This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T14:03:18+00:00 www.secnews.physaphae.fr Dark Reading - Informationweek Branch The security researcher who questioned the effectiveness of a patch for recently disclosed bug in Commvault Command Center did not test patched version, the company says.]]> 2025-05-09T16:58:56+00:00 https://www.darkreading.com/application-security/commvault-patch-works-as-intended www.secnews.physaphae.fr/article.php?IdArticle=8673766 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Three vulnerabilities in SMA 100 gateways could facilitate root RCE attacks, and one of the vulnerabilities has already been exploited in the wild.]]> 2025-05-08T19:43:42+00:00 https://www.darkreading.com/endpoint-security/sonicwall-patch-exploit-chain-sma-devices www.secnews.physaphae.fr/article.php?IdArticle=8673395 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Previously, Microsoft reported that Storm-2460 had also used the privilege escalation bug to deploy ransomware on organizations in several countries.]]> 2025-05-07T20:08:42+00:00 https://www.darkreading.com/cyberattacks-data-breaches/play-ransomware-group-windows-zero-day www.secnews.physaphae.fr/article.php?IdArticle=8672929 False Ransomware,Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch CISA added CVE-2025-34028 to its catalog of known exploited vulnerabilities, citing active attacks in the wild.]]> 2025-05-06T21:24:58+00:00 https://www.darkreading.com/cyberattacks-data-breaches/researcher-patched-commvault-bug-exploitable www.secnews.physaphae.fr/article.php?IdArticle=8672473 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The vulnerability, which has a CVSS score of 9.8, is under attack and allows threat actors to remotely execute arbitrary commands on servers running the agentic AI builder.]]> 2025-05-06T20:26:35+00:00 https://www.darkreading.com/vulnerabilities-threats/easily-exploitable-langflow-vulnerability-patching www.secnews.physaphae.fr/article.php?IdArticle=8672451 False Vulnerability,Threat,Patching None 3.0000000000000000 Dark Reading - Informationweek Branch The vulnerabilities affect SonicWall\'s SMA devices for secure remote access, which have been heavily targeted by threat actors in the past.]]> 2025-05-06T14:45:09+00:00 https://www.darkreading.com/threat-intelligence/two-sonicwall-vulnerabilities-under-exploitation www.secnews.physaphae.fr/article.php?IdArticle=8672348 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The number of vulnerabilities exploited by attacks may not be growing these days, but they are increasingly affecting enterprise technologies.]]> 2025-04-29T10:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/vulnerability-exploitation-shifting-2024-25 www.secnews.physaphae.fr/article.php?IdArticle=8669404 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch An analysis of more than a half-million mobile apps find encryption problems, privacy issues, and known vulnerabilities in third-party code. What can users and developers do?]]> 2025-04-25T17:57:59+00:00 https://www.darkreading.com/remote-workforce/mobile-applications-cesspool-security-issues www.secnews.physaphae.fr/article.php?IdArticle=8667773 False Vulnerability,Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch Though already patched, the vulnerability is especially problematic because of the highly privileged access it offers to business-critical systems, sensitive data, and backups for attackers.]]> 2025-04-24T21:06:30+00:00 https://www.darkreading.com/cyber-risk/max-severity-commvault-bug-researchers www.secnews.physaphae.fr/article.php?IdArticle=8667370 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The incident should serve as a critical wake-up call. The stakes are simply too high to treat AI security as an afterthought - especially when the Dark Web stands ready to capitalize on every vulnerability.]]> 2025-04-22T14:00:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/deepseek-breach-opens-floodgates-dark-web www.secnews.physaphae.fr/article.php?IdArticle=8666172 False Vulnerability None 4.0000000000000000 Dark Reading - Informationweek Branch The vulnerability is only found in the vendor\'s router series and can be triggered by an attacker using a crafted request - all of which helps make it a highly critical vulnerability with a 9.2 CVSS score.]]> 2025-04-21T16:21:05+00:00 https://www.darkreading.com/cloud-security/asus-patch-aicloud-router-vuln www.secnews.physaphae.fr/article.php?IdArticle=8665751 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch 2025-04-18T19:14:51+00:00 https://www.darkreading.com/application-security/organizations-fix-less-than-half-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8664611 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The technology giant said two zero-day vulnerabilities were used in attacks on iOS devices against "specific targeted individuals," which suggests spyware or nation-state threat activity.]]