vulnerabilities

Security | Sep 26, 2024

Critical NVIDIA container bug is an ‘old school’ risk to AI workloads

An attacker would need to craft a malicious container and run it "either directly (for example in services allowing shared GPU resources) or indirectly through a supply chain or social engineering attack"

Security | Sep 17, 2024

Exploit lands for CVSS 10 Ivanti bug

"Defender won’t catch this..."

Security | Aug 07, 2024

Ivanti is the Rihanna of CVEs, Qualys' top exploit chart shows

Still a hit with hackers after all these months

Security | Jul 29, 2024

Bonkers VMware vulnerability abused in ransomware attacks

net group “ESX Admins” username /domain /add.

vulnerabilities | Jul 11, 2024

Trio of unauthenticated ServiceNow vulnerabilities exposed 42,000

CVE-2024-4879 (CVSS 9.8) lets “an unauthenticated user remotely execute code” -- ServiceNow swiftly pushed fix to hosted instances but those self-hosting must...

Security | Jul 08, 2024

Fake OpenSSH "exploit" is a real exploit. Just not the one you thought.

Cisco says 42 products confirmed exposed to CVE-2024-6387 -- but OpenSSH exploit is malicious: Beware bogus POCs says Kaspersky

Security | Jul 01, 2024

Pre-auth RCE to root in OpenSSH server: 700,000 instances exposed

RHEL 9 affected, Debian, Ubuntu, SUSE push fixes

Security | Jun 26, 2024

Feds to CIOs: Actively ask your vendors if they’ve done a SQLi audit...

Fix up, look sharp: Uncle Sam is running out of patience with tech firms shipping insecure software. Vendors? Get familiar with the phrase "query parameterization"...

vulnerabilities | Jun 18, 2024

How the NVD backlog highlights the need for context in vulnerability management

"A Vulnerability Operations Centre (VOC) approach can work wonders here..."

document.currentScript.parentNode.innerHTML = (parseInt(document.currentScript.closest('.iteration-container').dataset.length)).toString();