CISA says it is time for the CVE Program to focus on improving trust, responsiveness, and the caliber of vulnerability data.
The post CISA: CVE Program to Focus on Vulnerability Data Quality appeared first on SecurityWeek.
VMScape: Academics Break Cloud Isolation With New Spectre Attack
Exploiting incomplete speculative execution attack mitigations extended to the branch predictor state, VMScape leaks arbitrary memory.
The post VMScape: Academics Break Cloud Isolation With New Spectre Attack appeared first on SecurityWeek.
Samsung patches actively exploited zero-day reported by WhatsApp
Samsung has patched a remote code execution vulnerability that was exploited in zero-day attacks targeting its Android devices. […]
Payment System Vendor Took Year+ to Patch Infinite Card Top-Up Hack: Security Firm
KioSoft was notified about a serious NFC card vulnerability in 2023 and only recently claimed to have released a patch.
The post Payment System Vendor Took Year+ to Patch Infinite Card Top-Up Hack: Security Firm appeared first on SecurityWeek.
Cloud-Native Security in 2025: Why Runtime Visibility Must Take Center Stage
The security landscape for cloud-native applications is undergoing a profound transformation. Containers, Kubernetes, and serverless technologies are now the default for modern enterprises, accelerating delivery but also expanding the attack surface in ways traditional security models can’t keep up with.
As adoption grows, so does complexity. Security teams are asked to monitor sprawling hybrid
As adoption grows, so does complexity. Security teams are asked to monitor sprawling hybrid
Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories
A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the program.
The issue stems from the fact that an out-of-the-box security setting is disabled by default, opening the door for attackers to run arbitrary code on users’ computers with their privileges.
“
The issue stems from the fact that an out-of-the-box security setting is disabled by default, opening the door for attackers to run arbitrary code on users’ computers with their privileges.
“
Microsoft investigates Exchange Online outage in North America
Microsoft is working to resolve an ongoing Exchange Online outage affecting customers throughout North America, blocking their access to emails. […]
U.S. Senator accuses Microsoft of “gross cybersecurity negligence”
U.S. Senator Ron Wyden has sent a letter to the Federal Trade Commission (FTC) requesting the agency to investigate Microsoft for failing to provide adequate security in its products, which led to ransomware attacks against healthcare organizations. […]
Apple warns customers targeted in recent spyware attacks
Apple warned customers last week that their devices were targeted in a new series of spyware attacks, according to the French national Computer Emergency Response Team (CERT-FR). […]
Panama Ministry of Economy discloses breach claimed by INC ransomware
Panama’s Ministry of Economy and Finance (MEF) has disclosed that one of its computers may have been compromised in a cyberattack.. […]