> 2025-04-18T13:01:45+00:00 https://www.darkreading.com/vulnerabilities-threats/apple-zero-days-sophisticated-attacks www.secnews.physaphae.fr/article.php?IdArticle=8664521 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The AI security startup has already made waves with critical vulnerability discoveries and seeks to address emerging AI concerns with its PromptArmor platform.]]> 2025-04-17T18:10:49+00:00 https://www.darkreading.com/cyber-risk/promptarmor-launches-assess-monitor-third-party-ai-risk www.secnews.physaphae.fr/article.php?IdArticle=8664455 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The attacks have been going on since shortly after Microsoft patched the vulnerability in March.]]> 2025-04-16T21:25:24+00:00 https://www.darkreading.com/cyberattacks-data-breaches/multiple-group-exploiting-ntlm-flaw www.secnews.physaphae.fr/article.php?IdArticle=8663758 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Customer data such as birth dates, credit card numbers and driver\'s license information were stolen when threat actors exploited zero-day vulnerabilities in Cleo-managed file transfer products.]]> 2025-04-15T18:37:46+00:00 https://www.darkreading.com/vulnerabilities-threats/hertz-falls-victim-cleo-zero-day-attacks www.secnews.physaphae.fr/article.php?IdArticle=8663197 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch A threat actor posted about the zero-day exploit on the same day that Fortinet published a warning about known vulnerabilities under active exploitation.]]> 2025-04-14T17:20:30+00:00 https://www.darkreading.com/vulnerabilities-threats/fortinet-zero-day-arbitrary-code-execution www.secnews.physaphae.fr/article.php?IdArticle=8662779 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Gladinet\'s platform is widely used among managed service providers, and a critical deserialization flaw could put MSP customers in jeopardy.]]> 2025-04-10T21:15:36+00:00 https://www.darkreading.com/vulnerabilities-threats/zero-day-centrestack-platform-under-attack www.secnews.physaphae.fr/article.php?IdArticle=8661517 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Neither security issue requires user interaction; and one of the vulnerabilities was used to unlock a student activist\'s device in an attempt to install spyware.]]> 2025-04-08T16:17:21+00:00 https://www.darkreading.com/vulnerabilities-threats/android-zero-day-bugs-active-exploit www.secnews.physaphae.fr/article.php?IdArticle=8660988 False Vulnerability,Threat,Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch Secure by Design is an important step to reduce the number of vulnerabilities present originally, but is it progressing fast enough? Security experts Chris Wysopal and Jason Healey say things are improving for the better.]]> 2025-04-07T22:58:06+00:00 https://www.darkreading.com/application-security/optimism-about-secure-by-design-progress www.secnews.physaphae.fr/article.php?IdArticle=8660937 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The changes will go into effect over the next several days to reflect which CVEs are being prioritized in the National Vulnerability Database (NVD).]]> 2025-04-07T19:00:35+00:00 https://www.darkreading.com/vulnerabilities-threats/nist-deferred-status-dated-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8660807 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch At least three major energy solution and renewable energy companies have nearly 50 vulnerabilities - many of them "basic" mistakes - indicating a lack of developed cybersecurity safeguards.]]> 2025-04-04T08:16:36+00:00 https://www.darkreading.com/vulnerabilities-threats/security-bugs-could-rain-out-solar-grids www.secnews.physaphae.fr/article.php?IdArticle=8660251 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch CrushFTP CEO Ben Spink slammed several cybersecurity companies for creating confusion around a critical authentication bypass flaw that\'s currently under attack.]]> 2025-04-03T19:51:25+00:00 https://www.darkreading.com/vulnerabilities-threats/disclosure-drama-clouds-crushftp-vulnerability-exploitation www.secnews.physaphae.fr/article.php?IdArticle=8660118 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Over the past few weeks, bad actors from different regions have been scanning devices with the VPN for potential vulnerabilities.]]> 2025-04-01T20:53:27+00:00 https://www.darkreading.com/perimeter/scans-pan-globalprotect-vpns-attacks www.secnews.physaphae.fr/article.php?IdArticle=8659707 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The FDA\'s regulations and guidance aim to strike a balance between ensuring rigorous oversight and enabling manufacturers to act swiftly when vulnerabilities are discovered.]]> 2025-04-01T14:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/fdas-critical-role-keeping-medical-devices-secure www.secnews.physaphae.fr/article.php?IdArticle=8659617 False Vulnerability,Medical None 2.0000000000000000 Dark Reading - Informationweek Branch Threat actors are exploiting a vulnerability in Ivanti Connect Secure first disclosed by the vendor in January.]]