vulnerabilities Archives

Dozens of Oracle customers impacted by Clop data theft for extortion campaign

Researchers said malicious activity dates back to early July and active exploitation was observed two months ago.

22 hours ago By Matt Kapko

Oracle zero-day defect amplifies panic over Clop’s data theft attack spree

The notorious ransomware group exploited multiple vulnerabilities, including a zero-day, for at least eight weeks before alleged victims received extortion demands.

4 days ago By Matt Kapko

Safe Mode

Andesite’s Brian Carbaugh on how lessons from the CIA can power an AI-powered SOC

Brian Carbaugh, CEO of Andesite

Oct 2, 2025 By CyberScoop Staff

The Cisco Systems logo is displayed at the Mobile World Congress (MWC) in Barcelona on February 25, 2019. (GABRIEL BOUYS / AFP)

CISA says it observed nearly year-old activity tied to Cisco zero-day attacks

The agency, which issued an emergency directive to federal agencies Thursday, said it took months to determine the root cause and mitigate the activity.

Sep 25, 2025 By Matt Kapko

A sign is seen at Microsoft headquarters on July 3, 2024, in Redmond, Washington. (David Ryder/Getty Images)

Microsoft Patch Tuesday addresses 81 vulnerabilities, none actively exploited

The company is ahead of pace, disclosing about 100 more vulnerabilities at this point in the year than it did in 2024, according to a researcher.

Sep 9, 2025 By Matt Kapko

From left, Tanium’s Sam Kinch, GDIT’s Matt Hayden, the Commerce Department’s Ryan Higgins, and CISA’s Chris Butera take part in a panel discussion at a GDIT event on Sept. 4, 2025 in Washington, D.C. (Scoop News Group photo)

AI can help track an ever-growing body of vulnerabilities, CISA official says

Artificial intelligence was a recurring theme among federal leaders who spoke at a GDIT event held Thursday.

Sep 4, 2025 By Tim Starks

The Apple Inc logo is displayed outside a retail store at the Third Street Promenade in Santa Monica, California on March 20, 2023. (Photo by PATRICK T. FALLON/AFP via Getty Images)

Apple discloses actively exploited zero-day affecting iOS, iPadOS and macOS

The defect, which affects the company’s most popular devices, has been exploited in an “extremely sophisticated attack against specific targeted individuals,” Apple said.

Aug 21, 2025 By Matt Kapko

Cisco discloses maximum-severity defect in firewall software

The vulnerability, which Cisco said it discovered during internal security testing, could allow unauthenticated attackers to execute high-privilege commands.

Aug 15, 2025 By Matt Kapko

Fortinet office in Burnaby, BC, Canada, July 7, 2023. (Getty Images)

Fortinet SIEM issue coincides with spike in brute-force traffic against company’s SSL VPNs

Researchers aren’t aware of any active exploitation of the software, but the issue is being dealt with simultaneously as attackers are trying to brute force the company’s…

Aug 13, 2025 By Matt Kapko

A corporate logo for Microsoft hangs above the door to its office building on 8th Avenue on June 24, 2025, in New York City. (Photo by Gary Hershorn/Getty Images)

Microsoft Patch Tuesday follows SharePoint attacks, Exchange server warnings

Despite serious alarm raised by officials, organizations have not applied the patch for Microsoft Exchange servers en masse.

Aug 12, 2025 By Matt Kapko