Salt Labs found that nearly every organization using Elastic Stack is affected by a new vulnerability, which makes users susceptible to injection attacks. Bad actors can use injection attacks to exfiltrate data and launch denial of service (DoS) events.  

Recently, VMware disclosed that its vCenter Server is affected by an arbitrary file upload vulnerability — CVE-2021-22005 — in the Analytics service. A malicious cyber actor with network access to port 443 can exploit this vulnerability to execute code on vCenter Server.

Although the education sector’s breach exposure has remained relatively consistent this year, it’s taking longer to fix high severity vulnerabilities compared to other industries, according to NTT Application Security research team. 

A Python exploit gives access to more than 10,000 API (Application Programming Interface) keys via Wayback Machine, a project that archives the content of internet sites.

Threat actors have started to actively exploit critical Microsoft Azure vulnerabilities, just days after Microsoft disclosed them during September's Patch Tuesday.

State-backed advanced persistent threat (APT) groups are likely among those exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021

One out of every two on-premises databases globally has at least one vulnerability, finds a new study from Imperva Research Labs spanning 27,000 on-prem databases.

Google recently issued a critical security update for Chrome, patching up eleven security vulnerabilities, including two zero-day vulnerabilities that were exploited in the wild.

Apple has released an emergency software patch to plug a security hole Citizen Lab researchers discovered affecting all its operating systems, exploited to infect the iPhone of a Saudi activist with NSO Group’s Pegasus spyware.

A critical security vulnerability has been disclosed in HAProxy that could result in unauthorized access to sensitive data and execution of arbitrary commands.