IBM disclosed a critical CVSS 9.8 authentication bypass in IBM API Connect that could allow remote access; patches are now ...

IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could ...

A new report out today from Barracuda Networks Inc. has detailed how phishing attacks grew more sophisticated and harder to detect in 2025 thanks to the rapid evolution of phishing-as-a-service kits ...

Update, Dec. 03, 2024: This story, originally published Dec. 02, now updated to reflect the 2FA-bypass security threat beyond Black Friday and Cyber Monday. The busiest period of online shopping, ...

QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. Hackers have started to exploit the ...

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Update, Dec. 25, 2024: This story, originally published Dec.

Companies relying on Microsoft BitLocker to encrypt the drives of their employees’ computers should install the latest Windows patches immediately. A researcher disclosed a trivial Windows ...

Microsoft researchers discovered the firmware flaws in the DGN-2200v1 series router that can enable authentication bypass to take over devices and access stored credentials. Netgear has patched three ...

The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems. VMware has fixed an uber-severe bug in its ...

A critical authentication bypass vulnerability in Ivanti Virtual Traffic Manager (vTM) has now been exploited by threat actors in the wild, according to the US Cybersecurity and Infrastructure ...