Cybersecurity Check Point News Check Point vulnerability far worse than thought – exploited in wild since April 106,000 customers publicly exposed, initial searches suggest. The Stack May 30, 2024
Cybersecurity NIST NVD CISO News Turf wars? NIST to fix NVD backlog by September – insists it’s right agency to run vulnerability database Update comes after CISA started enriching CVEs itself… Edward Targett May 30, 2024
Cybersecurity vmware News Root, but no response: 6 pre-auth RCEs in VMware ignored "Six exploits, no configuration needed, no ports need to get opened; just straight-up RCEs, no fuss, no muss." Edward Targett May 22, 2024
Ivanti Cybersecurity News Gird your loins, there’s a new pre-auth RCE in Ivanti boxes landing "Code execution in 0 seconds (3 seconds to be more accurate), no limitation, no authentication..." Edward Targett May 02, 2024
NVD Cybersecurity CISO News As NVD flatlines, cybersecurity professionals call for urgent action Consortium plans “doomed” as rumours swirl over vulnerability database program borkage. Edward Targett April 18, 2024
VPN Firewall Palo Alto Networks Cybersecurity PAN-OS vuln mitigation howler: “Disabling telemetry” no help POCs for CVSS 10 bug are out of the bag, tens of thousands are exposed, and telemetry mitigation didn't work. The Stack April 17, 2024
VPN Palo Alto Networks News Palo Alto Networks: CVSS 10 bug in Pan-OS is being exploited in the wild Patch? You'll need to wait until Sunday. Turn off telemetry (no, really; it's a mitigation!) and go to the pub. OK, maybe don't. The Stack April 12, 2024
xz-utils linux backdoor News xz-utils Github repository disabled as Linux maintainers assess blast radius of backdoor, earlier commits Incident suggests a state actor exploiting overstretched maintainer of an "unpaid hobby project" Edward Targett March 30, 2024
