Tag: vulnerability

Freshly discovered bug in OpenPGP.js undermines whole point of encrypted comms

Update before that proof-of-concept comes to bite

Ivanti patches two zero-days under active attack as intel agency warns customers

Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product

As US vuln-tracking falters, EU enters with its own security bug database

EUVD comes into play not a moment too soon

Curl project founder snaps over deluge of time-sucking AI slop bug reports

Lead dev likens flood to 'effectively being DDoSed'

Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps

10 other certificates 'were mis-issued and have now been revoked'

CVE fallout: The splintering of the standard vulnerability tracking system has begun

MITRE, EUVD, GCVE … WTF?

CVE program gets last-minute funding from CISA – and maybe a new home

Uncertainty is the new certainty

Uncle Sam kills funding for CVE program. Yes, that CVE program

Because vulnerability management has nothing to do with national security, right?

Old Fortinet flaws under attack with new method its patch didn't prevent

PLUS: Chinese robodogs include backdoor; OpenAI helps spammer; A Dutch data disaster; And more!

Don't open that JPEG in WhatsApp for Windows. It might be an .EXE

What a MIME field

Panic averted: It was just a bug in Atop after all

Warning of possible problems sparks controversy: Was it OverDAtop?

CrushFTP CEO's feisty response to VulnCheck's CVE for critical make-me-admin bug

Screenshot shows company head unhappy, claiming 'real CVE is pending'

Microsoft wouldn't look at a bug report without a video. Researcher maliciously complied

Ransomware criminals love CISA's KEV list – and that's a bug, not a feature

Does terrible code drive you mad? Wait until you see what it does to OpenAI's GPT-4o

Wallbleed vulnerability unearths secrets of China's Great Firewall 125 bytes at a time

Critical PostgreSQL bug tied to zero-day attack on US Treasury

Feds want devs to stop coding 'unforgivable' buffer overflow vulnerabilities

Apple warns 'extremely sophisticated attack' may be targeting iThings

Netgear fixes critical bugs as Five Eyes warn about break-ins at the edge

SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix

Six vulnerabilities in ubiquitous rsync tool announced and fixed in a day

Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used

Cryptojacking, backdoors abound as fiends abuse Aviatrix Controller bug

Apache issues patches for critical Struts 2 RCE bug

Three more vulns spotted in Ivanti CSA, all critical, one 10/10

US military grounds entire Osprey tiltrotor fleet over safety concerns

Fully patched Cleo products under renewed 'zero-day-ish' mass attack

QNAP and Veritas dump 30-plus vulns over the weekend

'Alarming' security bugs lay low in Linux's needrestart utility for 10 years

D-Link tells users to trash old VPN routers over bug too dangerous to identify

Palo Alto Networks tackles firewall-busting zero-days with critical patches

Microsoft slips Task Manager and processor count fixes into Patch Tuesday

HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code

Amazon confirms employee data exposed in leak linked to MOVEit vulnerability

Cisco scores a perfect CVSS 10 with critical flaw in its wireless system

US and UK govts warn: Russia scanning for your unpatched vulnerabilities

CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame

Mozilla patches critical Firefox vuln that attackers are already exploiting

Using iPhone Mirroring at work? You might have just overshared to your boss

Rackspace internal monitoring web servers hit by zero-day

That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices

Ivanti patches exploited admin command execution flaw

Feeld dating app's security too open-minded as private data swings into public view

Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing

Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers

AMD reverses course: Ryzen 3000 CPUs will get SinkClose patch after all

Multiple flaws in Microsoft macOS apps unpatched despite potential risks

SAP Core AI bugs allowed access to internal network servers, say researchers

UK plans to revamp national cyber defense tools are already in motion

Ransomware gangs are loving this dumb but deadly make-me-admin ESXi vulnerability

Progress discloses second critical flaw in Telerik Report Server in as many months

Traeger security bugs bad news for grillers with neighborly beef

No rest for the wiry as Cisco Nexus switches flip out over latest zero-day

Nasty regreSSHion bug in OpenSSH puts roughly 700K Linux boxes at risk

Juniper Networks flings out emergency patches for perfect 10 router vuln

Batten down the hatches, it's time to patch some more MOVEit bugs

CISA says crooks used Ivanti bugs to snoop around high-risk chemical facilities

Phoenix UEFI flaw puts long list of Intel chips in hot seat

That didn't take long: Replacement for SORBS spam blacklist arises ... sort of

GitHub Enterprise Server patches 10-outta-10 critical hole

Critical Fluent Bit bug affects all major cloud providers, say researchers

Researchers call out QNAP for dragging its heels on patch development

NCSC CTO: Broken market must be fixed to usher in new tech

Patch up – 4 critical bugs in ArubaOS lead to remote code execution

Federal frenzy to patch gaping GitLab account takeover hole

Open source programming language R patches gnarly arbitrary code exec flaw

Exploit code for Palo Alto Networks zero-day now public

CISA in a flap as Chirp smart door locks can be trivially unlocked remotely

Delinea Secret Server customers should apply latest patches

Rust rustles up fix for 10/10 critical command injection bug on Windows in std lib

Hotel check-in terminal bug spews out access codes for guest rooms

Uncle Sam's had it up to here with 'unforgivable' SQL injection flaws

Mozilla fixes $100,000 Firefox zero-days following two-day hackathon

Some 300,000 IPs vulnerable to this Loop DoS attack

3 million doors open to uninvited guests in keycard exploit

JetBrains TeamCity under attack by ransomware thugs after disclosure mess

Apple's trademark tight lips extend to new iPhone, iPad zero-days

Rapid7 throws JetBrains under the bus for 'uncoordinated vulnerability disclosure'

Zoom stomps critical privilege escalation bug plus 6 other flaws

QNAP vulnerability disclosure ends up an utter shambles

Ivanti discloses fifth vulnerability, doesn't credit researchers who found it

Fortinet's week to forget: Critical vulns, disclosure screw-ups, and that toothbrush DDoS attack claim

Raspberry Robin devs are buying exploits for faster attacks