> 2025-03-31T17:57:03+00:00 https://www.darkreading.com/cyberattacks-data-breaches/cisa-warns-resurge-malware-ivanti-vuln www.secnews.physaphae.fr/article.php?IdArticle=8659443 False Malware,Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Digital transformation has revolutionized industries with critical infrastructure - but it has also introduced new vulnerabilities.]]> 2025-03-28T14:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/navigating-cyber-risks-new-defenses www.secnews.physaphae.fr/article.php?IdArticle=8658905 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Researchers at Kaspersky discovered cyber-espionage activity that used the vulnerability in a one-click phishing attack to deliver malware.]]> 2025-03-26T11:27:34+00:00 https://www.darkreading.com/cyberattacks-data-breaches/google-patches-chrome-zero-day-exploited-apt www.secnews.physaphae.fr/article.php?IdArticle=8658347 False Malware,Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Upgrading the organization\'s Windows 10 systems to Windows 11 could potentially introduce vulnerabilities into the environment through misconfigured hardware.]]> 2025-03-24T22:29:30+00:00 https://www.darkreading.com/endpoint-security/windows-10-end-of-life-puts-smb-at-risk www.secnews.physaphae.fr/article.php?IdArticle=8658099 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch A threat actor posted data on Breachforums from an alleged supply-chain attack that affected more than 140K tenants, claiming to have compromised the cloud via a zero-day flaw in WebLogic, researchers say.]]> 2025-03-24T15:29:40+00:00 https://www.darkreading.com/cyberattacks-data-breaches/oracle-denies-claim-oracle-cloud-breach-6m-records www.secnews.physaphae.fr/article.php?IdArticle=8657835 False Vulnerability,Threat,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch CISA this week added CVE-2025-24472 to its catalog of known exploited vulnerabilities, citing ransomware activity targeting the authentication bypass flaw.]]> 2025-03-19T21:19:12+00:00 https://www.darkreading.com/cyberattacks-data-breaches/critical-fortinet-vulnerability-draws-fresh-attention www.secnews.physaphae.fr/article.php?IdArticle=8656788 False Ransomware,Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch A server-side request forgery vulnerability in OpenAI\'s chatbot infrastructure can allow attackers to direct users to malicious URLs, leading to a range of threat activity.]]> 2025-03-18T15:28:52+00:00 https://www.darkreading.com/cyberattacks-data-breaches/actively-exploited-chatgpt-bug-organizations-risk www.secnews.physaphae.fr/article.php?IdArticle=8656493 False Vulnerability,Threat ChatGPT 3.0000000000000000 Dark Reading - Informationweek Branch The researchers who discovered the initial assault warned that the simple, staged attack is just the beginning for advanced exploit sequences that will test cyber defenses in new and more difficult ways.]]> 2025-03-17T18:52:23+00:00 https://www.darkreading.com/vulnerabilities-threats/apache-tomcat-rce-vulnerability-exploit www.secnews.physaphae.fr/article.php?IdArticle=8656299 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch A threat actor leveraged the vulnerability in an "extremely sophisticated" attack on targeted iOS users, the company says.]]> 2025-03-12T20:48:51+00:00 https://www.darkreading.com/mobile-security/apple-drops-another-webkit-zero-day-bug www.secnews.physaphae.fr/article.php?IdArticle=8655377 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch In the past, the vulnerability was exploited to drop Mirai botnet malware. Today, it\'s being used once more for another botnet campaign with its own malware.]]> 2025-03-12T15:36:53+00:00 https://www.darkreading.com/cyberattacks-data-breaches/ballista-botnet-campaign-exploits-2023-vuln-tp-link-routers www.secnews.physaphae.fr/article.php?IdArticle=8655326 False Malware,Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The number of zero-day vulnerabilities getting patched in Microsoft\'s March update is the company\'s second-largest ever.]]> 2025-03-11T21:25:02+00:00 https://www.darkreading.com/application-security/whopping-number-microsoft-zero-days-under-attack www.secnews.physaphae.fr/article.php?IdArticle=8655136 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch More than 41,000 ESXi instances remain vulnerable to a critical VMware vulnerability, one of three that Broadcom disclosed earlier this week.]]> 2025-03-07T18:26:33+00:00 https://www.darkreading.com/remote-workforce/zero-days-risk-vm-escape-attacks www.secnews.physaphae.fr/article.php?IdArticle=8654579 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The now-patched bugs are under active exploit and enable attackers to carry out a wide range of malicious activities, including escaping a virtual machine and gaining access to the underlying host.]]> 2025-03-04T22:29:43+00:00 https://www.darkreading.com/vulnerabilities-threats/vmware-zero-day-bugs-sandbox-escape www.secnews.physaphae.fr/article.php?IdArticle=8653594 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch A host of automated approaches identifies and remediates potential vulns while still retaining a role for security analysts to filter for context and business criticality.]]> 2025-02-25T14:01:00+00:00 https://www.darkreading.com/application-security/gen-ai-accelerates-triage-of-software-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8651617 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Nearly a third of organizations have an operational system connected to the Internet with a known exploited vulnerability, as attacks by state and non-state actors increase.]]> 2025-02-25T11:00:00+00:00 https://www.darkreading.com/cyber-risk/industrial-system-cyberattacks-surge-ot-vulnerable www.secnews.physaphae.fr/article.php?IdArticle=8650823 False Vulnerability,Industrial None 3.0000000000000000 Dark Reading - Informationweek Branch A patch bypass for a bug in the popular desktop emulator enables root-level privilege escalation and has no fix in sight.]]> 2025-02-24T22:36:32+00:00 https://www.darkreading.com/application-security/zero-day-bug-parallels-desktop-mac www.secnews.physaphae.fr/article.php?IdArticle=8650651 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The authentication bypass vulnerability in the OS for the company\'s firewall devices is under increasing attack and being chained with other bugs, making it imperative for organizations to mitigate the issue ASAP.]]> 2025-02-19T16:39:14+00:00 https://www.darkreading.com/remote-workforce/patch-now-cisa-researchers-warn-palo-alto-flaw-exploited-wild www.secnews.physaphae.fr/article.php?IdArticle=8649029 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Attackers are using patched bugs to potentially gain unfettered access to an organization\'s Windows environment under certain conditions.]]> 2025-02-18T22:28:33+00:00 https://www.darkreading.com/iot/xerox-printer-vulnerabilities-credential-capture www.secnews.physaphae.fr/article.php?IdArticle=8648927 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Winnti once used a variety of malware but is now focused on SQL vulnerabilities and obfuscation, updated encryption, and new evasion methods to gain access.]]> 2025-02-18T22:17:55+00:00 https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-group-japanese-orgs-servers www.secnews.physaphae.fr/article.php?IdArticle=8648918 False Malware,Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Companies pursing internal AI development using models from Hugging Face and other open source repositories need to focus on supply chain security and checking for vulnerabilities.]]> 2025-02-14T15:00:00+00:00 https://www.darkreading.com/cyber-risk/open-source-ai-models-pose-risks-of-malicious-code-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8648502 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The vulnerability could allow a threat actor to disable the security feature on a locked device and gain access to user data.]]> 2025-02-11T21:41:57+00:00 https://www.darkreading.com/endpoint-security/apple-releases-urgent-patch-usb-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8648125 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch CISA and the FDA are warning that Contec CMS8000 and Epsimed MN-120 patient monitors are open to meddling and data theft; Claroty Team82 flagged the vulnerability as an avoidable insecure design issue.]]> 2025-02-06T20:53:41+00:00 https://www.darkreading.com/vulnerabilities-threats/agencies-sound-alarm-patient-monitors-hardcoded-backdoor www.secnews.physaphae.fr/article.php?IdArticle=8647298 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Organizations and development teams need to evolve from "being prepared" to "managing the risk" of security breaches.]]> 2025-02-04T15:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/managing-software-risk-world-exploding-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8646838 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch By integrating security into CI/CD, applying automated policies, and supporting developers with the right processes and tools, infosec teams can increase efficiency and build secure software.]]> 2025-02-03T15:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/proactive-vulnerability-management-engineering-success www.secnews.physaphae.fr/article.php?IdArticle=8646554 False Tool,Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The addition of Solvo CSPM to CYE Hyver aims to address need for multicloud vulnerability monitoring and risk assessment.]]> 2025-01-30T13:17:58+00:00 https://www.darkreading.com/cloud-security/exposure-management-provider-cye-acquires-solvo www.secnews.physaphae.fr/article.php?IdArticle=8644789 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch While Microsoft has boosted the security of Windows Print Spooler in the three years since the disclosure of the PrintNightmare vulnerability, the service remains a spooky threat that organizations cannot afford to ignore.]]