Data broker leaves 600K+ sensitive files exposed online
Over 600,000 sensitive files, including personal data, were exposed in a non-password protected database belonging to SL Data Services.
Insurance website's buggy API leaked Office 365 password
Toyota Tsusho Insurance Broker India (TTIBI) exposed over 650,000 Microsoft-hosted emails due to a misconfigured server.
The company failed to change the password of the affected account even after the vulnerability was disclosed five months ago.
Ransomware gangs are loving this dumb but deadly ESXi flaw
The CVE-2024-37085 vulnerability allows attackers to gain full control of an ESXi hypervisor by creating specific AD groups, potentially leading to serious security breaches.
Tracker firm Hapn spilling names of thousands of GPS tracking customers | TechCrunch
Hapn exposed thousands of customer names due to a website bug, raising significant privacy concerns for users and impacting corporate clients.
The database leak included sensitive details of 8,600 GPS trackers, jeopardizing customer and corporate security.
Data broker leaves 600K+ sensitive files exposed online
Over 600,000 sensitive files, including personal data, were exposed in a non-password protected database belonging to SL Data Services.
Insurance website's buggy API leaked Office 365 password
Toyota Tsusho Insurance Broker India (TTIBI) exposed over 650,000 Microsoft-hosted emails due to a misconfigured server.
The company failed to change the password of the affected account even after the vulnerability was disclosed five months ago.
Ransomware gangs are loving this dumb but deadly ESXi flaw
The CVE-2024-37085 vulnerability allows attackers to gain full control of an ESXi hypervisor by creating specific AD groups, potentially leading to serious security breaches.
Tracker firm Hapn spilling names of thousands of GPS tracking customers | TechCrunch
Hapn exposed thousands of customer names due to a website bug, raising significant privacy concerns for users and impacting corporate clients.
The database leak included sensitive details of 8,600 GPS trackers, jeopardizing customer and corporate security.
A critical vulnerability in the Hunk Companion WordPress plugin allows attackers to install malicious plugins, which can lead to severe security breaches.
WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites
Jetpack plugin fixed a critical vulnerability that could expose user-submitted forms to logged-in users.
Over 101 versions of the Jetpack plugin were updated due to this security flaw.
LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites
A high-severity security vulnerability in LiteSpeed Cache allows unauthenticated users to gain admin access, potentially jeopardizing WordPress sites.
Critical WordPress plugin vulnerability under active exploit threatens thousands
Thousands of WordPress sites are unpatched against a critical vulnerability in the Hunk Companion plugin, exposing them to serious security risks.
A critical vulnerability in the Hunk Companion WordPress plugin allows attackers to install malicious plugins, which can lead to severe security breaches.
WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites
Jetpack plugin fixed a critical vulnerability that could expose user-submitted forms to logged-in users.
Over 101 versions of the Jetpack plugin were updated due to this security flaw.
LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites
A high-severity security vulnerability in LiteSpeed Cache allows unauthenticated users to gain admin access, potentially jeopardizing WordPress sites.
A critical flaw in Windows Update allows attackers to rollback security patches, potentially exposing systems to known vulnerabilities. The flaw affects certain Windows 10 versions.
Researchers say a bug let them add fake pilots to rosters used for TSA checks
Security vulnerability discovered in TSA's login systems could let unauthorized individuals access flight crew records.
SQL injection tested by researchers confirmed serious flaws in the system allowing administrative access without proper authentication.
YubiKeys have an unfixable security flaw
YubiKey devices have a vulnerability that allows cloning, discovered in the Infineon cryptographic library, affecting many models and with moderate exploit difficulty.
A new critical MOVEit vulnerability is being exploited by hackers - here's what you need to know
Enterprises using MOVEit Transfer affected versions should immediately patch the critical vulnerability CVE-2024-5806 to prevent unauthorized access.
Google releases Pixel update to get rid of surveillance vulnerability
Google acted promptly to remove a potentially vulnerable software from Pixel smartphones to prevent hacking risks.
No evidence of exploitation was found, but concerns led to proactive security measures.
The Arc browser that lets you customize websites had a serious vulnerability
Arc browser's 'Boosts' feature allows for website customization but poses security risks due to a vulnerability that can be exploited by attackers.
