CISA flags data-theft bug in NSA-built OT networking tool

The Cybersecurity and Infrastructure Security Agency (CISA) is warning anyone who uses GrassMarlin, a tool developed by the National Security Agency (NSA), about a new vulnerability that attackers can ...
Dark Reading

Patch Now: OpenNMS Bug Steals Data, Triggers Denial of Service

Maintainers of OpenNMS patched a high-severity vulnerability in both the community-supported and subscription-based versions of the widely used open source network monitoring software. The XML ...
InfoWorld

Apache Tika hit by critical vulnerability thought to be patched months ago

A security flaw in the widely-used Apache Tika XML document extraction utility, originally made public last summer, is wider in scope and more serious than first thought, the project’s maintainers ...
Dark Reading

Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration

A critical vulnerability in Zoho’s widely used compliance tool, ManageEngine ADAudit Plus, which monitors changes to Microsoft Active Directory, leaves endpoints vulnerable to unauthenticated users. A ...