Hitachi Energy MACH HiDraw
View CSAF Summary Hitachi Energy is aware of a buffer overflow vulnerability that affects MACH HiDraw product versions listed in this document. Successful ex...
Vulnerability Disclosure
20 articles
Cisco warns of critical Unified CM flaw with PoC exploit code
Cisco has released security updates to patch a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileg...
Gamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian Targets
Gamaredon exploits a WinRAR flaw to drop modular, nearly fileless malware on Ukrainian targets, hiding payloads in Windows streams and resolving C2s via Tele...
Cisco Catalyst SD-WAN Manager Authenticated Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary comma...
Cisco Warns of Available PoC for Critical Unified CM Vulnerability
The high-severity flaw can be exploited remotely, without authentication, in server-side request forgery (SSRF) attacks. The post Cisco Warns of Available Po...
VS Code Vulnerability Allows One-Click GitHub Token Theft
A researcher has disclosed the full details of the vulnerability and released a PoC without notifying Microsoft in advance. The post VS Code Vulnerability Al...
Beware the ‘son of Mythos,’ security experts warn
LONDON — Enterprise security teams were urged by security experts at Infosecurity Europe to brace for impact as both Anthrophic and OpenAI expand access to t...
From critical to controlled: Cutting vulnerabilities in a live manufacturing environment
A vulnerability scanner flags a critical CVSS 10 vulnerability on an industrial asset. The report lands in the boss’ inbox and now he wants to know why we’re...
Hackers Exploit Google Gemini Flaw Using Malicious Messages from WhatsApp, Slack, and SMS
Hackers are exploiting a newly discovered flaw in Google’s Gemini voice assistant by sending malicious messages via popular platforms such as WhatsApp, Slack...
Hole in GitHub’s browser-based VSCode editor could lead to stolen token
A vulnerability in GitHub’s browser-based VSCode editor could lead to the theft of a developer’s token under certain circumstances, says a researcher. The is...
Attackers Actively Exploiting Critical Vulnerability in Everest Forms Pro Plugin
On March 30th, 2026, we publicly disclosed a critical Remote Code Execution vulnerability in Everest Forms Pro, a WordPress plugin with an estimated 4,000 ac...
Cisco Webex Meetings Cross-Site Scripting Vulnerability
A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site script...
Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) cou...
Cisco Finesse Remote File Inclusion Vulnerability
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on...
Microsoft responds to security challenges emerging in AI development
Microsoft has introduced a series of security tools and capabilities focused on AI-driven vulnerability discovery, AI agents, and AI models. The updates incl...
Infosecurity Europe: Vulnerability Management Innovator Konvu Wins Cyber Startup Award
Inaugural Infosecurity Europe Cyber Startup Award Winner Impresses Panel with Ability Help Prioritize Vulnerabilities in AI era
Simplify security management with CIS SecureSuite Platform
New operating systems prioritize usability, a reality which threat actors use to exploit security gaps. Every misconfiguration creates an opportunity for com...
Organizations Warned of Exploited Linux Kernel Vulnerability
An improper authentication bug allows attackers to escalate their privileges and escape containers. The post Organizations Warned of Exploited Linux Kernel V...
Microsoft wants to put AI agents on a short leash
As enterprises race to adopt AI agents across software development workflows, Microsoft is rolling out new controls aimed at keeping the transformation from ...
‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds
The default HTTP/2 configuration of major web servers is vulnerable to an attack chain combining a compression bomb and a Slowloris-style hold. The post ‘HTT...