> 2025-01-29T22:10:29+00:00 https://www.darkreading.com/endpoint-security/windows-print-spooler-security-improves-in-wake-of-printnightmare-scare www.secnews.physaphae.fr/article.php?IdArticle=8644595 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch VulnCheck initially disclosed the critical command-injection vulnerability (CVE-2024-40891) six months ago, but Zyxel has yet to mention its existence or offer users a patch to mitigate threats.]]> 2025-01-29T19:54:26+00:00 https://www.darkreading.com/endpoint-security/unpatched-zyxel-cpe-zero-day-cyberattackers www.secnews.physaphae.fr/article.php?IdArticle=8644444 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Yet another spinoff of the infamous DDoS botnet is exploiting a known vulnerability in active attacks, while its threat actors are promoting it on Telegram for other attackers to use as well, in a DDoS-as-a-service model.]]> 2025-01-29T18:03:01+00:00 https://www.darkreading.com/endpoint-security/mirai-variant-aquabot-exploits-mitel-phone-flaws www.secnews.physaphae.fr/article.php?IdArticle=8644401 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The now-fixed vulnerability involved a major travel services company that\'s integrated with dozens of airline websites worldwide.]]> 2025-01-28T22:07:14+00:00 https://www.darkreading.com/application-security/oauth-flaw-exposed-millions-airline-users-account-takeovers www.secnews.physaphae.fr/article.php?IdArticle=8644029 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The firewall specialist has patched the security flaw, which was responsible for a series of attacks reported earlier this month that compromised FortiOS and FortiProxy products exposed to the public Internet.]]> 2025-01-28T11:46:57+00:00 https://www.darkreading.com/cloud-security/actively-exploited-fortinet-zero-day-attackers-super-admin-privileges www.secnews.physaphae.fr/article.php?IdArticle=8643940 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The Apple iOS 18.3 update fixes 28 other vulnerabilities identified by the tech company, though there is little information on them.]]> 2025-01-27T22:30:27+00:00 https://www.darkreading.com/endpoint-security/apple-patches-actively-exploited-zero-day-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8643530 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The threat actors are abusing the vulnerabilities to gain initial access, obtain credentials, and install malicious scripts on user devices.]]> 2025-01-23T17:57:23+00:00 https://www.darkreading.com/vulnerabilities-threats/cisa-ivanti-vulns-chained-attacks www.secnews.physaphae.fr/article.php?IdArticle=8641677 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch BeyondTrust has patched all cloud instances of the vulnerability and has released patches for self-hosted versions.]]> 2025-01-15T16:51:35+00:00 https://www.darkreading.com/vulnerabilities-threats/cisa-warns-of-second-vuln-found-in-beyondtrust-breach-investigation www.secnews.physaphae.fr/article.php?IdArticle=8637823 False Vulnerability,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch Emergent macOS vulnerability lets adversaries circumvent Apple\'s System Integrity Protection (SIP) by loading third-party kernels.]]> 2025-01-14T21:45:43+00:00 https://www.darkreading.com/vulnerabilities-threats/apple-bug-root-protections-bypass-physical-access www.secnews.physaphae.fr/article.php?IdArticle=8637356 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch An ongoing campaign targeting FortiGate devices with management interfaces exposed on the public Internet is leading to unauthorized administrative logins and configuration changes, creating new accounts, and performing SSL VPN authentication.]]> 2025-01-14T17:50:24+00:00 https://www.darkreading.com/threat-intelligence/zero-day-security-bug-fortinet-firewall-attacks www.secnews.physaphae.fr/article.php?IdArticle=8637257 True Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, enables unauthenticated remote code execution on affected systems, which cyberattackers are using to plant malware.]]> 2025-01-13T20:44:00+00:00 https://www.darkreading.com/cloud-security/cloud-attackers-exploit-max-critical-aviatrix-rce-flaw www.secnews.physaphae.fr/article.php?IdArticle=8636859 False Malware,Vulnerability,Threat,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch In just two years, LLMs have become standard for developers - and non-developers - to generate code, but companies still need to improve security processes to reduce software vulnerabilities.]]> 2025-01-06T14:33:58+00:00 https://www.darkreading.com/application-security/will-ai-code-generators-overcome-their-insecurities-2025 www.secnews.physaphae.fr/article.php?IdArticle=8634278 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Weeks after the critical vulnerability was reported and a hacking of the Treasury Department, nearly 9,000 BeyondTrust instances remain wide open to the Internet, researchers say.]]> 2025-01-03T22:41:51+00:00 https://www.darkreading.com/threat-intelligence/thousands-of-buggy-beyondtrust-systems-still-exposed www.secnews.physaphae.fr/article.php?IdArticle=8633259 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Windows servers are vulnerable to a dangerous LDAP vulnerability that could be used to crash multiple servers at once and should be patched immediately.]]