The vulnerability, tracked as CVE-2025-26399 (CVSS score: 9.8), has been described as an instance of deserialization of ...
Then in October 2024, SolarWinds disclosed and tried to patch CVE-2024-28988, another 9.8-rated Web Help Desk Java deserialization RCE bug, which Trend Micro's Zero Day Initiative (ZDI) spotted while ...
A newly-uncovered RCE flaw in SolarWinds' helpdesk product bypasses two previously-issued fixes, and users should prioritise ...
Exploitation of the latest patch bypass vulnerability is “only a matter of time”, according to one security expert.
The Senate on Tuesday will hold a hearing investigating the SolarWinds hacks. SolarWinds is a massive IT company that contracted with the federal government. Its ubiquity let hackers get into at least ...
Third time’s the charm?’ asks a prominent security researcher after what appears to be the same critical Java deserialization ...
Excessive permissions amplify cyber risk. Breaches from Target to Microsoft reveal how overprivileged access transforms minor ...
A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.
Google Mandiant tracks FIN11’s high-volume extortion emails exploiting Oracle E-Business Suite, possibly linked to Cl0p.
Salesloft breach shows how OAuth tokens abused by trusted apps enable data exposure, underscoring the need for Zero Trust and ...
Google, which disclosed the campaign, said it was one of the most significant supply-chain hacks in recent memory.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback