Bleeping Computer

Apache fixes actively exploited zero-day vulnerability, patch now

The Apache Software Foundation has released version 2.4.50 of the HTTP Web Server to address two vulnerabilities, one of which is an actively exploited path traversal and file disclosure flaw. The ...
Wired

The Long Path out of the Vulnerability Disclosure Dark Ages

In 2003 security researcher Katie Moussouris was working at the enterprise security firm @stake—which would later be acquired by Symantec—when she spotted a bad flaw in an encrypted flash drive from ...
FedScoop

DHS conducting market research for cloud-based vulnerability disclosure platform

The Department of Homeland Security is interested in acquiring a platform that third parties can use to report vulnerabilities in government systems. DHS’s Cybersecurity and Infrastructure Security ...
Bleeping Computer

Details emerge on WinRAR zero-day attacks that infected PCs with malware

Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian 'RomCom' hacking group to drop ...
VentureBeat

Deepfence brings ‘attack path’ visualizations to ThreatMapper vulnerability platform

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Let the OSS Enterprise newsletter guide your open source journey! Sign up ...
CSOonline

FireEye investigating recent vulnerability disclosures

FireEye has released a set of FireEye Operating System (FEOS) updates for their NX, EX, AX, FX, and CM product lines. The patches address a number of vulnerabilities, which if exploited could allow an ...