> 2025-01-02T16:28:38+00:00 https://www.darkreading.com/vulnerabilities-threats/active-directory-flaw-can-crash-any-microsoft-server-connected-to-the-internet www.secnews.physaphae.fr/article.php?IdArticle=8632861 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch From zero-day exploits to 5G network vulnerabilities, these are the threats that are expected to persist over the next 12 months.]]> 2024-12-26T14:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/emerging-threats-vulnerabilities-prepare-2025 www.secnews.physaphae.fr/article.php?IdArticle=8630223 False Vulnerability,Threat,Prediction None 3.0000000000000000 Dark Reading - Informationweek Branch This Tech Tip outlines what enterprise defenders need to do to protect their enterprise environment from the new NTLM vulnerability.]]> 2024-12-20T19:25:41+00:00 https://www.darkreading.com/endpoint-security/how-to-protect-your-environment-from-the-ntlm-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8628081 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn\'t enough to fix it.]]> 2024-12-19T17:46:16+00:00 https://www.darkreading.com/application-security/actively-exploited-bug-struts-2 www.secnews.physaphae.fr/article.php?IdArticle=8627632 False Vulnerability,Patching None 2.0000000000000000 Dark Reading - Informationweek Branch Three vulnerabilities in the service\'s Apache Airflow integration could have allowed attackers to take shadow administrative control over an enterprise cloud infrastructure, gain access to and exfiltrate data, and deploy malware.]]> 2024-12-17T16:21:38+00:00 https://www.darkreading.com/cloud-security/azure-data-factory-bugs-expose-cloud-infrastructure www.secnews.physaphae.fr/article.php?IdArticle=8626651 False Malware,Vulnerability,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch Defenders running the Cleo managed file transfer are urged to be on the lookout for the Cleopatra backdoor and other indicators of an ongoing ransomware campaign, as patching details remain foggy, and no CVE has been issued.]]> 2024-12-13T21:56:35+00:00 https://www.darkreading.com/application-security/cleo-mft-zero-day-exploits-escalate-analysts-warn www.secnews.physaphae.fr/article.php?IdArticle=8624790 False Ransomware,Vulnerability,Threat,Patching None 2.0000000000000000 Dark Reading - Informationweek Branch The US State Department has offered a $10 million reward for Guan Tianfeng, who has been accused of developing and testing a critical SQL injection flaw with a CVSS score of 9.8 used in Sophos attacks.]]> 2024-12-11T22:47:17+00:00 https://www.darkreading.com/cyberattacks-data-breaches/chinese-hacker-pwns-81k-sophos-devices-with-zero-day-bug www.secnews.physaphae.fr/article.php?IdArticle=8623692 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch High-profile security incidents provide examples of how common vulnerabilities can be exploited. If you pay attention, you can learn from others\' mistakes.]]> 2024-12-11T15:50:59+00:00 https://www.darkreading.com/cyberattacks-data-breaches/cybersecurity-lessons-from-3-public-breaches www.secnews.physaphae.fr/article.php?IdArticle=8623524 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.]]> 2024-12-10T22:21:02+00:00 https://www.darkreading.com/application-security/microsoft-zero-day-critical-rces-patch-tuesday www.secnews.physaphae.fr/article.php?IdArticle=8623098 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The threat actor group recently took credit for a similar attack on Blue Yonder that affected multiple organizations, including Starbucks.]]> 2024-12-10T21:03:08+00:00 https://www.darkreading.com/cyberattacks-data-breaches/termite-ransomware-behind-cleo-zero-day-attacks www.secnews.physaphae.fr/article.php?IdArticle=8623056 False Ransomware,Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice.]]> 2024-12-09T22:42:00+00:00 https://www.darkreading.com/application-security/microsoft-ntlm-zero-day-remain-unpatched-april www.secnews.physaphae.fr/article.php?IdArticle=8622494 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch We can anticipate a growing number of emerging vulnerabilities in the near future, emphasizing the need for an effective prioritization strategy.]]> 2024-12-09T15:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/large-scale-incidents-art-vulnerability-prioritization www.secnews.physaphae.fr/article.php?IdArticle=8622296 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch A single barrier prevented attackers from exploiting a critical vulnerability in an enterprise collaboration platform. Now there\'s a workaround.]]> 2024-12-05T21:13:03+00:00 https://www.darkreading.com/vulnerabilities-threats/bypass-bug-critical-n-day-mitel-micollab www.secnews.physaphae.fr/article.php?IdArticle=8620290 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch By understanding the unique challenges of protecting IoT and OT devices, organizations can safeguard these critical assets against evolving cyber threats.]]