The company disclosed a critical FortiSIEM flaw with a PoC exploit for it the same week researchers warned of an ominous surge in malicious traffic targeting the vendor's SSL VPNs.
Whispers of XZ Utils Backdoor Live on in Old Docker Images
Developers maintaining the images made the "intentional choice" to leave the artifacts available as "a historical curiosity," given the improbability they'd be exploited.
Popular AI Systems Still a Work-in-Progress for Security
According to a recent Forescout analysis, open source models were significantly less successful in vulnerability research than commercial and underground models.
Patch Now: Attackers Target OT Networks via Critical RCE Flaw
Researchers observed exploitation attempts against a vulnerability with a CVSS score of 10 in a popular Erlang-based platform for critical infrastructure and OT development.
What the LockBit 4.0 Leak Reveals About RaaS Groups
The leak serves as a wake-up call: Being prepared is the cornerstone of a successful defense, and those who don't prepare are going to face uncertainty caused by the lack of attackers' accountability.
How an AI-Based 'Pen Tester' Became a Top Bug Hunter on HackerOne
AI researcher explains how an automated penetration-testing tool became the first non-human member on HackerOne to reach the top of the platform's US leaderboard.
