Vulnerabilities

Fort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your Cluster – Part 1

Database Protection, Emerging Threats, Vulnerabilities /

Fort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your Cluster – Part 1 2025-03-19 at 21:19 By Karl Biron Picture this: an always-awake, never-tired, high-speed librarian that instantly finds the exact information you need from a massive collection of books. This extraordinary librarian is also capable of processing millions of requests simultaneously, understands […]

Fort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your Cluster – Part 1 Read More »

8,000 New WordPress Vulnerabilities Reported in 2024

report, Vulnerabilities, vulnerability, WordPress /

8,000 New WordPress Vulnerabilities Reported in 2024 2025-03-17 at 18:14 By Ionut Arghire Nearly 8,000 new vulnerabilities affecting the WordPress ecosystem were reported last year, nearly all in plugins and themes. The post 8,000 New WordPress Vulnerabilities Reported in 2024 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

8,000 New WordPress Vulnerabilities Reported in 2024 Read More »

Nvidia Riva Vulnerabilities Allow Unauthorized Use of AI Services

AI, Artificial Intelligence, Featured, NVIDIA, Riva, Vulnerabilities, vulnerability /

Nvidia Riva Vulnerabilities Allow Unauthorized Use of AI Services 2025-03-17 at 13:16 By Eduard Kovacs Vulnerabilities in Nvidia Riva could allow hackers to abuse speech and translation AI services that are typically expensive.  The post Nvidia Riva Vulnerabilities Allow Unauthorized Use of AI Services appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Nvidia Riva Vulnerabilities Allow Unauthorized Use of AI Services Read More »

FreeType Zero-Day Being Exploited in the Wild

CVE-2025-27363, Facebook, FreeType, Malware & Threats, Meta, Vulnerabilities, Zero-Day /

FreeType Zero-Day Being Exploited in the Wild 2025-03-13 at 19:24 By Ryan Naraine Meta’s Facebook security team warns of live exploitation of a zero-day vulnerability in the open-source FreeType library.  The post FreeType Zero-Day Being Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

FreeType Zero-Day Being Exploited in the Wild Read More »

Challenges for Australian Manufacturers: Insights from the 2025 Trustwave Risk Radar Report

Database Protection, Perspectives, Vulnerabilities /

Challenges for Australian Manufacturers: Insights from the 2025 Trustwave Risk Radar Report 2025-03-13 at 17:48 By The Trustwave SpiderLabs research 2025 Trustwave Risk Radar Report: Manufacturing Sector takes a global view of the cybersecurity issues facing this vertical, but it’s also important to examine how and if different regions are specifically impacted. This article is an excerpt

Challenges for Australian Manufacturers: Insights from the 2025 Trustwave Risk Radar Report Read More »

Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution

Development, DevSecOps, Vulnerabilities /

Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution 2025-03-13 at 13:49 By Matias Madou Organizations can align their processes with one of two global industry standards for self-assessment and security maturity—BSIMM and OWASP SAMM. The post Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution appeared first on

Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution Read More »

How Managed Database Security Enhances Compliance, Privacy, and Threat Defense for the Financial Services Sector

data breach, Database Protection, Vulnerabilities /

How Managed Database Security Enhances Compliance, Privacy, and Threat Defense for the Financial Services Sector 2025-03-12 at 20:17 By Proactive Threat Defense for Financial Institutions: Trustwave’s DbProtect actively identifies sensitive data locations and analyzes potential threat vectors, enabling immediate security measures like enhanced access controls and vulnerability prioritization. Advanced Offensive Security Measures: Trustwave’s offensive security

How Managed Database Security Enhances Compliance, Privacy, and Threat Defense for the Financial Services Sector Read More »

Resurgence of a Fake Captcha Malware Campaign

Vulnerabilities /

Resurgence of a Fake Captcha Malware Campaign 2025-03-12 at 19:06 By Reegun Jayapaul During an Advanced Continual Threat Hunt (ACTH) investigation in early February 2025, Trustwave SpiderLabs discovered a resurgence of fake CAPTCHA verifications designed to deceive victims into executing malicious PowerShell scripts. This campaign employs a multi-stage PowerShell execution process, ultimately delivering infostealers such as Lumma and

Resurgence of a Fake Captcha Malware Campaign Read More »

Newly Patched Windows Zero-Day Exploited for Two Years

exploited, Vulnerabilities, Windows, Zero-Day /

Newly Patched Windows Zero-Day Exploited for Two Years 2025-03-12 at 14:18 By Ionut Arghire Microsoft on Tuesday patched a zero-day vulnerability in the Windows Win32 kernel that has been exploited since March 2023. The post Newly Patched Windows Zero-Day Exploited for Two Years appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Newly Patched Windows Zero-Day Exploited for Two Years Read More »

Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw

apple, CVE-2025-24201, iOS, iOS 18.3.2, Mobile & Wireless, USB Restricted Mode, Vulnerabilities, Zero-Day /

Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw 2025-03-11 at 21:16 By Ryan Naraine Apple warns that the WebKIt bug “may have been exploited in an extremely sophisticated attack against specific targeted individuals.” The post Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw appeared first on SecurityWeek. This article is an excerpt from

Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw Read More »

Patch Tuesday: Microsoft Patches 57 Flaws, Flags Six Active Zero-Days 

critical infrastructure, Malware & Threats, Microsoft, Patch Tuesday, remote code execution, Vulnerabilities, Zero-Day /

Patch Tuesday: Microsoft Patches 57 Flaws, Flags Six Active Zero-Days  2025-03-11 at 21:03 By Ryan Naraine Redmond ships major security updates with warnings that a half-dozen Windows vulnerabilities have already been exploited in the wild. The post Patch Tuesday: Microsoft Patches 57 Flaws, Flags Six Active Zero-Days  appeared first on SecurityWeek. This article is an

Patch Tuesday: Microsoft Patches 57 Flaws, Flags Six Active Zero-Days  Read More »

Patch Tuesday: Critical Code-Execution Bugs in Acrobat and Reader

Acrobat and Reader, Adobe, InDesign, Patch Tuesday, Risk Management, Vulnerabilities /

Patch Tuesday: Critical Code-Execution Bugs in Acrobat and Reader 2025-03-11 at 19:47 By Ryan Naraine Adobe documents 35 security flaws in a wide range of products, including code-execution issues in the Acrobat and Reader applications. The post Patch Tuesday: Critical Code-Execution Bugs in Acrobat and Reader appeared first on SecurityWeek. This article is an excerpt

Patch Tuesday: Critical Code-Execution Bugs in Acrobat and Reader Read More »

SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver

SAP, Vulnerabilities, vulnerability /

SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver 2025-03-11 at 15:00 By Ionut Arghire SAP released 21 new security notes and updated three security notes on March 2025 security patch day. The post SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver Read More »

CISA Warns of Ivanti EPM Vulnerability Exploitation

CISA KEV, exploited, Ivanti, Vulnerabilities /

CISA Warns of Ivanti EPM Vulnerability Exploitation 2025-03-11 at 13:45 By Ionut Arghire CISA has added three critical-severity flaws in Ivanti EPM to its Known Exploited Vulnerabilities catalog. The post CISA Warns of Ivanti EPM Vulnerability Exploitation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

CISA Warns of Ivanti EPM Vulnerability Exploitation Read More »

Google Paid Out $12 Million via Bug Bounty Programs in 2024

bug bounty program, Google, Vulnerabilities /

Google Paid Out $12 Million via Bug Bounty Programs in 2024 2025-03-10 at 14:18 By Ionut Arghire In 2024, Google paid out nearly $12 million in bug bounties through its revamped vulnerability reward programs. The post Google Paid Out $12 Million via Bug Bounty Programs in 2024 appeared first on SecurityWeek. This article is an

Google Paid Out $12 Million via Bug Bounty Programs in 2024 Read More »

In Other News: EntrySign AMD Flaw, Massive Attack Targets ISPs, ENISA Report

In Other News, Vulnerabilities /

In Other News: EntrySign AMD Flaw, Massive Attack Targets ISPs, ENISA Report 2025-03-07 at 19:02 By SecurityWeek News Noteworthy stories that might have slipped under the radar: Google discloses AMD CPU flaw named EntrySign, ISPs in the US and China targeted in massive attack, ENISA report on NIS2 Directive. The post In Other News: EntrySign

In Other News: EntrySign AMD Flaw, Massive Attack Targets ISPs, ENISA Report Read More »

Russian State Actors: Development in Group Attributions

Database Protection, Government, Perspectives, Security Research, Vulnerabilities /

Russian State Actors: Development in Group Attributions 2025-03-07 at 16:33 By Pawel Knapczyk and Nikita Kazymirskyi This is the final installment of Trustwave SpiderLabs Russia-Ukraine digital battlefield series, which has spanned topics including the differences between Russia and Ukraine cyber actors, how government entities, defense organizations, and human targets were caught in the cyber crossfire,

Russian State Actors: Development in Group Attributions Read More »

Scroll to Top