The vulnerability, which Cisco said it discovered during internal security testing, could allow unauthenticated attackers to execute high-privilege commands.

Researchers aren’t aware of any active exploitation of the software, but the issue is being dealt with simultaneously as attackers are trying to brute force the company’s…

Despite serious alarm raised by officials, organizations have not applied the patch for Microsoft Exchange servers en masse.

Google wants to shorten delays in the vulnerability lifecycle by sharing limited details about newly discovered defects within a week of reporting to the affected vendor.

Researchers are especially concerned about a high-severity defect in SQL Server and a critical vulnerability in SPNEGO, a foundational protocol.

Exploited vulnerabilities have turned up in Ivanti products 16 times since 2024. That’s more than any other vendor in the network edge device space.

The 21 signatories support a number of steps, such as banning vendors who behave illegally, in a document agreed to last week in Paris.

The software defect in the widely used open-source JavaScript framework allows attackers to bypass middleware-based authorization.

The legislation to make contractors implement VDPs aligned with NIST guidelines is aimed at protecting Americans’ data, co-sponsor Rep. Nancy Mace says.

Reps. Nancy Mace and Shontel Brown reintroduced VDP legislation after the 2024 bipartisan, bicameral bill didn’t get a full Senate vote.