A critical flaw in Windows Update allows attackers to rollback security patches, potentially exposing systems to known vulnerabilities. The flaw affects certain Windows 10 versions.
Researchers say a bug let them add fake pilots to rosters used for TSA checks
Security vulnerability discovered in TSA's login systems could let unauthorized individuals access flight crew records.
SQL injection tested by researchers confirmed serious flaws in the system allowing administrative access without proper authentication.
YubiKeys have an unfixable security flaw
YubiKey devices have a vulnerability that allows cloning, discovered in the Infineon cryptographic library, affecting many models and with moderate exploit difficulty.
A new critical MOVEit vulnerability is being exploited by hackers - here's what you need to know
Enterprises using MOVEit Transfer affected versions should immediately patch the critical vulnerability CVE-2024-5806 to prevent unauthorized access.
Google releases Pixel update to get rid of surveillance vulnerability
Google acted promptly to remove a potentially vulnerable software from Pixel smartphones to prevent hacking risks.
No evidence of exploitation was found, but concerns led to proactive security measures.
The Arc browser that lets you customize websites had a serious vulnerability
Arc browser's 'Boosts' feature allows for website customization but poses security risks due to a vulnerability that can be exploited by attackers.
Microsoft patches rollback flaw in Windows 10
A critical flaw in Windows Update allows attackers to rollback security patches, potentially exposing systems to known vulnerabilities. The flaw affects certain Windows 10 versions.
Researchers say a bug let them add fake pilots to rosters used for TSA checks
Security vulnerability discovered in TSA's login systems could let unauthorized individuals access flight crew records.
SQL injection tested by researchers confirmed serious flaws in the system allowing administrative access without proper authentication.
YubiKeys have an unfixable security flaw
YubiKey devices have a vulnerability that allows cloning, discovered in the Infineon cryptographic library, affecting many models and with moderate exploit difficulty.
A new critical MOVEit vulnerability is being exploited by hackers - here's what you need to know
Enterprises using MOVEit Transfer affected versions should immediately patch the critical vulnerability CVE-2024-5806 to prevent unauthorized access.
Google releases Pixel update to get rid of surveillance vulnerability
Google acted promptly to remove a potentially vulnerable software from Pixel smartphones to prevent hacking risks.
No evidence of exploitation was found, but concerns led to proactive security measures.
The Arc browser that lets you customize websites had a serious vulnerability
Arc browser's 'Boosts' feature allows for website customization but poses security risks due to a vulnerability that can be exploited by attackers.
Researchers discover potentially catastrophic exploit present in AMD chips for decades
AMD processors have a critical firmware flaw allowing deep memory infection for decades.
AMD won't patch Sinkclose security bug on older Zen CPUs
Some AMD processors dating back to 2006 have a security vulnerability tracked as CVE-2023-31315, impacting models since 2020 with highly privileged execution environment issues.
Researchers discover potentially catastrophic exploit present in AMD chips for decades
AMD processors have a critical firmware flaw allowing deep memory infection for decades.
AMD won't patch Sinkclose security bug on older Zen CPUs
Some AMD processors dating back to 2006 have a security vulnerability tracked as CVE-2023-31315, impacting models since 2020 with highly privileged execution environment issues.
Insurance website's buggy API leaked Office 365 password
Toyota Tsusho Insurance Broker India (TTIBI) exposed over 650,000 Microsoft-hosted emails due to a misconfigured server.
The company failed to change the password of the affected account even after the vulnerability was disclosed five months ago.
Ransomware gangs are loving this dumb but deadly ESXi flaw
The CVE-2024-37085 vulnerability allows attackers to gain full control of an ESXi hypervisor by creating specific AD groups, potentially leading to serious security breaches.
Insurance website's buggy API leaked Office 365 password
Toyota Tsusho Insurance Broker India (TTIBI) exposed over 650,000 Microsoft-hosted emails due to a misconfigured server.
The company failed to change the password of the affected account even after the vulnerability was disclosed five months ago.
Ransomware gangs are loving this dumb but deadly ESXi flaw
The CVE-2024-37085 vulnerability allows attackers to gain full control of an ESXi hypervisor by creating specific AD groups, potentially leading to serious security breaches.
Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot
Lenovo, AMI, and Insyde have released patches for LogoFAIL, a security vulnerability that affects almost all Windows and Linux computers.
LogoFAIL allows attackers to remotely execute code by replacing an image or logo during the device boot-up process.
Exploit for Critical Windows Defender Bypass Goes Public
A proof-of-concept exploit (PoC) is available for a critical zero-day vulnerability in Windows SmartScreen.
The exploit allows attackers to bypass Windows Defender SmartScreen checks.
Organizations need to address the vulnerability and apply the patch if they haven't already.
CISA finally removes dud vulnerability from must-patch list
CISA has removed a security vulnerability (CVE-2022-28958) from its Known Exploited Vulnerability catalog after it was found to be a fake vulnerability.
The vulnerability was thought to be a critical remote code execution flaw but had no impact on the systems it targeted.
A fresh proof-of-concept exploit for a critical security vulnerability in Apache ActiveMQ allows remote code execution on servers.
The exploit cuts down on intruder noise by launching attacks from memory, making it harder to detect.
The vulnerability has been patched, but thousands of organizations remain vulnerable.
Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot
Lenovo, AMI, and Insyde have released patches for LogoFAIL, a security vulnerability that affects almost all Windows and Linux computers.
LogoFAIL allows attackers to remotely execute code by replacing an image or logo during the device boot-up process.
Exploit for Critical Windows Defender Bypass Goes Public
A proof-of-concept exploit (PoC) is available for a critical zero-day vulnerability in Windows SmartScreen.
The exploit allows attackers to bypass Windows Defender SmartScreen checks.
Organizations need to address the vulnerability and apply the patch if they haven't already.
CISA finally removes dud vulnerability from must-patch list
CISA has removed a security vulnerability (CVE-2022-28958) from its Known Exploited Vulnerability catalog after it was found to be a fake vulnerability.
The vulnerability was thought to be a critical remote code execution flaw but had no impact on the systems it targeted.
Vendors' response to my LLM-crasher bug report was dire
Reporting bugs with a story in reputable publications can yield substantial responses. Caution is crucial when handling potentially dangerous information.
'Almost every Apple device' vulnerable to CocoaPods
CocoaPods faced a security issue with thousands of unclaimed packages, potentially leading to supply chain attacks on iOS and macOS apps.
Zero Day Initiative - Getting Unauthenticated Remote Code Execution on the Logsign Unified SecOps Platform
A lack of rate limiting in password reset requests poses a security vulnerability on web servers, enabling potential brute-force attacks on admin passwords.
'Unusually scary' bug in Apple Vision Pro allows hackers to fill your room with spiders, bats
A software bug in Apple Vision Pro headset allowed hackers to flood users' virtual reality with spiders and bats, exploiting Safari to trigger the security gap.
Phoenix UEFI bug affects long list of Intel chip families
A new vulnerability (CVE-2024-0762) affecting UEFI firmware in Intel chip families similar to BlackLotus poses security threats.
Update your Windows PC to avoid a serious Wi-Fi vulnerability
Install Microsoft's latest update to patch a critical vulnerability in Windows 11 and 10 related to public Wi-Fi networks.