Microsoft patches rollback flaw in Windows 10
A critical flaw in Windows Update allows attackers to rollback security patches, potentially exposing systems to known vulnerabilities. The flaw affects certain Windows 10 versions.
Researchers say a bug let them add fake pilots to rosters used for TSA checks
Security vulnerability discovered in TSA's login systems could let unauthorized individuals access flight crew records.
SQL injection tested by researchers confirmed serious flaws in the system allowing administrative access without proper authentication.
YubiKeys have an unfixable security flaw
YubiKey devices have a vulnerability that allows cloning, discovered in the Infineon cryptographic library, affecting many models and with moderate exploit difficulty.
A new critical MOVEit vulnerability is being exploited by hackers - here's what you need to know
Enterprises using MOVEit Transfer affected versions should immediately patch the critical vulnerability CVE-2024-5806 to prevent unauthorized access.
Google releases Pixel update to get rid of surveillance vulnerability
Google acted promptly to remove a potentially vulnerable software from Pixel smartphones to prevent hacking risks.
No evidence of exploitation was found, but concerns led to proactive security measures.
The Arc browser that lets you customize websites had a serious vulnerability
Arc browser's 'Boosts' feature allows for website customization but poses security risks due to a vulnerability that can be exploited by attackers.
Researchers discover potentially catastrophic exploit present in AMD chips for decades
AMD processors have a critical firmware flaw allowing deep memory infection for decades.
AMD won't patch Sinkclose security bug on older Zen CPUs
Some AMD processors dating back to 2006 have a security vulnerability tracked as CVE-2023-31315, impacting models since 2020 with highly privileged execution environment issues.
Researchers discover potentially catastrophic exploit present in AMD chips for decades
AMD processors have a critical firmware flaw allowing deep memory infection for decades.
AMD won't patch Sinkclose security bug on older Zen CPUs
Some AMD processors dating back to 2006 have a security vulnerability tracked as CVE-2023-31315, impacting models since 2020 with highly privileged execution environment issues.
Crooks plant backdoor in software used by courtrooms around the world
A software update for JAVS Viewer 8 contained a hidden backdoor, putting over 10,000 courtrooms at risk of unauthorized access by threat actors.
Hackers make millions of attempts to exploit WordPress plugin vulnerability
Hackers are exploiting a severe vulnerability in the WordPress Automatic plugin, allowing complete website takeover.
Someone is hacking 3D printers to warn owners of a security flaw
Anycubic Kobra 2 Pro/Plus/Max 3D printer faces security vulnerability with warning message advising to disconnect from the internet.
A hacker targeting vulnerable printers sent warning messages regarding a critical vulnerability through ASCII art.
CISA finally removes dud vulnerability from must-patch list
CISA has removed a security vulnerability (CVE-2022-28958) from its Known Exploited Vulnerability catalog after it was found to be a fake vulnerability.
The vulnerability was thought to be a critical remote code execution flaw but had no impact on the systems it targeted.
Vendors' response to my LLM-crasher bug report was dire
Reporting bugs with a story in reputable publications can yield substantial responses. Caution is crucial when handling potentially dangerous information.
'Almost every Apple device' vulnerable to CocoaPods
CocoaPods faced a security issue with thousands of unclaimed packages, potentially leading to supply chain attacks on iOS and macOS apps.
Zero Day Initiative - Getting Unauthenticated Remote Code Execution on the Logsign Unified SecOps Platform
A lack of rate limiting in password reset requests poses a security vulnerability on web servers, enabling potential brute-force attacks on admin passwords.
'Unusually scary' bug in Apple Vision Pro allows hackers to fill your room with spiders, bats
A software bug in Apple Vision Pro headset allowed hackers to flood users' virtual reality with spiders and bats, exploiting Safari to trigger the security gap.
Phoenix UEFI bug affects long list of Intel chip families
A new vulnerability (CVE-2024-0762) affecting UEFI firmware in Intel chip families similar to BlackLotus poses security threats.
Update your Windows PC to avoid a serious Wi-Fi vulnerability
Install Microsoft's latest update to patch a critical vulnerability in Windows 11 and 10 related to public Wi-Fi networks.