Items tagged with vulnerability
by
Bruno Ferreira - Wed, Jun 18, 2025
Linux server administrators, it's time to get your patch on. The boffins at Qualys, a security firm well known for its excellent SSL configuration tester, found a pair of security vulnerabilities that combined can grant any unprivileged...
Read more...
by
Victor Awogbemila - Wed, Jun 18, 2025
Security researchers have revealed that the ASUS Armoury Crate software has a serious vulnerability (tracked as CVE-2025-3464) that could allow hackers to gain admin access to computers.
The ASUS Armoury Crate software was designed to...
Read more...
by
Victor Awogbemila - Sun, Apr 27, 2025
Io_uring was introduced in 2019 with Linux kernel 5.1, and its purpose was to help improve the efficiency and flexibility of input and output operations on Linux. While this led to significant performance gains, it also led to critical...
Read more...
by
Alan Velasco - Mon, Nov 18, 2024
Wordfence, a cybersecurity company that specializes in making WordPress security products, has found a critical vulnerability in a plugin used by over 4 million internet websites. The company says that “this is one of the more serious...
Read more...
by
Ryan Whitwam - Fri, Jun 21, 2024
A few years ago, PC firmware switched from the aging BIOS system to the Unified Extensible Firmware Interface standard, more commonly known as UEFI. This system is more secure than the legacy BIOS was, but it's not perfect. Cybersecurity...
Read more...
by
Alan Velasco - Wed, Nov 29, 2023
A security vulnerability found in ownCloud, a provider of open-source software solutions for organizations to host and sync files, is now being actively exploited by threat actors. The vulnerability, CVE-2023-49103, was initially disclosed...
Read more...
by
Alan Velasco - Wed, Nov 15, 2023
WP Fastest Cache, a WordPress plugin currently in use by over 1 million users that assists in more efficiently delivering their websites, is addressing a security issue with its 1.2.2 release. This update addresses an SQL injection...
Read more...
by
Nathan Ord - Wed, Oct 04, 2023
If Marvin the Martian makes it onto your computer and does privilege escalation to take it over, we might now know just how they did it. A new Linux local privilege escalation vulnerability, dubbed Looney Tunables. that can bump basic...
Read more...
by
Nathan Ord - Tue, Jul 11, 2023
Last month, Apple pushed multiple security updates for its products due to vulnerabilities that could lead to the Triangulation spyware being put on your device. Now, the Cupertino-based company has rolled out another Rapid Security...
Read more...
by
Mark Tyson - Tue, May 09, 2023
A WordPress plugin with over 2 million active installations left its users open to an alarming security flaw. The popular Advanced Custom Fields (ACF) plugin by WP Engine allows WordPress admins to add custom fields throughout their sites...
Read more...
by
Nathan Ord - Sat, Mar 18, 2023
Microsoft recently patched a zero-click privilege escalation vulnerability within Microsoft Outlook, tracked as CVE-2023-2339 and rated a 9.8/10 on the Common Vulnerability Scoring System (CVSS). Left unchecked, this vulnerability could...
Read more...
by
Aaron Leong - Fri, Mar 17, 2023
Dangerous zero-day vulnerabilities found in Samsung Exynos modems have been discovered encompassing Samsung Galaxy phones, Google Pixel 6s and 7s, select wearables, and more. Here's what to expect, the steps to take, and find out if your...
Read more...
by
Aaron Klotz - Tue, Mar 14, 2023
A new covert channel attack was discovered by the School of Cyber Security at Korea University in Seoul that can leak sensitive data from internal speakers in a computer to a nearby attacker's microphone housed in either a smartphone or...
Read more...
by
Nathan Wasson - Wed, Feb 01, 2023
The password manager KeePass is currently the subject of a debate concerning whether or not a particular design decision should be considered a security vulnerability. At the center of this debate is KeePass’ support of triggers, one of...
Read more...
by
Nathan Ord - Sat, Jan 28, 2023
In 2022, the National Security Agency, in conjunction with the U.K’s National Cyber Security Centre, reported a critical vulnerability in the Windows CryptoAPI to Microsoft. While this was patched in August of 2022 and published in October...
Read more...
by
Lane Babuder - Tue, Jan 17, 2023
Hardware vulnerabilities are never fun, especially when actively exploited in the wild. Forward-looking companies try to get ahead of bad actors by encouraging responsible disclosure and awarding bug bounties. AMD has worked with security...
Read more...
by
Nathan Wasson - Tue, Jan 10, 2023
Those who follow cybersecurity news will know that both security researchers and threat actors alike are frequently discovering security vulnerabilities, prompting developers to create and release patches for these vulnerabilities. While...
Read more...
by
Lane Babuder - Wed, Jan 04, 2023
We all like to think our organization's e-mail is secure—secure in the knowledge that your IT administrator is keeping things up to date, safe, and secure. After all, you have to change your password every three months, right? Well...
Read more...
by
Nathan Wasson - Tue, Dec 13, 2022
A researcher at the cloud security company Lightspin recently discovered a flaw in the Amazon Web Services (AWS) Elastic Container Registry (ECR) Public Gallery that threat actors could have exploited to delete or modify container images...
Read more...
by
Nathan Wasson - Tue, Dec 06, 2022
Last week, Google began pushing out an update to its Chrome browser that fixes a critical security vulnerability in the browser’s JavaScript engine. Google noted in its blog post about the update that an exploit for this vulnerability is...
Read more...
by
Nathan Wasson - Tue, Oct 04, 2022
Last month, researchers at the cybersecurity firm GTSC discovered cyberattacks actively exploiting two zero-day vulnerabilities in the Microsoft Exchange email system. The researchers reported these two vulnerabilities to the Zero Day...
Read more...
by
Nathan Ord - Sat, Oct 01, 2022
Earlier this week, Microsoft confirmed a “new” 0-Day remote code execution vulnerability within Exchange Servers. While it isn’t necessarily new in the family of Proxy-Exploits, critical infrastructure is still being attacked now, and...
Read more...