Security news that informs and inspires

All Articles

2042 articles:

Adobe Fixes Critical ColdFusion Flaw

Adobe has released a patch for a critical bug in ColdFusion (CVE-2023-38203) and warns that a proof-of-concept analysis is available for it.


Workers Come and Go: Offboarding Security Gaps Remain the Same

Onboarding and offboarding are operationally complex, time-consuming processes - and security frequently falls between the cracks.

Human Resources, Ciso

Decipher Podcast: Source Code 7/14

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Podcast, Source Code

Zimbra Warns of Zero Day in Collaboration Suite

The Zimbra Collaboration Suite version 8.8.15 has a cross-site scripting flaw that Google researchers say has been actively exploited.


White House Maps Out National Cybersecurity Strategy

The White House has dropped the long-awaited plan for executing its National Cybersecurity Strategy, which involves 65 initiatives and 18 government agencies.

Government, Critical Infrastructure

Rockwell Automation Warns of Critical Bug in ControlLogix Modules

Rockwell Automation discovered an exploit for its ControlLogix modules that was developed by an unnamed APT actor.


Microsoft: China-Based Hackers Accessed U.S. Government Emails

The threat group used forged authentication tokens - with an acquired Microsoft account consumer signing key - to access the email accounts of more than two dozen organizations.

Microsoft, China

Decipher Podcast: Jackie Burns Koven

Jackie Burns Koven, head of cyber threat intelligence at Chainalysis, talks about cryptocurrency-related cybercrime.

Podcast, Cryptocurrency

Microsoft Warns of Unpatched Office Zero Day

The Microsoft zero-day flaw (CVE-2023-36884) is being leveraged by a Russian-based cybercriminal group in phishing emails sent to defense and government entities in Europe and North America.

Microsoft, Zero Day

RedDriver Abuses Windows Driver Policy Loophole

An undocumented malicious driver called RedDriver uses an open-source tool to forge signature timestamps, as a way to bypass Microsoft’s Windows driver signature enforcement policies.

Windows, Microsoft

Former Contractor Charged in California Water Treatment Plant Hack

A California man allegedly gained unauthorized access to a water treatment plant network, “causing a threat to public health and safety,” according to the DoJ.

Critical Infrastructure, Critical Infrastructure Security

Apple Releases Fix For Actively Exploited WebKit Bug

The update for the flaw (CVE-2023-37450) is available for iOS 16.5.1, macOS Ventura 13.4.1 and iPadOS 16.5.1.

Apple, Zero Day

Decipher Podcast: Source Code 7/7

Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.

Source Code, Podcast

Patches for Three New MOVEit Transfer Bugs Released

Progress Software has released a service pack that addresses three new vulnerabilities in its MOVEit Transfer application.


CISA Warns of Spike in TrueBot Malware Attacks

CISA warned of an increase in TrueBot malware attacks that exploit a known remote code execution flaw in the Netwrix Auditor application.