> 2024-12-05T15:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/vulnerability-management-challenges-iot-ot-environments www.secnews.physaphae.fr/article.php?IdArticle=8620128 False Vulnerability,Industrial None 2.0000000000000000 Dark Reading - Informationweek Branch The vulnerability affects certain versions of the Veeam Service Provider Console that can only be fixed by updating with the latest patch.]]> 2024-12-04T20:47:06+00:00 https://www.darkreading.com/vulnerabilities-threats/veeam-urges-updates-after-discovering-critical-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8619667 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Proposals from Google and Apple drastically reduce the life cycle of certificates, which should mean more oversight - and hopefully better control.]]> 2024-12-04T14:01:11+00:00 https://www.darkreading.com/vulnerabilities-threats/digital-certificate-shorter-lifespan-reduces-security-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8619460 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Cisco encourages users to update to an unaffected version of its Adaptive Security Appliance (ASA) software since there are no workarounds for the 2014 vulnerability.]]> 2024-12-03T20:25:34+00:00 https://www.darkreading.com/vulnerabilities-threats/decade-old-cisco-vulnerability-exploit www.secnews.physaphae.fr/article.php?IdArticle=8619067 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch GenAI\'s 30%-50% coding productivity boost comes with a downside - it\'s also generating vulnerabilities. Veracode\'s Chris Wysopal talks about what he finds out in this News Desk interview during Black Hat USA.]]> 2024-11-27T13:10:10+00:00 https://www.darkreading.com/application-security/can-genai-write-secure-code-news-desk-black-hat-2024 www.secnews.physaphae.fr/article.php?IdArticle=8618029 False Vulnerability None 4.0000000000000000 Dark Reading - Informationweek Branch The innocuously named Russian-sponsored cyber threat actor has combined critical and serious vulnerabilities in Windows and Firefox products in a zero-click code execution exploit.]]> 2024-11-26T21:36:42+00:00 https://www.darkreading.com/application-security/romcom-apt-zero-day-zero-click-browser-escapes-firefox-tor www.secnews.physaphae.fr/article.php?IdArticle=8617943 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Findings reveal growing cybersecurity risks in ecommerce, exposing vulnerabilities in PII handling and lack of basic security protections like HTTPS and WAFs]]> 2024-11-26T16:11:46+00:00 https://www.darkreading.com/application-security/cycognito-report-highlights-rising-cybersecurity-risks-holiday-e-commerce www.secnews.physaphae.fr/article.php?IdArticle=8617911 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch At least 97 major water systems in the US have serious cybersecurity vulnerabilities and compliance issues, raising concerns that cyberattacks could disrupt businesses, industry, and the lives of millions of citizens.]]> 2024-11-22T16:48:01+00:00 https://www.darkreading.com/vulnerabilities-threats/leaky-cybersecurity-holes-water-systems-risk www.secnews.physaphae.fr/article.php?IdArticle=8616109 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch An elusive, sophisticated cybercriminal group has used known and zero-day vulnerabilities to compromise more than 20,000 SOHO routers and other IoT devices so far, and then puts them up for sale on a residential proxy marketplace for state-sponsored cyber-espionage actors and others to use.]]> 2024-11-20T14:14:02+00:00 https://www.darkreading.com/cloud-security/water-barghest-sells-hijacked-iot-devices-proxy-botnet-misuse www.secnews.physaphae.fr/article.php?IdArticle=8614785 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch A vulnerability found in the Really Simple Security plug-in allows an attacker to remotely gain access to any account on an affected website, including the administrator, when 2FA is enabled.]]> 2024-11-18T20:14:15+00:00 https://www.darkreading.com/cloud-security/critical-wordpress-plugin-flaw-4m-sites-takeover www.secnews.physaphae.fr/article.php?IdArticle=8613684 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The security vendor\'s Expedition firewall appliance\'s PAN-OS interface tool has racked up four critical security vulnerabilities under active attack in November, leading tit to advise customers to update immediately or and take them off the Internet.]]> 2024-11-18T17:11:38+00:00 https://www.darkreading.com/cyberattacks-data-breaches/palo-alto-networks-patches-critical-zero-day-bug-firewalls www.secnews.physaphae.fr/article.php?IdArticle=8613605 False Tool,Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Among the top exploited zero-day vulnerabilities were bugs found in systems from Citrix and Cisco.]]