vulnerability disclosure Archives

Researchers raise alarm about critical Next.js vulnerability

The software defect in the widely used open-source JavaScript framework allows attackers to bypass middleware-based authorization.

16 hours ago By Matt Kapko

Rep. Nancy Mace, R-S.C., speaks during a hearing with the House Oversight and Accountability committee in the Rayburn House Office Building on April 11, 2024 in Washington, D.C. (Photo by Anna Moneymaker/Getty Images)

House passes bill requiring federal contractors to have vulnerability disclosure policies

The legislation to make contractors implement VDPs aligned with NIST guidelines is aimed at protecting Americans’ data, co-sponsor Rep. Nancy Mace says.

Mar 4, 2025 By Matt Bracken

Rep. Nancy Mace, R-S.C., listens as FEMA Administrator Deanne Criswell testifies during a House Oversight Committee Hearing at the Rayburn House Office Building on Nov. 19, 2024 in Washington, D.C. (Photo by Kevin Dietsch/Getty Images)

Bill requiring federal contractors to have vulnerability disclosure policies gets House redo

Reps. Nancy Mace and Shontel Brown reintroduced VDP legislation after the 2024 bipartisan, bicameral bill didn’t get a full Senate vote.

Jan 31, 2025 By Matt Bracken

Sen. Mark Warner, D-Va., speaks during a press conference in Washington, D.C., on March 20, 2018. From left, Sens. John Cornyn, James Lankford, Susan Collins and Richard Burr listen. (NICHOLAS KAMM/AFP via Getty Images)

Vulnerability disclosure policy bill for federal contractors clears Senate panel

The Homeland Security and Governmental Affairs Committee on Wednesday also advanced legislation to strengthen the federal IT supply chain.

Nov 20, 2024 By Matt Bracken

Screen of smartphone with icons. (Getty Images)

Android warns of Qualcomm exploit in latest security bulletin

The November security bulletin includes two CVE's reportedly exploited in the wild.

Nov 4, 2024 By Christian Vasquez

Close-up server detail with KVM switches. (Getty Images)

Printer bug sends researchers into uproar, affects major Linux distros

The vulns would allow attackers to run any commands on targeted computers without user knowledge. But it would take a lot of work to get to that…

Sep 26, 2024 By Christian Vasquez

Oil pipeline with valves in large oil refinery. (Getty Images)

Automatic tank gauge vendors alerted of software vulnerabilities in their products

If exploited, the vulnerabilities could give hackers full administrative access to critical networks found in the management systems for large fuel storage.

Sep 24, 2024 By Christian Vasquez

Microsoft Romania headquarters in City Gate Towers situated in Free Press Square, in Bucharest, Romania. (Getty Images)

Here’s what Microsoft fixed in September’s Patch Tuesday

The tech giant's regular vulnerability list includes new vulnerabilities for Windows Updater and Installer.

Sep 10, 2024 By Christian Vasquez

Vulnerability disclosure policies eyed for federal contractors in Senate bill

The legislation from Sens. Warner and Lankford would require federal contractors to adhere to NIST’s guidelines on VDPs.

Aug 13, 2024 By Matt Bracken

Aisle with messy cables in a server room. (Getty Images)

Six-year old bug will likely live forever in Lenovo, Intel products

A report from Binarly finds that a silently patched bug in a popular web server will likely live on in several major end-of-life products.

Apr 11, 2024 By Christian Vasquez