CVEs Archives - The Stack

Photo of 22,600+ emails = 599 vulnerabilities. Security disclosure triage is HARD

The Stack February 2, 2023

0 551

22,600+ emails = 599 vulnerabilities. Security disclosure triage is HARD

Security researchers regularly chafe at the deafening silence when they report a critical vulnerability in software: White Hats simply wanting…

Cybersecurity

Photo of Critical controller bug could trigger traffic chaos: Software vendor ignores CISA outreach

Ed Targett January 27, 2023

0 2,563

Critical controller bug could trigger traffic chaos: Software vendor ignores CISA outreach

One of 14 new advisories on vulnerable ICS software...

Cybersecurity

Photo of Gird your loins: Patch Tuesday’s back

The Stack January 10, 2023

0 465

Gird your loins: Patch Tuesday’s back

It’s that time of the month again: Microsoft has pushed out 98 security patches for January’s Patch Tuesday: 11 are…

Featured

Photo of We analysed 90,000+ software vulnerabilities: Here’s what we learned

Ed Targett January 9, 2023

0 3,120

We analysed 90,000+ software vulnerabilities: Here’s what we learned

Can you guess the product with the most CVEs in 2022?

Cybersecurity

Photo of Will this CVSS 10 Linux Kernel vuln ruin your holiday?

Ed Targett December 22, 2022

0 12,621

Will this CVSS 10 Linux Kernel vuln ruin your holiday?

We're hopeful that Betteridge's law applies...

Featured

Photo of Hey hackers! Grab some hardcoded Siemens crypto keys and go wild*

The Stack October 11, 2022

0 997

Hey hackers! Grab some hardcoded Siemens crypto keys and go wild*

Per RATM: "Action must be taken. We don't need the key we'll break in"

Cybersecurity

Photo of Critical pre-auth RCE Fortinet vulnerability is a breeze to exploit

The Stack October 10, 2022

0 2,062

Critical pre-auth RCE Fortinet vulnerability is a breeze to exploit

A vulnerability in multiple Fortinet products gives an unauthenticated remote attackers root access to its core product’s administrative interface –…

Cybersecurity

Photo of Two unpatched Microsoft Exchange Server zero days are under attack.

The Stack September 30, 2022

0 891

Two unpatched Microsoft Exchange Server zero days are under attack.

Exploited for a month. No detection in Sentinel, no patch yet. Mitigate urgently.

Cybersecurity

Photo of Second critical Sophos Firewall bug exploited in wild

The Stack September 24, 2022

0 842

Second critical Sophos Firewall bug exploited in wild

CVSS 9.8 vulnerability added to CISA "known exploited" catalogue

Featured

Photo of Microsoft Exchange alternative Zimbra is getting widely exploited, 1000s hit

The Stack August 16, 2022

0 4,241

Microsoft Exchange alternative Zimbra is getting widely exploited, 1000s hit

Assume compromise...

CVEs

22,600+ emails = 599 vulnerabilities. Security disclosure triage is HARD

Critical controller bug could trigger traffic chaos: Software vendor ignores CISA outreach

Gird your loins: Patch Tuesday’s back

We analysed 90,000+ software vulnerabilities: Here’s what we learned

Will this CVSS 10 Linux Kernel vuln ruin your holiday?

Hey hackers! Grab some hardcoded Siemens crypto keys and go wild*

Critical pre-auth RCE Fortinet vulnerability is a breeze to exploit

Two unpatched Microsoft Exchange Server zero days are under attack.

Second critical Sophos Firewall bug exploited in wild

Microsoft Exchange alternative Zimbra is getting widely exploited, 1000s hit

techUK President Sheila Flavell’s commitment to diversity was born on tough patrols…

Design-Build-Ship: From code to sneakers to shelves