> 2024-11-13T22:34:56+00:00 https://www.darkreading.com/cyberattacks-data-breaches/zero-days-wins-superlative-most-exploited-vulns www.secnews.physaphae.fr/article.php?IdArticle=8610666 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The tech giant fixed privilege-escalation and model-exfiltration vulnerabilities in Vertex AI that could have allowed attackers to steal or poison custom-built AI models.]]> 2024-11-13T19:47:53+00:00 https://www.darkreading.com/cloud-security/google-ai-platform-bugs-proprietary-enterprise-llms www.secnews.physaphae.fr/article.php?IdArticle=8610579 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack.]]> 2024-11-12T22:41:11+00:00 https://www.darkreading.com/cloud-security/2-zero-day-bugs-microsoft-nov-update-active-exploit www.secnews.physaphae.fr/article.php?IdArticle=8610051 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch There is some disagreement over whether the remote code execution (RCE) security flaws allow for unauthenticated exploitation or not. Citrix says no, but researchers say the company is downplaying a "good old unauthenticated RCE."]]> 2024-11-12T16:31:25+00:00 https://www.darkreading.com/cloud-security/citrix-patches-zero-day-recording-manager-bugs www.secnews.physaphae.fr/article.php?IdArticle=8609912 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The unpatched security vulnerability, which doesn\'t have a CVE yet, is due to an exposed Microsoft Message Queuing (MSMQ) instance and the use of the insecure BinaryFormatter.]]> 2024-11-12T15:09:12+00:00 https://www.darkreading.com/cloud-security/citrix-recording-manager-zero-day-bug-unauthenticated-rce www.secnews.physaphae.fr/article.php?IdArticle=8609865 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Windows users are at risk for full device takeover by an emerging malicious version of the Remcos remote admin tool, which is being used in an ongoing campaign exploiting a known remote code execution (RCE) vulnerability in Microsoft Office and WordPad.]]> 2024-11-11T21:13:20+00:00 https://www.darkreading.com/application-security/revamped-remcos-rat-microsoft-windows-users www.secnews.physaphae.fr/article.php?IdArticle=8609519 False Tool,Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Large language models (LLMs) can help app security firms find and fix software vulnerabilities. Malicious actors are on to them too, but here\\\\\\\\\\\\\'s why defenders may retain the edge.]]> 2024-11-08T22:16:24+00:00 https://www.darkreading.com/application-security/ai-llms-show-promise-squashing-software-bugs www.secnews.physaphae.fr/article.php?IdArticle=8609173 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch A research tool by the company found a vulnerability in the SQLite open source database, demonstrating the "defensive potential" for using LLMs to find vulnerabilities in applications before they\'re publicly released.]]> 2024-11-04T15:46:28+00:00 https://www.darkreading.com/application-security/google-big-sleep-ai-agent-sqlite-software-bug www.secnews.physaphae.fr/article.php?IdArticle=8606003 False Tool,Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch "See one, teach one, do one" takes a page out of the healthcare playbook to reduce human vulnerabilities where they matter most in cybersecurity.]]> 2024-11-01T01:53:28+00:00 https://www.darkreading.com/threat-intelligence/the-overlooked-importance-of-identifying-riskiest-users www.secnews.physaphae.fr/article.php?IdArticle=8604604 False Vulnerability,Medical None 2.0000000000000000 Dark Reading - Informationweek Branch Now a zero-day, the vulnerability enables NTLM hash theft, an issue that Microsoft has already fixed twice before.]]> 2024-10-29T21:58:44+00:00 https://www.darkreading.com/vulnerabilities-threats/recurring-windows-flaw-could-expose-user-credentials www.secnews.physaphae.fr/article.php?IdArticle=8603448 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Sophos CEO Joe Levy says $859 million deal to acquire SecureWorks from majority owner Dell Technologies will put the Taegis platform - with network detection and response, vulnerability detection and response, and identity threat detection and response capabilities - at the core.]]> 2024-10-28T23:04:44+00:00 https://www.darkreading.com/identity-access-management-security/sophos-secureworks-deal-focuses-on-building-advanced-mdr-xdr-platform www.secnews.physaphae.fr/article.php?IdArticle=8603029 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Vulnhuntr is a Python static code analyzer using Claude AI to find and explain complex, multistep vulnerabilities.]]> 2024-10-24T22:22:36+00:00 https://www.darkreading.com/application-security/open-source-llm-tool-finds-python-zero-days www.secnews.physaphae.fr/article.php?IdArticle=8601693 False Tool,Vulnerability None 4.0000000000000000 Dark Reading - Informationweek Branch The North Korean actor is going after cryptocurrency investors worldwide leveraging a genuine-looking game site and AI-generated content and images.]]> 2024-10-23T20:55:13+00:00 https://www.darkreading.com/cyberattacks-data-breaches/lazarus-group-exploits-chrome-zero-day-campaign www.secnews.physaphae.fr/article.php?IdArticle=8601480 False Vulnerability,Threat APT 38 2.0000000000000000