Vulnerability Management
UK launches vulnerability research program for external experts
UK’s National Cyber Security Centre (NCSC) has announced a new Vulnerability Research Initiative (VRI) that aims to strengthen relations with external cybersecurity experts. The agency already conducts internal vulnerability research on a wide range of technologies and will continue to do so. However, the launch of VRI will create a parallel program designed to improve […]
Ruckus Networks leaves severe flaws unpatched in management devices
Multiple vulnerabilities that remain unpatched in Ruckus Wireless management products could be exploited to fully compromise the network environment they serve. The issues affect Ruckus Wireless Virtual SmartZone (vSZ) and Ruckus Network Director (RND), and range from uauthenticated remote code execution to hardcoded passwords or SSH public and private keys. Ruckus vSZ is a centralized wireless […]
Over 46,000 Grafana instances exposed to account takeover bug
More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover. The flaw is tracked as CVE-2025-4123 and impacts multiple versions of the open-source platform used for monitoring and visualizing infrastructure and application metrics. The vulnerability was discovered by bug bounty hunter Alvaro Balada and […]