Vulnerabilities

Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution

Development, DevSecOps, Vulnerabilities /

Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution 2025-03-13 at 13:49 By Matias Madou Organizations can align their processes with one of two global industry standards for self-assessment and security maturity—BSIMM and OWASP SAMM. The post Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution appeared first on […]

React to this headline:

Loading spinner

Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution Read More »

How Managed Database Security Enhances Compliance, Privacy, and Threat Defense for the Financial Services Sector

data breach, Database Protection, Vulnerabilities /

How Managed Database Security Enhances Compliance, Privacy, and Threat Defense for the Financial Services Sector 2025-03-12 at 20:17 By Proactive Threat Defense for Financial Institutions: Trustwave’s DbProtect actively identifies sensitive data locations and analyzes potential threat vectors, enabling immediate security measures like enhanced access controls and vulnerability prioritization. Advanced Offensive Security Measures: Trustwave’s offensive security

React to this headline:

Loading spinner

How Managed Database Security Enhances Compliance, Privacy, and Threat Defense for the Financial Services Sector Read More »

Resurgence of a Fake Captcha Malware Campaign

Vulnerabilities /

Resurgence of a Fake Captcha Malware Campaign 2025-03-12 at 19:06 By Reegun Jayapaul During an Advanced Continual Threat Hunt (ACTH) investigation in early February 2025, Trustwave SpiderLabs discovered a resurgence of fake CAPTCHA verifications designed to deceive victims into executing malicious PowerShell scripts. This campaign employs a multi-stage PowerShell execution process, ultimately delivering infostealers such as Lumma and

React to this headline:

Loading spinner

Resurgence of a Fake Captcha Malware Campaign Read More »

Zoom Patches 4 High-Severity Vulnerabilities

patch, Vulnerabilities, vulnerability, Zoom /

Zoom Patches 4 High-Severity Vulnerabilities 2025-03-12 at 17:04 By Eduard Kovacs Zoom has patched five vulnerabilities in its applications, including four high-severity flaws. The post Zoom Patches 4 High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Zoom Patches 4 High-Severity Vulnerabilities Read More »

Fortinet Patches 18 Vulnerabilities 

Fortinet, Vulnerabilities, vulnerability /

Fortinet Patches 18 Vulnerabilities  2025-03-12 at 14:52 By Eduard Kovacs Fortinet has published 17 new advisories to inform customers about 18 vulnerabilities patched in its products. The post Fortinet Patches 18 Vulnerabilities  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Fortinet Patches 18 Vulnerabilities  Read More »

Newly Patched Windows Zero-Day Exploited for Two Years

exploited, Vulnerabilities, Windows, Zero-Day /

Newly Patched Windows Zero-Day Exploited for Two Years 2025-03-12 at 14:18 By Ionut Arghire Microsoft on Tuesday patched a zero-day vulnerability in the Windows Win32 kernel that has been exploited since March 2023. The post Newly Patched Windows Zero-Day Exploited for Two Years appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Newly Patched Windows Zero-Day Exploited for Two Years Read More »

Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw

apple, CVE-2025-24201, iOS, iOS 18.3.2, Mobile & Wireless, USB Restricted Mode, Vulnerabilities, Zero-Day /

Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw 2025-03-11 at 21:16 By Ryan Naraine Apple warns that the WebKIt bug “may have been exploited in an extremely sophisticated attack against specific targeted individuals.” The post Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw Read More »

Patch Tuesday: Microsoft Patches 57 Flaws, Flags Six Active Zero-Days 

critical infrastructure, Malware & Threats, Microsoft, Patch Tuesday, remote code execution, Vulnerabilities, Zero-Day /

Patch Tuesday: Microsoft Patches 57 Flaws, Flags Six Active Zero-Days  2025-03-11 at 21:03 By Ryan Naraine Redmond ships major security updates with warnings that a half-dozen Windows vulnerabilities have already been exploited in the wild. The post Patch Tuesday: Microsoft Patches 57 Flaws, Flags Six Active Zero-Days  appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Patch Tuesday: Microsoft Patches 57 Flaws, Flags Six Active Zero-Days  Read More »

Patch Tuesday: Critical Code-Execution Bugs in Acrobat and Reader

Acrobat and Reader, Adobe, InDesign, Patch Tuesday, Risk Management, Vulnerabilities /

Patch Tuesday: Critical Code-Execution Bugs in Acrobat and Reader 2025-03-11 at 19:47 By Ryan Naraine Adobe documents 35 security flaws in a wide range of products, including code-execution issues in the Acrobat and Reader applications. The post Patch Tuesday: Critical Code-Execution Bugs in Acrobat and Reader appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Patch Tuesday: Critical Code-Execution Bugs in Acrobat and Reader Read More »

SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver

SAP, Vulnerabilities, vulnerability /

SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver 2025-03-11 at 15:00 By Ionut Arghire SAP released 21 new security notes and updated three security notes on March 2025 security patch day. The post SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver Read More »

CISA Warns of Ivanti EPM Vulnerability Exploitation

CISA KEV, exploited, Ivanti, Vulnerabilities /

CISA Warns of Ivanti EPM Vulnerability Exploitation 2025-03-11 at 13:45 By Ionut Arghire CISA has added three critical-severity flaws in Ivanti EPM to its Known Exploited Vulnerabilities catalog. The post CISA Warns of Ivanti EPM Vulnerability Exploitation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

