ESET researchers provide a comprehensive analysis and assessment of a critical severity vulnerability with low likelihood of ...

A severe security flaw, CVE-2024-3078, has been discovered in the Windows Wi-Fi driver. This vulnerability allows remote code execution at the kernel level without needing user interaction or ...

Update, Dec. 12, 2024: This story, originally published Dec. 11, now includes further information from security experts regarding another critical vulnerability within the latest Windows security ...

Zero-day vulnerabilities saw big growth once again in 2024. With no patch available, zero-day flaws give attackers a significant jump on cybersecurity defense teams, making them a critical weapon for ...

Microsoft has released its August 2025 Patch package, a cumulative set of updates addressing more than 100 vulnerabilities across a host of its products. Microsoft’s SharePoint Server Remote Code ...

ESET researchers discovered a previously unknown vulnerability, CVE-2024-9680, in Mozilla products, exploited in the wild by the Russia-aligned APT group RomCom. Further analysis revealed another zero ...

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Updated November 14 with details of further Microsoft Windows ...

A threat actor is exploiting a zero-day elevation of privileges vulnerability in the Windows Common Log File System to deploy ransomware, one of a number of critical holes Microsoft plugged today as ...

Cisco has released security updates to patch a ClamAV denial-of-service (DoS) vulnerability, which has proof-of-concept (PoC) exploit code. Tracked as CVE-2025-20128, the vulnerability is caused by a ...

A critical vulnerability (CVE-2025-20337) in Cisco's Identity Services Engine (ISE) could be exploited to let an unauthenticated attacker store malicious files, execute arbitrary code, or gain root ...