New Whitepaper: Exploiting Cellular-based IoT Devices
Rapid7 has released a whitepaper titled “The Weaponization of Cellular Based IoT Technology,” by Deral Heiland, principal security researcher, IoT, at Rapid7...
Vulnerability Disclosure
20 articles
Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities
A critical vulnerability in Citrix’s NetScaler products allows unauthenticated remote attackers to leak information from the appliance's memory
The Rise of Managed Risk Operations: How the New Qualys mROC Portal Helps Partners Scale the Risk Operations Center
Key Takeaways For years, vulnerability management meant scanning, prioritizing by CVSS score, and handing a spreadsheet to IT. Attack surfaces now span cloud...
Schneider Electric EcoStruxure Foxboro DCS
View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxure Foxboro DCS Control Software on Foxboro DCS workstations and servers. Con...
ZDI-26-226: (0Day) Microsoft Azure MCP AzureCliService Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure. Authentication is not required to exploit ...
Meet Agent Val: Closing the Validation Gap in Exposure Management at Machine Speed with Agentic AI
Executive Summary The primary challenge in vulnerability management is proving what is actually exploitable. Many vulnerabilities are not exploited, but stil...
The Broken Physics of Remediation
The race most security programs are built around — patch faster than the attacker can exploit — was designed for a threat landscape that no longer exists. Th...
Microsoft Xbox One Hacked
It’s an impressive feat, over a decade after the box was released: Since reset glitching wasn’t possible, Gaasedelen thought some voltage glitching could do ...
Metasploit Wrap-Up 03/20/2026
♫ I Just Called ♫ To Say ♫ 7f45 4c46 0201 0100 0000 0000 0000 0000 0300 3e00 0100♫ This release contains 2 new exploit modules, 2 enhancements, and 7 bug fix...
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware c...
Negotiating with the Board: Translating Active Risk into Financial Exposure
Security leaders rarely struggle to produce data. The challenge is turning that data into something the board can use to make decisions.
Hackers Exploit Critical Langflow Bug in Just 20 Hours
Sysdig details how threat actors exploited a critical CVE in Langflow in less than a day
Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover
Sansec is warning of a critical security flaw in Magento's REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve co...
Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks
Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful e...
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 9, 2026 to March 15, 2026)
Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPres...
Schneider Electric Modicon Controllers M241, M251, M258, and LMC058
View CSAF Summary Successful exploitation of this vulnerability may risk a Cross-site Scripting or an open redirect attack which could result in an account t...
Schneider Electric EcoStruxure PME and EPO
View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxure Power Monitoring Expert (PME) and EcoStruxure Power Operation (EPO) produ...
Schneider Electric Modicon M241, M251, and M262
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the product. The following ...
Mitsubishi Electric CNC Series
View CSAF Summary Successful exploitation of this vulnerability could allow a remote attacker to cause an out-of-bounds read, resulting in a denial-of-servic...
Schneider Electric EcoStruxure Automation Expert
View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxure™ Automation Expert product. The EcoStruxure™ Automation Expert product is...