CISA added four actively exploited vulnerabilities to its KEV catalog, urging U.S. federal agencies to apply fixes by ...

Microsoft released out-of-band patches for an actively exploited Microsoft Office zero-day, CVE-2026-21509, a security ...

CISA has flagged a critical VMware vCenter Server vulnerability as actively exploited and ordered U.S. federal agencies to secure their servers within three weeks.

Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks ...

The WinRAR vulnerability tracked as CVE-2025-8088 was discovered and patched in July 2025, but the popular file archiver continues to suffer from its fallout. According to ...

With vulnerability exploitation nearly doubling and critical weaknesses continuing to rise, it's clear that threat actors are accelerating their efforts while software ecosystems grow more complex.

German software company SAP has finally disclosed and fixed a highly critical vulnerability in the NetWeaver Visual Composer development server after evidence of exploitation in the wild. NetWeaver ...

BURLINGTON, Mass., Nov. 12, 2024 /PRNewswire/ -- Black Duck® Software, Inc. ("Black Duck") today announced the publication of the "2024 Software Vulnerability Snapshot" report highlighting various ...

The vulnerabilities disclosed in this release span multiple components of OpenSSL and affect a wide range of supported ...

Software vulnerability management has emerged as a cornerstone of modern cybersecurity, combining technical strategies for identifying and patching vulnerabilities with sophisticated economic models ...

For a software vendor, telling the world about the latest security vulnerability is always a delicate balancing act. Customers need information quickly, starting with the flaw’s severity rating and ...