|
2022-07-25 20:09:32 | Hackers Exploit PrestaShop Zero-Day to Steal Payment Data from Online Stores (lien direct) | Malicious actors are exploiting a previously unknown security flaw in the open source PrestaShop e-commerce platform to inject malicious skimmer code designed to swipe sensitive information. "Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites," the company noted in an advisory published on July 22. PrestaShop is | Vulnerability | ||
|
2022-07-22 11:39:32 | SonicWall Issues Patch for Critical Bug Affecting its Analytics and GMS Products (lien direct) | Network security company SonicWall on Friday rolled out fixes to mitigate a critical SQL injection (SQLi) vulnerability affecting its Analytics On-Prem and Global Management System (GMS) products. The vulnerability, tracked as CVE-2022-22280, is rated 9.4 for severity on the CVSS scoring system and stems from what the company describes is an "improper neutralization of special elements" used in | Vulnerability | ||
|
2022-07-21 01:46:43 | Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability (lien direct) | Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. The flaw, tracked as CVE-2022-26138, arises when the app in question is enabled on either of two services, causing it to create a Confluence user account with the username " | Vulnerability | ||
|
2022-07-20 21:58:18 | Cisco Releases Patches for Critical Flaws Impacting Nexus Dashboard for Data Centers (lien direct) | Cisco on Wednesday released security patches for 45 vulnerabilities affecting a variety of products, some of which could be exploited to execute arbitrary actions with elevated permissions on affected systems. Of the 45 bugs, one security vulnerability is rated Critical, three are rated High, and 41 are rated Medium in severity. The most severe of the issues are CVE-2022-20857, CVE-2022-20858, | Vulnerability | ||
|
2022-07-18 08:33:57 | New Study Finds Most Enterprise Vendors Failing to Mitigate Speculative Execution Attacks (lien direct) | With speculative execution attacks remaining a stubbornly persistent vulnerability ailing modern processors, new research has highlighted an "industry failure" to adopting mitigations released by AMD and Intel, posing a firmware supply chain threat. Dubbed FirmwareBleed by Binarly, the information leaking assaults stem from the continued exposure of microarchitectural attack surfaces on the part | Vulnerability | ||
|
2022-07-18 07:12:55 | Experts Notice Sudden Surge in Exploitation of WordPress Page Builder Plugin Vulnerability (lien direct) | Researchers from Wordfence have sounded the alarm about a "sudden" spike in cyber attacks attempting to exploit an unpatched flaw in a WordPress plugin called Kaswara Modern WPBakery Page Builder Addons. Tracked as CVE-2021-24284, the issue is rated 10.0 on the CVSS vulnerability scoring system and relates to an unauthenticated arbitrary file upload that could be abused to gain code execution, | Vulnerability | ||
|
2022-07-18 05:13:46 | Mind the Gap – How to Ensure Your Vulnerability Detection Methods are up to Scratch (lien direct) | With global cybercrime costs expected to reach $10.5 trillion annually by 2025, it comes as little surprise that the risk of attack is companies' biggest concern globally. To help businesses uncover and fix the vulnerabilities and misconfigurations affecting their systems, there is an (over)abundance of solutions available. But beware, they may not give you a full and continuous view of your | Vulnerability |
To see everything:
Our RSS (filtrered)
