MongoDB warns of a critical security vulnerability affecting recent versions. Admins should patch immediately.

Cisco is warning customers of a security vulnerability impacting its Adaptive Security Appliance (ASA) that is actively being exploited by threat actors. The bug, tracked as CVE-2014-2120 and a decade ...

Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ...

Google updated the Chrome web browser overnight on Thursday. The update closes an attacked security vulnerability.

Public-facing instances of ProjectSend, an open-source file-sharing web application, have been exploited by attackers, according to vulnerability intelligence provider VulnCheck. ProjectSend was ...

Surge in vulnerabilities and exploits leaving overloaded security teams with little recourse but to embrace risk-based approaches to patching what they can. Enterprise attack surfaces continue to ...

In a new proof-of-concept, endpoint security provider Morphisec showed that the Exploit Prediction Scoring System (EPSS), one of the most widely used frameworks for assessing vulnerability exploits, ...

For a software vendor, telling the world about the latest security vulnerability is always a delicate balancing act. Customers need information quickly, starting with the flaw’s severity rating and ...

ESET researchers discovered a previously unknown vulnerability in Mozilla products, exploited in the wild by Russia-aligned group RomCom. This is at least the second time that RomCom has been caught ...