Adobe has released security updates to fix a fresh set of security flaws, including multiple critical-severity bugs in ColdFusion versions 2025, 2023 and 2021 that could result in arbitrary file read and code execution. Of the 30 flaws in the product, 11 are rated Critical in severity – CVE-2025-24446 (CVSS score: 9.1) – An improper input […]
Category Archives: Uncategorized
A threat actor has already exploited one of the flaws in a ransomware campaign with victims in the US and other countries. Go to Source Author: Jai Vijayan, Contributing Writer
Artificial intelligence poses a significant concern when it comes to nation-state cyberthreats and AI’s ability to supercharge attacks. Go to Source Author: Kristina Beek, Associate Editor, Dark Reading
Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE-2024-48887, carries a CVSS score of 9.3 out of a maximum of 10.0. “An unverified password change vulnerability [CWE-620] in FortiSwitch GUI may allow a remote unauthenticated attacker […]
Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager (SSM) Agent that, if successfully exploited, could permit an attacker to achieve privilege escalation and code execution. The vulnerability could permit an attacker to create directories in unintended locations on the filesystem, execute arbitrary scripts with root privileges, […]
Neither security issue requires user interaction; and one of the vulnerabilities was used to unlock a student activist’s device in an attempt to install spyware. Go to Source Author: Kristina Beek, Associate Editor, Dark Reading
Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software hosting service, under the guise of cracked versions of legitimate applications like Microsoft Office. “One such project, officepackage, on the main website sourceforge.net, appears harmless enough, containing Microsoft Office add-ins copied from a Go to […]
The malware’s creators insist a new open source version of Neptune is for educational use by pen testers, but a raft of sophisticated backdoor and evasion capabilities says otherwise. Go to Source Author: Elizabeth Montalbano, Contributing Writer
Secure by Design is an important step to reduce the number of vulnerabilities present originally, but is it progressing fast enough? Security experts Chris Wysopal and Jason Healey say things are improving for the better. Go to Source Author: Arielle Waldman
Cortex Cloud integrates Prisma Cloud with CDR to provide a consolidated security posture management and real-time threat detection and remediation. Go to Source Author: Jeffrey Schwartz