Track CVEs, attack groups, malware, vendors and training in one place.
CybersecurityBoard.com brings together vulnerability intelligence, security news, MITRE ATT&CK group profiles, cyber events, certifications, training, products, companies and service providers.
A critical unauthenticated remote code execution vulnerability has been discovered in WordPress core, affecting versions 6.9.0 through 6.9.4 and 7.0.0 through 7.0.1. The flaw, dubbed 'wp2shell' by researcher Adam Kues of Assetnote (Searchlight Cyber's…
A critical vulnerability in WordPress core allows unauthenticated remote code execution through a REST API batch-route confusion and SQL injection issue. Affects…
Okta's Red Team has disclosed a denial-of-service vulnerability in OpenSSL, dubbed HollowByte, that allows an attacker to freeze server memory using 11-byte…
A low-severity vulnerability in OpenSSL's TLS 1.3 certificate compression feature allows a peer-supplied length to grow a heap buffer before validation, potentially…
A moderate-severity vulnerability in OpenSSL's QUIC implementation allows unbounded memory growth via the PATH_CHALLENGE handler, leading to denial of service through memory…
CVE-2026-34183denial of servicememory exhaustionOpenSSL
The European Commission has issued binding specification decisions under the Digital Markets Act, ordering Google to grant rival AI assistants the same…
Artificial intelligence (AI) is transforming offensive security by accelerating code analysis, payload generation, and testing workflows. However, the core standard of proving…
OpenAI has disclosed details of GPT-Red, an internal automated red-teaming model that scales prompt injection vulnerability discovery to fix issues before tools…
SuccessKey is the threat actor attributed to the ViteVenom and ChainVeil campaigns, which use blockchain-based C2 infrastructure to deliver remote access trojans…
REvil, also known as Sodinokibi, is a notorious ransomware-as-a-service group that operated from April 2019 to July 2021, targeting over 1,000 victims…
Cybersecurity researchers at Checkmarx have uncovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of…
Operation Aquila was an 18-month investigation by Australia's signals directorate and federal police that identified Aleksandr Gennadievich Ermakov as the perpetrator behind…
EAL6+ is a high assurance level under the Common Criteria certification, indicating strong resistance to tampering. The Samsung S3D232A chip in Tangem…
Common CriteriaEAL6+secure elementsecurity certification
Okta's testing showed that NGINX servers using vulnerable OpenSSL versions can be OOM-killed by the HollowByte attack, with memory fragmentation persisting after…
Vite, a popular JavaScript frontend build tool, was targeted by the ViteVenom campaign where malicious scoped npm packages impersonated the @vitejs/* namespace…
Assetnote is an attack surface management platform and part of Searchlight Cyber. Researcher Adam Kues discovered the wp2shell vulnerability in WordPress core.
Assetnoteattack surface managementcybersecurityvulnerability research
Searchlight Cyber provides dark web intelligence and attack surface management solutions. Its Assetnote arm discovered the critical WordPress core RCE vulnerability.
attack surface managementcybersecuritydark web intelligenceSearchlight Cyber
OpenSSL was identified as a relevant cybersecurity entity in recently ingested reporting. This profile is generated so related cyber news, CVEs, malware,…
A VPN service provider sanctioned by the U.S. Treasury for enabling ransomware actors and cybercriminals to obscure their origins. Operational since 2014,…
Darktrace was identified as a relevant cybersecurity entity in recently ingested reporting. This profile is generated so related cyber news, CVEs, malware,…
CrowdSec was identified as a relevant cybersecurity entity in recently ingested reporting. This profile is generated so related cyber news, CVEs, malware,…
LevelBlue was identified as a relevant cybersecurity entity in recently ingested reporting. This profile is generated so related cyber news, CVEs, malware,…