Items tagged with vulnerability
Linux server administrators, it's time to get your patch on. The boffins at Qualys, a security firm well known for its excellent SSL configuration tester, found a pair of security vulnerabilities that combined can grant any unprivileged...
Read more...
Security researchers have revealed that the ASUS Armoury Crate software has a serious vulnerability (tracked as CVE-2025-3464) that could allow hackers to gain admin access to computers.
The ASUS Armoury Crate software was designed to...
Read more...
Io_uring was introduced in 2019 with Linux kernel 5.1, and its purpose was to help improve the efficiency and flexibility of input and output operations on Linux. While this led to significant performance gains, it also led to critical...
Read more...
Wordfence, a cybersecurity company that specializes in making WordPress security products, has found a critical vulnerability in a plugin used by over 4 million internet websites. The company says that “this is one of the more serious...
Read more...
A few years ago, PC firmware switched from the aging BIOS system to the Unified Extensible Firmware Interface standard, more commonly known as UEFI. This system is more secure than the legacy BIOS was, but it's not perfect. Cybersecurity...
Read more...
A security vulnerability found in ownCloud, a provider of open-source software solutions for organizations to host and sync files, is now being actively exploited by threat actors. The vulnerability, CVE-2023-49103, was initially disclosed...
Read more...
WP Fastest Cache, a WordPress plugin currently in use by over 1 million users that assists in more efficiently delivering their websites, is addressing a security issue with its 1.2.2 release. This update addresses an SQL injection...
Read more...
If Marvin the Martian makes it onto your computer and does privilege escalation to take it over, we might now know just how they did it. A new Linux local privilege escalation vulnerability, dubbed Looney Tunables. that can bump basic...
Read more...
Last month, Apple pushed multiple security updates for its products due to vulnerabilities that could lead to the Triangulation spyware being put on your device. Now, the Cupertino-based company has rolled out another Rapid Security...
Read more...
A WordPress plugin with over 2 million active installations left its users open to an alarming security flaw. The popular Advanced Custom Fields (ACF) plugin by WP Engine allows WordPress admins to add custom fields throughout their sites...
Read more...
Microsoft recently patched a zero-click privilege escalation vulnerability within Microsoft Outlook, tracked as CVE-2023-2339 and rated a 9.8/10 on the Common Vulnerability Scoring System (CVSS). Left unchecked, this vulnerability could...
Read more...
Dangerous zero-day vulnerabilities found in Samsung Exynos modems have been discovered encompassing Samsung Galaxy phones, Google Pixel 6s and 7s, select wearables, and more. Here's what to expect, the steps to take, and find out if your...
Read more...
A new covert channel attack was discovered by the School of Cyber Security at Korea University in Seoul that can leak sensitive data from internal speakers in a computer to a nearby attacker's microphone housed in either a smartphone or...
Read more...
The password manager KeePass is currently the subject of a debate concerning whether or not a particular design decision should be considered a security vulnerability. At the center of this debate is KeePass’ support of triggers, one of...
Read more...
In 2022, the National Security Agency, in conjunction with the U.K’s National Cyber Security Centre, reported a critical vulnerability in the Windows CryptoAPI to Microsoft. While this was patched in August of 2022 and published in October...
Read more...
Hardware vulnerabilities are never fun, especially when actively exploited in the wild. Forward-looking companies try to get ahead of bad actors by encouraging responsible disclosure and awarding bug bounties. AMD has worked with security...
Read more...
Those who follow cybersecurity news will know that both security researchers and threat actors alike are frequently discovering security vulnerabilities, prompting developers to create and release patches for these vulnerabilities. While...
Read more...
We all like to think our organization's e-mail is secure—secure in the knowledge that your IT administrator is keeping things up to date, safe, and secure. After all, you have to change your password every three months, right? Well...
Read more...
A researcher at the cloud security company Lightspin recently discovered a flaw in the Amazon Web Services (AWS) Elastic Container Registry (ECR) Public Gallery that threat actors could have exploited to delete or modify container images...
Read more...
Last week, Google began pushing out an update to its Chrome browser that fixes a critical security vulnerability in the browser’s JavaScript engine. Google noted in its blog post about the update that an exploit for this vulnerability is...
Read more...
Last month, researchers at the cybersecurity firm GTSC discovered cyberattacks actively exploiting two zero-day vulnerabilities in the Microsoft Exchange email system. The researchers reported these two vulnerabilities to the Zero Day...
Read more...
Earlier this week, Microsoft confirmed a “new” 0-Day remote code execution vulnerability within Exchange Servers. While it isn’t necessarily new in the family of Proxy-Exploits, critical infrastructure is still being attacked now, and...
Read more...
