VoIP vendor Fuze earlier this year patched three vulnerabilities that exposed user account information and enabled unauthorized authentication.

Rapid7 warned this week that its Nexpose appliances were shipped with a SSH configuration that could have let obsolete algorithms be used for key exchange.

Ecommerce sites using the Yopify plugin were leaking customers’ names, locations and purchases.

Fuze addressed two issues that publicly exposed recordings of private business meetings made over the collaboration platform.

Hyundai Motor America patched its Blue Link mobile app after researchers found a cleartext encryption key that could be use to expose user and vehicle information.

Harley Geiger, director of public policy at Rapid7, talks about how policy goes hand in hand with technology when it comes to cybersecurity, the government’s focus on IoT and critical infrastructure, and more.

Double Robotics telepresence robots were patched against vulnerabilities that leaked device data and session keys and tokens.

Researchers are warning patients who use insulin pumps made by Johnson & Johnson this week that vulnerabilities in the devices could be exploited to trigger an overdose.

A host of web-based vulnerabilities in Orsam Lightify smart lighting products remain unpatched, despite private notification to the vendor in late May and CVEs assigned to the issues in June by CERT/CC. Researchers at Rapid7 today publicly disclosed some of the details on each of the nine vulnerabilities with temporary mitigation advice users can deploy...

An unexpected behavior in a relatively new and popular open source API framework called Swagger could lead to code execution, researchers at Rapid7 said. The company today disclosed some details on the vulnerability, and released a Metasploit exploit module and a proposed patch written by researcher Scott Davis who found the flaw. Details were privately...