Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks

Fortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows ...
Computer Weekly

Sonatype CEO on self-service: The vulnerability data gap undermining AI-driven development

Increasingly, self-service tools and internal developer platforms (IDPs) are configured to make critical decisions, but ...
SecurityWeek

UEFI Vulnerability in Major Motherboards Enables Early-Boot Attacks

Motherboards from several major vendors are affected by a vulnerability that can allow a threat actor to conduct early-boot attacks.

IBM warns of critical API Connect auth bypass vulnerability

IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could ...
Computer Weekly

Briefs: Vulnerabilities found in Trend Micro, Firefox browser

Tokyo-based antivirus vendor Trend Micro has issued a patch for a vulnerability in its antivirus scanning products, which could crash a user's system or allow remote execution of arbitrary code. The ...
Dark Reading

The Critical Failure in Vulnerability Management

Business has slowed considerably in the vulnerability management market segment, yet there are more vulnerabilities to contend with than ever before. When security mainstays experience the same harsh ...
CSOonline

Patch Tuesday priorities: Vulnerabilities in SAP NetWeaver and Microsoft NTLM and Hyper-V

NetWeaver AS Java hole, rated severity 10, allows an unauthenticated attacker to execute arbitrary OS commands, and NTLM bug is rated likely for exploitation, warn security vendors. CISOs with SAP ...