Critical SOCKS5 Vulnerability in cURL Puts Enterprise Systems at Risk
The maintainers of the cURL data transfer project on Wednesday rolled out patches for a severe memory corruption vulnerability that exposes millions of enterprise OSes,…
Category: SecurityWeek
Payment Card Data Stolen in Air Europa Hack
Air Europa, one of Spain’s largest airlines, is urging some customers to cancel their payment cards after the information may have been compromised as a…
Citrix Patches Critical NetScaler ADC, Gateway Vulnerability
Citrix on Tuesday announced patches for a critical-several vulnerability impacting multiple versions of NetScaler Application Delivery Controller (ADC) and NetScaler Gateway. Tracked as CVE-2023-4966 (CVSS…
US Government Releases Security Guidance for Open Source Software in OT, ICS
Several US government agencies have teamed up to create new cybersecurity guidance for the use of open source software (OSS) in operational technology (OT). Designed…
Applying AI to API Security
It is hard to go anywhere in the security profession these days without the topic of artificial intelligence (AI) coming up. Indeed, AI is a popular…
Chrome 118 Patches 20 Vulnerabilities
Google on Tuesday announced the release of Chrome 118 to the stable channel with fixes for 20 vulnerabilities, including 14 reported by external researchers. The…
Organizations Respond to HTTP/2 Zero-Day Exploited for DDoS Attacks
Major tech companies and other organizations have rushed to respond to the newly disclosed HTTP/2 zero-day vulnerability that has been exploited to launch the largest…
CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability
The US cybersecurity agency CISA on Tuesday announced that it has added five more security defects to its Known Exploited Vulnerabilities catalog, warning organizations of…
ICS Patch Tuesday: Siemens Ruggedcom Devices Affected by Nozomi Component Flaws
Siemens and Schneider Electric’s Patch Tuesday advisories for October 2023 address more than 40 vulnerabilities affecting their products. Siemens Siemens has published a dozen new…
Microsoft Blames Nation-State Threat Actor for Confluence Zero-Day Attacks
Researchers at Microsoft say a known nation-state threat actor is behind the zero-day exploits hitting Atlassian’s Confluence Data Center and Server products. A note from…
Beyond the Front Lines: How the Israel-Hamas War Impacts the Cybersecurity Industry
While the mainstream media is covering the tragic and heartbreaking events of the war in Israel in detail, SecurityWeek wanted to look at a specific…
Microsoft Fixes Exploited Zero-Days in WordPad, Skype for Business
Microsoft’s security response team on Tuesday pushed out a massive batch of software and OS updates to cover more than 100 vulnerabilities across the Windows…