A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure. The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1), is an authorization bypass bug that could permit an attacker to create administrator accounts under certain conditions and take control of susceptible websites. “The
Gladinet’s platform is widely used among managed service providers, and a critical deserialization flaw could put MSP customers in jeopardy.
Managing permissions and authorizations across dozens or hundreds of cloud services and platforms poses significant headaches for companies. An open specification aims to change that.
An executive order is targeting former Trump appointees, including former CISA director Chris Krebs and his current coworkers, in the latest in a series of directives against those who dissented against the president and his associates.
Security experts weigh in on the problem Salt Typhoon and its hacking of telecoms poses against the United States, including what the US should do and how defenders can protect themselves.
Malicious packages lurking on open source repositories like npm have become less effective, so cyberattackers are using a new strategy: offering “patches” for locally installed programs.
Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk. The original vulnerability CVE-2024-0132 (CVSS score: 9.0) is a Time-of-Check Time-of-Use (TOCTOU) vulnerability that could lead to a container escape attack and allow for
Failing to distinguish between data privacy and data security leaves businesses vulnerable to regulatory scrutiny and the kinds of breaches that erode consumer trust overnight.