ConnectWise Fixes XSS Vulnerability that Could Lead to Remote Code Execution
Threat actors could exploit the flaw to take complete control of the ConnectWise platform
Stay updated on the latest in information security flaws. Explore news, insights, and analysis on vulnerabilities affecting digital safety.
Search across headline titles and summaries.
Background for this topic.
A flaw is a defect in software, hardware, system design, or configuration that causes unintended behavior. In security reporting, the term usually means a weakness that could violate confidentiality, integrity, or availability when reached through a particular interface, input, privilege, or operating condition. Not every flaw is exploitable, and exploitability depends on factors such as exposure, authentication requirements, affected versions, and available mitigations.
Flaws matter because they can create attack paths in applications, operating systems, devices, APIs, or administrative settings. Security teams assess their severity and exposure, prioritize remediation, apply patches or configuration changes, and use isolation or access controls when immediate fixes are unavailable. Code review, testing, vulnerability scanning, and monitoring can reveal flaws across the development and operational lifecycle. Reports should distinguish a confirmed vulnerability from a theoretical defect and provide enough technical detail to support validation without unnecessarily enabling exploitation.
Threat actors could exploit the flaw to take complete control of the ConnectWise platform
Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser
A set of five medium-severity security flaws in Arm's Mali GPU driver has continued to remain unpatched on Android devices for months, despite fixes released by the chipmaker
Flaws in the open-source tool exploited – and India's power grid was a target Microsoft is warning that systems using the long-discontinued Boa web server could be at risk of attacks after a series of intrusion attempts of power grid operations in India likely included exploiting security flaws in the technology.…
Microsoft on Tuesday disclosed the intrusion activity aimed at Indian power grid entities earlier this year likely involved the exploitation of security flaws in a now-discontinued web server called Boa
As the open source social media network blows up due to Twitter's troubles, researchers caution about vulnerabilities within the application.
Datadog security researchers found the flaw before miscreants did Amazon Web Services (AWS) fixed a cross-tenant flaw in AWS AppSync that could allow miscreants to abuse that cloud service to assume identity and access management roles in other AWS accounts, and then gain access to and control over those resources. …