Bleeping Computer

Apache fixes actively exploited zero-day vulnerability, patch now

The Apache Software Foundation has released version 2.4.50 of the HTTP Web Server to address two vulnerabilities, one of which is an actively exploited path traversal and file disclosure flaw. The ...
Wired

The Long Path out of the Vulnerability Disclosure Dark Ages

In 2003 security researcher Katie Moussouris was working at the enterprise security firm @stake—which would later be acquired by Symantec—when she spotted a bad flaw in an encrypted flash drive from ...
World Bank

Vulnerability Disclosure Program

Vulnerability Disclosure and Reporting Guidelines The World Bank Group encourages the public to assist and support the World Bank Group in its continuous efforts to improve the protection and security ...
CSOonline

FireEye investigating recent vulnerability disclosures

FireEye has released a set of FireEye Operating System (FEOS) updates for their NX, EX, AX, FX, and CM product lines. The patches address a number of vulnerabilities, which if exploited could allow an ...
CSOonline

Lacework adds vulnerability risk management to its flagship offering

Cloud security provider Lacework has added a new vulnerability risk management capability to its cloud-native application protection (CNAPP) offering. The SaaS capability will combine active package ...
Bleeping Computer

Fortinet FortiWeb flaw with public PoC exploited to create admin users

A Fortinet FortiWeb path traversal vulnerability is being actively exploited to create new administrative users on exposed devices without requiring authentication. The issue is fixed in FortiWeb ...