CISA Warns of Ivanti EPM Vulnerability Exploitation Read More »

Google Paid Out $12 Million via Bug Bounty Programs in 2024

bug bounty program, Google, Vulnerabilities /

Google Paid Out $12 Million via Bug Bounty Programs in 2024 2025-03-10 at 14:18 By Ionut Arghire In 2024, Google paid out nearly $12 million in bug bounties through its revamped vulnerability reward programs. The post Google Paid Out $12 Million via Bug Bounty Programs in 2024 appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Google Paid Out $12 Million via Bug Bounty Programs in 2024 Read More »

In Other News: EntrySign AMD Flaw, Massive Attack Targets ISPs, ENISA Report

In Other News, Vulnerabilities /

In Other News: EntrySign AMD Flaw, Massive Attack Targets ISPs, ENISA Report 2025-03-07 at 19:02 By SecurityWeek News Noteworthy stories that might have slipped under the radar: Google discloses AMD CPU flaw named EntrySign, ISPs in the US and China targeted in massive attack, ENISA report on NIS2 Directive. The post In Other News: EntrySign

React to this headline:

Loading spinner

In Other News: EntrySign AMD Flaw, Massive Attack Targets ISPs, ENISA Report Read More »

Russian State Actors: Development in Group Attributions

Database Protection, Government, Perspectives, Security Research, Vulnerabilities /

Russian State Actors: Development in Group Attributions 2025-03-07 at 16:33 By Pawel Knapczyk and Nikita Kazymirskyi This is the final installment of Trustwave SpiderLabs Russia-Ukraine digital battlefield series, which has spanned topics including the differences between Russia and Ukraine cyber actors, how government entities, defense organizations, and human targets were caught in the cyber crossfire,

React to this headline:

Loading spinner

Russian State Actors: Development in Group Attributions Read More »

A Deep Dive into Strela Stealer and how it Targets European Countries

data breach, Database Protection, Emerging Threats, Security Research, Vulnerabilities /

A Deep Dive into Strela Stealer and how it Targets European Countries 2025-03-07 at 00:01 By Dawid Nesterowicz Infostealers have dominated the malware landscape due to the ease of threat operations maintenance, and a wide group of potential victims. In this blog, we take a closer look at a unique infostealer designed to precisely target

React to this headline:

Loading spinner

A Deep Dive into Strela Stealer and how it Targets European Countries Read More »

Defending Manufacturing: How Cybercriminals Are Targeting the Industry and How to Respond

Database Protection, Security Research, Vulnerabilities /

Defending Manufacturing: How Cybercriminals Are Targeting the Industry and How to Respond 2025-03-06 at 19:34 By Cyber Threats in Manufacturing: The 2025 Trustwave Risk Radar Report highlights how cybercriminals exploit vulnerabilities in manufacturing infrastructure, workers, and digital supply chains, with over 3,500 critical vulnerabilities listed on CISA’s KEV list. Top Manufacturing Cyber Risks: Attackers leverage high-profile exploits

React to this headline:

Loading spinner

Defending Manufacturing: How Cybercriminals Are Targeting the Industry and How to Respond Read More »

Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks

ESX, exploited, Featured, VMWare, Vulnerabilities, Zero-Day /

Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks 2025-03-06 at 12:03 By Eduard Kovacs Scans show that tens of thousands of VMware ESXi instances are affected by CVE-2025-22224 and other vulnerabilities disclosed recently as zero-days. The post Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks appeared first

React to this headline:

Loading spinner

Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks Read More »

The Russia-Ukraine Cyber War Part 3: Attacks on Telecom and Critical Infrastructure

Government, Security Research, Vulnerabilities /

The Russia-Ukraine Cyber War Part 3: Attacks on Telecom and Critical Infrastructure 2025-03-05 at 16:08 By Pawel Knapczyk and Nikita Kazymirskyi This post is the third part of our blog series that tackles the Russia-Ukraine war in the digital realm. This article is an excerpt from SpiderLabs Blog View Original Source React to this headline:

React to this headline:

Loading spinner

The Russia-Ukraine Cyber War Part 3: Attacks on Telecom and Critical Infrastructure Read More »

Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities

Chrome, Firefox, patch, Vulnerabilities, vulnerability /

Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities 2025-03-05 at 13:15 By Ionut Arghire Chrome 134 and Firefox 136 are rolling out across desktop and mobile with patches for multiple high-severity vulnerabilities. The post Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities Read More »

Vulnerabilities Patched in Qualcomm, Mediatek Chipsets

MediaTek, Qualcomm, Vulnerabilities, vulnerability /

Vulnerabilities Patched in Qualcomm, Mediatek Chipsets 2025-03-04 at 14:54 By Ionut Arghire Chip makers Qualcomm and Mediatek have released patches for many vulnerabilities across their products. The post Vulnerabilities Patched in Qualcomm, Mediatek Chipsets appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Vulnerabilities Patched in Qualcomm, Mediatek Chipsets Read More »

Scroll to Top