Stay informed with the latest in Information Security Report. Insightful analysis, trends, and updates on cybersecurity threats and defenses.
Search across headline titles and summaries.
Background for this topic.
Report is a documented account or statement describing in detail an event, situation, or the like, usually as the result of observation, inquiry, or analysis. Within the context of information security, a report often encompasses the findings from security audits, incident responses, or compliance assessments. These reports are critical for organizations as they help identify vulnerabilities, track security incidents, and measure the effectiveness of security measures.
Reports in cyber security serve as a form of communication between IT teams, management, and sometimes external stakeholders, such as customers or regulatory bodies. They may include recommendations for improving security postures, summaries of data breaches, analysis of cyber threats, and progress updates on ongoing security projects. The documentation provided by these reports is essential for informed decision-making and strategic planning in cybersecurity governance.
Weekly headline count for the current query.
A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according to a new report from Google Mandiant and Google Threat Intelligence Group (GTIG)
Fortinet customers are seeing attackers exploiting a patch bypass for a previously fixed critical FortiGate authentication vulnerability (CVE-2025-59718) to hack patched firewalls. [...]
Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild
Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild
Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian 'RomCom' hacking group to drop different malware payloads. [...]
A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver
Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. "The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unreported remote file inclusion (RFI) issue," ReliaQuest said in a report published this week
Though the information regarding the exploits is limited, the company did report that Intel-based Mac systems have been targeted by cybercriminals looking to exploit CVE-2024-44308 and CVE-2024-44309.
A new Fortinet FortiManager flaw dubbed "FortiJump" and tracked as CVE-2024-47575 has been exploited since June 2024 in zero-day attacks on over 50 servers, according to a new report by Mandiant. [...]
No less than 330000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical security flaw affecting Fortinet devices that have come under active exploitation in the wild
This blog entry discusses the technical details of how we exploited CVE-2022-22583 using a different method. We also tackle the technical details of CVE-2022-32800, another SIP-bypass that we discovered more recently, in this report.