#security-vulnerability

[ follow ]
fromThe Hacker News
22 hours ago

Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups

In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization's connected cloud environment without leaving easily detectable and auditable traces.
Privacy professionals
#microsoft
fromThe Verge
2 days ago
Privacy professionals

Microsoft's plan to fix the web with AI has already hit an embarrassing security flaw

A critical vulnerability in Microsoft's NLWeb protocol allows remote users to access sensitive files.
fromThe Verge
2 days ago
Privacy professionals

Microsoft's plan to fix the web with AI has already hit an embarrassing security flaw

more#microsoft
fromTechzine Global
2 weeks ago

SharePoint vulnerability actively exploited: Microsoft rolls out emergency patches

Microsoft has issued an urgent warning about a critical zero-day vulnerability in SharePoint Server, registered as CVE-2025-53770, allowing remote code execution.
Privacy professionals
fromThe Hacker News
2 weeks ago

Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers

"CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS."
Information security
#cisco
more#cisco
fromThe Hacker News
4 weeks ago

ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs

The vulnerability, tracked as CVE-2025-3648 (CVSS score: 8.2), has been described as a case of data inference in Now Platform through conditional access control list (ACL) rules.
Information security
Privacy technologies
fromMail Online
1 month ago

Update your browser NOW: Google Chrome hit by serious security flaw

Google Chrome users must update their browser immediately to protect against a high-severity security vulnerability exploited by hackers.
Privacy technologies
fromZDNET
1 month ago

Your Brother printer might have a critical security flaw - how to check and what to do next

Brother printers have a serious unpatchable security flaw that exposes devices to potential attacks.
#google
fromZDNET
1 month ago
Privacy technologies

Google Chrome hit by another serious security flaw - update your browser ASAP

fromZDNET
1 month ago
Privacy technologies

Google Chrome hit by another serious security flaw - update your browser ASAP

more#google
NYC parents
from6abc Philadelphia
1 month ago

2 of 4 detainees who escaped Delaney Hall immigration detention center back in custody: FBI Newark

Two of the four detainees who escaped an immigration detention center in New Jersey are back in custody, search ongoing for the others.
fromTechzine Global
1 month ago

AMD releases security update for Ryzen CPUs with TPM vulnerability

A new vulnerability in Ryzen processors allows unauthorized access to TPM data, with a CVSS score indicating medium risk, requiring physical access to exploit.
Information security
fromZDNET
2 months ago

Is your Asus router part of a botnet? How to check - and what you can do

Asus routers faced a significant security breach, impacting thousands as cybercriminals exploited vulnerabilities and established persistent backdoors.
fromTheregister
2 months ago

OpenPGP.js bug enables encrypted message spoofing

The vulnerability discovered in OpenPGP.js enables spoofing of both signed and encrypted messages, undermining the purpose of public key cryptography.
Privacy professionals
fromTechzine Global
2 months ago

Chrome vulnerability allowing account takeover fixed

Google has released an emergency update for the Chrome browser to fix a serious security vulnerability that allowed an account takeover.
Privacy technologies
fromTechzine Global
3 months ago

Commvault vulnerability poses serious risk to company data

Commvault's Command Center has a serious vulnerability (CVE-2025-34028) that allows remote code execution.
Organizations must ensure their systems are updated to version 11.38.20 to mitigate the risk.
Information security
fromSecuritymagazine
3 months ago

Devices exposed to remote hacking via Erlang/OTP SSH vulnerability

Erlang/OTP's SSH implementation has a critical vulnerability allowing remote code execution without authentication, requiring urgent attention and action from security teams.
fromZDNET
3 months ago

That Google email look real? Don't click - it might be scam. Here's how to tell

The sophisticated phishing scam uses Google’s own infrastructure to create deceptive emails and landing pages that appear legitimate, making attacks harder to identify.
Privacy professionals
fromThe Hacker News
4 months ago

Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code, said the project maintainers.
Java
Privacy professionals
fromThe Hacker News
4 months ago

Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks

Google addresses a severe Chrome vulnerability, CVE-2025-2783, exploited in phishing attacks targeting Russian organizations.
#nextjs
Information security
fromInfoWorld
4 months ago

Warning for developers, web admins: update Next.js to prevent exploit

Next.js vulnerability allows trivial authentication bypass, potentially exposing sensitive features to unauthorized users.
Information security
fromInfoWorld
4 months ago

Warning for developers, web admins: update Next.js to prevent exploit

Next.js vulnerability allows trivial authentication bypass, potentially exposing sensitive features to unauthorized users.
more#nextjs
Web frameworks
fromThe Hacker News
4 months ago

Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure

A critical vulnerability in Apache Tomcat enables remote code execution and information disclosure, with active exploitation noted shortly after its disclosure.
Apple
fromCreative Bloq
4 months ago

Apple issues urgent warning - update your iPhone now to stay safe

iPhone users must update to iOS 18.3.3 to avoid security risks associated with iOS 18.3.2.
Privacy technologies
fromTechCrunch
5 months ago

Exclusive: Stalkerware apps Cocospy and Spyic are exposing phone data of millions of people

A security vulnerability in Cocospy and Spyic apps exposes personal data of millions unknowingly monitored users.
Sensitive personal data can be accessed due to flaws in phone-monitoring spyware.
fromThe Hacker News
7 months ago

Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

A critical vulnerability in OpenWrt allows malicious firmware distribution through an unchecked build request process.
fromTheregister
10 months ago

Google Cloud Document AI flaw (still) allows data theft

The Google Cloud Document AI service has a serious vulnerability that remains unaddressed, enabling potential data theft from Cloud Storage.
[ Load more ]