Malware & Exploits

Introduction   A critical vulnerability in PHP for Windows (CVE-2024-4577) has become a significant cybersecurity concern since its disclosure in June 2024. With a CVSS score of 9.8, this high-severity...

Almost a year ago, the Linux Kernel team became a CVE Numbering Authority (CNA), marking a significant shift in how kernel vulnerabilities are tracked and disclosed. Far from being a...

Cybersecurity professionals know that vulnerabilities rarely fade into obscurity just because they’re patched or reported. The release of a public proof of concept (PoC) can breathe new life into old...

“We’re just doing what cve.org wants us to do” was repeated multiple times by Greg K-H in a recent presentation. Earlier this year, the Kernel team’s new CNA (CVE Numbering...

  Isolating infected systems immediately helps prevent ransomware from spreading across networks. Regular, automated backups stored offline are essential for recovering from ransomware incidents.   Proactive security measures, like live patching...

When it comes to keeping Spring applications protected, a proactive response to vulnerabilities is essential. For enterprises relying on Spring Security, the latest CVE-2024-38821 vulnerability has been a point of...

In recent years, the steady influx of hardware-level vulnerabilities, like Heartbleed, Spectre, Rowhammer, and a host of others, has put every CPU vendor under scrutiny. No chip family or architecture...

Is your vulnerability scanner showing zero problems with your Linux systems? If so, it’s probably missing something important. Conversely, if it’s suddenly showing hundreds of vulnerabilities, that’s likely an overstatement...

The Zenbleed vulnerability exploits a flaw in the speculative execution mechanism of AMD Zen 2 CPUs. It affects the entire Zen 2 range, even extending to AMD’s EPYC data center...

It’s summer, and the year so far has been prodigious in high-stakes hacks impacting very high profile companies, like Ticketmaster or Change Healthcare, and sophisticated malicious operations like the one...

Given the active exploitation of this Linux kernel vulnerability, federal agencies are strongly urged to apply patches by June 20, 2024. This vulnerability, tracked as CVE-2024-1086, carries a high-severity rating...