Having been at ActiveState for nearly eight years, I've seen many iterations of our product. However, one thing has stayed true over the years: Our commitment to the open source community and ...

Claroty's research also found that it's easy to break MQTT authentication by simply knowing the device's serial number ...

Apache Traffic Control 8.0.2 fixes CVE-2024-45387, a critical 9.9 CVSS SQL injection flaw targeting privileged users.

The Iranian nation-state hacking group known as Charming Kitten has been observed deploying a C++ variant of a known malware ...

PyPI packages "Zebo" and "Cometlogger" downloaded 280+ times, exfiltrate data with obfuscation and anti-detection.

Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors.

CISA adds CVE-2021-44207 to KEV catalog for active exploitation risk. Agencies must patch by Jan 13, 2025, to mitigate remote ...

Cybersecurity researchers are calling attention to a new kind of investment scam that leverages a combination of social media malvertising, company-branded posts, and artificial intelligence (AI) ...

The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration ...

A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ...

Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence (AI) chatbot that, if successfully exploited, could permit a bad actor to take control of a victim's ...

Apache releases a security update for CVE-2024-56337, addressing RCE risks in Tomcat servers with critical configuration ...