Threats and vulnerabilities

Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.

Top Stories

News 09 Jan 2025
Mandiant links Ivanti zero-day exploitation to Chinese hackers

Mandiant warned users to be prepared for widespread exploitation of CVE-2025-0282 as Ivanti products have become a popular target for attackers in recent years. Continue Reading
By
- Arielle Waldman, News Writer
News 09 Jan 2025
December ransomware attacks slam healthcare, public services

In December, one victim organization paid a $1.5 million ransom to restore services, while another continued to experience disruptions for more than one month following an attack. Continue Reading
By
- Arielle Waldman, News Writer

Tip 17 Jan 2008
Ten hacker tricks to exploit SQL Server systems

SQL Server hackers have a medley of tricks and tools to gain access to your database systems. Learn their techniques and test SQL Server security before they do. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Answer 30 May 2007
How secure are document scanners and other 'scan to email' appliances?

Copiers and document scanners have always posed challenges for information security teams. In this SearchSecurity.com Q&A, Michael Cobb reveals how the right policies can control the use (and abuse) of these devices. Continue Reading
By
- Michael Cobb
Answer 02 May 2007
How can header information track down an email spoofer?

Spammers can use spoofed headers to hide the true origin of unwanted email. In this SearchSecurity.com Q&A, application security expert Michael Cobb explains how to trust where a message is coming from. Continue Reading
By
- Michael Cobb
Answer 09 Apr 2007
How can attackers exploit RSS software flaws?

RSS syndication feeds are a convenient way to get your news, blogs or other favorite content, but these popular tools are often left exposed. In this SearchSecurity.com Q&A, Ed Skoudis explains how malicious hackers can attack RSS software and distribute malicious code. Continue Reading
By
- Ed Skoudis, SANS Technology Institute
Feature 26 Jan 2007

Balancing the cost and benefits of countermeasures

The final tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage published by Realtimepublishers. Continue Reading
Feature 26 Jan 2007

Network-based attacks

The second tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Guide to Protecting Business Internet Usage published by Realtimepublishers. Continue Reading
Feature 12 May 2005

E-mail policies -- A defense against phishing attacks

In this excerpt of Chapter 6 from "Phishing: Cutting the Identity Theft Line," authors Rachael Lininger and Russell Dean Vines explain how e-mail policies help protect companies from phishing attacks. Continue Reading