#Vulnerabilities

A stored XSS and arbitrary file-upload bug can be paired with an authorization bypass to wreak havoc.

Sounil Yu, CISO at JupiterOne, discusses software bills of materials (SBOMs) and the need for a shift in thinking about securing software supply chains.

Cybercriminals exploited bugs in the world's largest digital-goods marketplace to create malicious artwork offered as a perk to unsuspecting users.

The previously unknown SnapMC group exploits unpatched VPNs and webserver apps to breach systems and carry out quick-hit extortion in less time than it takes to order a pizza.

Microsoft's October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is an actively exploited zero-day.

The cyberattacks, linked to a Chinese-speaking APT, deliver the new MysterySnail RAT malware to Windows servers.

The bug is under attack. Within hours of the patch release, a researcher published POC code, calling it a "great" flaw that can be used for jailbreaks and local privilege escalation.

The possible cyberattacks include disabling monitoring, location-tracking of children and malicious redirects of parent-console users.

Three security vulnerabilities in Axis video products could open up the door to a bevy of different cyberattacks on businesses.

The open-source project has rolled out a security fix for CVE-2021-41773, for which public cyberattack exploit code is circulating.