#security-vulnerability
#security-vulnerability

2 weeks ago

AMD releases security update for Ryzen CPUs with TPM vulnerability

The flaw in the CryptHmacSign function enables attackers to read unauthorized data from the TPM, raising security concerns despite AMD’s timely firmware update.

Privacy technologies

Google brute-force attack exposes phone numbers in minutes

A flaw in Google's authentication systems leaves users' phone numbers vulnerable to brute-force attacks.

Web frameworks

Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure

A critical vulnerability in Apache Tomcat enables remote code execution and information disclosure, with active exploitation noted shortly after its disclosure.

3 weeks ago

Is your Asus router part of a botnet? How to check - and what you can do

Asus routers faced a significant security breach, impacting thousands as cybercriminals exploited vulnerabilities and established persistent backdoors.

Information security

Commvault vulnerability poses serious risk to company data

Privacy professionals

That Google email look real? Don't click - it might be scam. Here's how to tell

Information security

YouTube ID exploited to find Gmail deests, says researcher

Privacy technologies

3 weeks ago

Google brute-force attack exposes phone numbers in minutes

A flaw in Google's authentication systems leaves users' phone numbers vulnerable to brute-force attacks.

Web frameworks

Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure

A critical vulnerability in Apache Tomcat enables remote code execution and information disclosure, with active exploitation noted shortly after its disclosure.

3 weeks ago

Is your Asus router part of a botnet? How to check - and what you can do

Asus routers faced a significant security breach, impacting thousands as cybercriminals exploited vulnerabilities and established persistent backdoors.

Information security

Commvault vulnerability poses serious risk to company data

Privacy professionals

That Google email look real? Don't click - it might be scam. Here's how to tell

Information security

YouTube ID exploited to find Gmail deests, says researcher

more#cybersecurity

4 weeks ago

Exploit details of serious Cisco IOS XE vulnerability now public

Cisco disclosed a critical vulnerability in IOS XE software for Wireless LAN Controllers that enables unauthenticated attackers to upload files and execute commands with root privileges.

Information security

1 month ago

OpenPGP.js bug enables encrypted message spoofing

The vulnerability discovered in OpenPGP.js enables spoofing of both signed and encrypted messages, undermining the purpose of public key cryptography.

Privacy professionals

Privacy technologies

1 month ago

Chrome vulnerability allowing account takeover fixed

Google has issued an emergency Chrome update to address a severe security vulnerability allowing account takeovers.

#remote-code-execution

fromSecuritymagazine

Devices exposed to remote hacking via Erlang/OTP SSH vulnerability

Erlang/OTP's SSH implementation has a critical vulnerability allowing remote code execution without authentication, requiring urgent attention and action from security teams.

Java

Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code

fromSecuritymagazine

Devices exposed to remote hacking via Erlang/OTP SSH vulnerability

Erlang/OTP's SSH implementation has a critical vulnerability allowing remote code execution without authentication, requiring urgent attention and action from security teams.

more#remote-code-execution

Java

Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code

Warning for developers, web admins: update Next.js to prevent exploit

Next.js vulnerability allows trivial authentication bypass, potentially exposing sensitive features to unauthorized users.

fromDeveloper Tech News

Web frameworks

Critical security flaw uncovered in Next.js framework

fromInfoWorld

Warning for developers, web admins: update Next.js to prevent exploit

Next.js vulnerability allows trivial authentication bypass, potentially exposing sensitive features to unauthorized users.

fromDeveloper Tech News

Web frameworks

Critical security flaw uncovered in Next.js framework

Apple issues urgent warning - update your iPhone now to stay safe

iPhone users must update to iOS 18.3.3 to avoid security risks associated with iOS 18.3.2.

Microsoft Power Pages websites attacked via security hole

Microsoft patched a critical security vulnerability in Power Pages and advised users to check for signs of exploitation.

Privacy technologies

fromTechCrunch

Exclusive: Stalkerware apps Cocospy and Spyic are exposing phone data of millions of people

A security vulnerability in Cocospy and Spyic apps exposes personal data of millions unknowingly monitored users.

Sensitive personal data can be accessed due to flaws in phone-monitoring spyware.

6 months ago

Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

An attacker can pollute the legitimate image by providing a package list that causes the hash collision, enabling exploitation of the ASU feature.

Information security

Artificial intelligence

9 months ago

Google Cloud Document AI flaw (still) allows data theft

The Google Cloud Document AI service has a serious vulnerability that remains unaddressed, enabling potential data theft from Cloud Storage.