Malware & Exploits

Uh oh – you asked an LLM to generate your Dockerfile, and now you’re staring at an error about Node. Turns out the base image it gave you includes a...

Key Takeaways Achieve maximum uptime in dynamic Linux clouds through automated, prioritized patching. The cloud introduces unique challenges: rapid asset turnover, shared responsibility models, and the demands of speed and...

In the cybersecurity industry, we’ve grown accustomed to meticulously analyzing attack patterns, reverse-engineering malware, and piecing together fragments of evidence to understand our adversaries. But rarely do we get to...

How a Contract Expiration Nearly Collapsed the Global Vulnerability Management Ecosystem It was a typical Tuesday at security operations centers around the world. Analysts were monitoring their SIEM dashboards, vulnerability...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added two Linux kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling that these previously theoretical security risks are...

Executive Summary   Our security research team has discovered that CVE-2022-31631, a critical SQL injection vulnerability with a CVSS 3 score of 9.1, affects PHP 7 installations (on Windows and...

Executive Summary   CVE-2023-3824, a buffer overflow vulnerability in PHP’s PHAR extension, also impacts PHP 7 installations though official advisories only mention PHP 8+ versions. This vulnerability is particularly concerning...

The Hidden Vulnerability in Your Software Supply Chain   There’s often an unspoken assumption: security breaches happen because someone made a mistake. Perhaps they failed to implement multi-factor authentication, neglected...

Executive Summary   Our security research team has discovered that CVE-2023-0568, a buffer allocation vulnerability officially reported to affect only PHP 8+ versions, also impacts PHP 7 series installations (on...

Executive Summary   Our security research team has identified that the recently disclosed vulnerability CVE-2025-24070, an elevation of privilege vulnerability in ASP.NET Core, also affects .NET 6 applications despite not...

Use the following links to track the status of patches for CVE-2024-50302 for KernelCare and Endless Lifecycle Support. All patches for all supported and affected distributions will be made available...