Home / vulnerability
Category: vulnerability

Twitter fixes security bug that exposed at least 5.4 million accounts

Twitter fixed the bug in January, but not before it was exploited.

Read more

Attack surface management platform RapidFort raises $8.5M seed round

RapidFort, a startup that helps developers reduce the potential attack surface of their applications by automatically removing unused software...

Read more

Microsoft finally fixes Windows zero-day flaw exploited by state-backed hackers

It took a month for Microsoft to release patches for the security bug.

Read more

New Relic enters the security market with its new vulnerability management service

New Relic, which has long been known for its observability platform, is entering the security market today with the launch of a new vulnerability...

Read more

Tech giants pledge $30M to boost open source software security

The goal is to find and fix open source vulnerabilities faster in an effort to better protect the U.S. from malicious cyberattacks.

Read more

Study: 30% of Log4Shell instances remain vulnerable

Considering recent APT41 attacks, organizations that continue to leave the Log4Shell flaw unaddressed are hitting the snooze button when it comes to...

Read more

NeuraLegion becomes Bright Security and raises $20M Series A

NeuraLegion, a startup that focuses on dynamic application security testing and identifying business logic issues, today announced that it has...

Read more

Vicarius raises $24M to build out its vulnerability remediation platform

Vicarius, a New York-based startup that has developed an autonomous vulnerability remediation platform, has raised $24 million in Series A funding to...

Read more

Apple releases iOS 15.3 with fix for ‘actively exploited’ iPhone flaw

Apple said the bug, if exploited, could lead to kernel code execution.

Read more

A CISO’s playbook for responding to zero-day exploits

We keep calling every new zero-day exploit a “wake up call,” but all we have been doing is collectively hitting the snooze button.

Read more

FTC warns of legal action against organizations that fail to patch Log4j flaw

The agency warned that the Log4Shell zero-day vulnerability poses a "severe risk" to millions of U.S. consumers.

Read more

Apple iCloud, Twitter and Minecraft vulnerable to ‘ubiquitous’ zero-day exploit

A number of popular services, including Apple iCloud, Twitter, Cloudflare, Minecraft and Steam, are reportedly vulnerable to a zero-day exploit...

Read more

Is the UK government’s new IoT cybersecurity bill fit for purpose?

Security experts find flaws in the U.K. government's bill to secure IoT devices.

Read more

F12 isn’t hacking: Missouri governor threatens to prosecute local journalist for finding exposed state data

A journalist faces charges for viewing a website's source code.

Read more

A popular smart home security system can be remotely disarmed, researchers say

Fortress has not said if it has fixed or plans to fix the vulnerabilities.

Read more

Echelon exposed riders’ account data, thanks to a leaky API

The bugs allowed virtually anyone to access other users' private information.

Read more

Peloton’s leaky API let anyone grab riders’ private account data

But the company won't say if it has evidence of malicious exploitation.

Read more

Vulcan Cyber raises $21M Series B for its vulnerability remediation platform

Tel Aviv-based cyber security startup Vulcan Cyber has raised a $21 million Series B funding round led by Dawn Capital.

Read more

America’s small businesses face the brunt of China’s Exchange server hacks

Schools and local governments are among the victims running vulnerable email servers.

Read more

Microsoft says China-backed hackers are exploiting Exchange zero-days

The newly-disclosed threat actor operates out of China, but uses servers located in the U.S. to launch its attacks.

Read more

A bug in a medical startup’s website put thousands of COVID-19 test results at risk

A customer who had a COVID-19 test found the website vulnerability that allowed access to other people's personal information.

Read more

True ‘shift left and extend right’ security requires empowered developers

DevOps is fundamentally about collaboration and agility. Unfortunately, when we add security and compliance to the picture, the message gets...

Read more

Microsoft confirms it’s buying cybersecurity startup RiskIQ

RiskIQ was founded in 2009, and has raised $83 million in funding to date.

Read more

Security flaws found in Samsung’s stock mobile apps

The bugs are now fixed.

Read more

Latest 20