The company is ahead of pace, disclosing about 100 more vulnerabilities at this point in the year than it did in 2024, according to a researcher.

The critical, actively exploited zero-day vulnerabilities affect the Linux kernel and Android runtime.

The vulnerability, which Cisco said it discovered during internal security testing, could allow unauthenticated attackers to execute high-privilege commands.

Researchers aren’t aware of any active exploitation of the software, but the issue is being dealt with simultaneously as attackers are trying to brute force the company’s…

Despite serious alarm raised by officials, organizations have not applied the patch for Microsoft Exchange servers en masse.

Google wants to shorten delays in the vulnerability lifecycle by sharing limited details about newly discovered defects within a week of reporting to the affected vendor.

Researchers are especially concerned about a high-severity defect in SQL Server and a critical vulnerability in SPNEGO, a foundational protocol.

Exploited vulnerabilities have turned up in Ivanti products 16 times since 2024. That’s more than any other vendor in the network edge device space.

The 21 signatories support a number of steps, such as banning vendors who behave illegally, in a document agreed to last week in Paris.

The software defect in the widely used open-source JavaScript framework allows attackers to bypass middleware-based authorization.