Dataproof Communications

Cisco has handed security teams one of the largest ever patching workloads affecting its firewall products, including fixes for two ‘perfect 10’ vulnerabilities in the company’s Secure Firewall Management Center (FMC) Software. Overall, the March 4 release, the first of its semiannual firewall updates for 2026, addresses 25 security advisories covering 48 individual CVEs. The...

Malicious insiders are using misusing AI for nefarious gain, while employees cutting corners also creates risk, warns Mimecast - Read more

Regardless of where you’re at in your application security maturity, dynamic application security testing (DAST) is a program staple in a few key ways:It satisfies compliance requirements for runtime-related vulnerabilities. DAST catches vulnerabilities in the running web application, yielding findings that may be missed in static code testing.It is security-driven with little overhead in configuration/maintenance from development or application teams.Due...

Nginx UI - Unauthenticated Backup Download with Encryption Key Disclosure The /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data (user credentials, session tokens, SSL private keys, Nginx configurations) and decrypt it immediately....

View CSAF Summary Successful exploitation of this vulnerability could result in an attacker achieving remote code execution on the device. The following versions of Delta Electronics CNCSoft-G2 are affected: CNCSoft-G2 CVSS Vendor Equipment Vulnerabilities v3 7.8 Delta Electronics Delta Electronics CNCSoft-G2 Out-of-bounds Write Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Taiwan Vulnerabilities Expand All + CVE-2026-3094 Delta Electronics CNCSoft-G2 devices prior to version V2.1.0.39 are vulnerable to an Out-of-Bounds Write while parsing DPAX files...

Cisco Talos is disclosing UAT-9244, who we assess with high confidence is a China-nexus advanced persistent threat (APT) actor closely associated with Famous Sparrow.Since 2024, UAT-9244 has targeted critical telecommunications infrastructure, including Windows and Linux-based endpoints and edge devices in South America, proliferating access via three malware implants.The first backdoor, “TernDoor,” is a new variation of the previously disclosed,...

Exploitation of zero-days by commercial surveillance and spyware developers outpaced exploitation by nation-state actors last year, according to a report - Read more

Amazon Web Services (AWS) successfully completed the annual recertification audit with no findings for ISO 9001:2015, 27001:2022, 27017:2015, 27018:2019, 27701:2019, 20000-1:2018, 22301:2019, and Cloud Security Alliance (CSA) STAR Cloud Controls Matrix (CCM) v4.0. The objective of the audit was to enable AWS to expand their ISO and CSA STAR certifications to include one new AWS Region and...

AI. Automation. Zero Trust. They dominate every security strategy document. But there’s a truth sitting underneath all three: none of them work without deep, trustworthy visibility. You can’t continuously verify identities without knowing how they behave. You can’t train AI on incomplete data and expect accurate detection. You can’t automate response if every decision is built...

Samsung MagicINFO Server Multiple Vulnerabilities MagicINFO User Credential Disclosure (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)NOTE: Samsung mentioned this item may have been fixed with version 21.1090.1, but we were unable to confirm as new MagicInfo versions were not made available to us. We no longer observe that version to be available, and thus are including this issue here.When a MagicINFO user logs into the...