Apache Flink flaw is back, and being actively exploited
An improper access control flaw is being actively exploited, CISA is warning......»»
Western Digital responds to claims that SanDisk SSD failures have design flaw
SanDisk's parent company has been facing lawsuits over several failed SSDs. Now, researchers have discovered that is issue is not in the firmware......»»
Intel fixes high-severity CPU bug that causes “very strange behavior”
Among other things, bug allows code running inside a VM to crash hypervisors. Enlarge Intel on Tuesday pushed microcode updates to fix a high-severity CPU bug that has the potential to be maliciously exploited against c.....»»
Review: Steam Deck OLED’s brilliant screen fixes the portable’s biggest flaw
New upgrade packs plenty of quality-of-life improvements but no power boost. Enlarge / The Steam Deck OLED (bottom) sunbathing with its older brother. When the Steam Deck first launched, our extensive review specificall.....»»
SanDisk SSDs may have been failing due to a fundamental design flaw
SanDisk's parent company has been facing lawsuits over several failed SSDs. Now, researchers have discovered that is issue is not in the firmware......»»
MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246)
A critical zero-day vulnerability (CVE-2023-47246) in the SysAid IT support and management software solution is being exploited by Lace Tempest, a ransomware affiliate known for deploying Cl0p ransomware. Lace Tempest has previously exploited zero-da.....»»
Open-source vulnerability disclosure: Exploitable weak spots
Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks before patches are made available, Aqua Security researchers worry. The risk arises from “.....»»
How a "Foveated" display boosts Apple Vision Pro headset refresh rates
Apple Vision Pro and later headsets can offer high refresh rates in their screens, Apple proposes, by using a 'foveated display' to optimize rendering to focus only where the user is actively looking.Apple Vision Pro lensesOne of the key elements of.....»»
Looney Tunables bug exploited for cryptojacking
Kinsing threat actors have been spotted exploiting the recently disclosed Looney Tunables (CVE-2023-4911) vulnerability to covertly install cryptomining software into cloud-native environments. Kinsing (aka Money Libra) is a threat actor group that h.....»»
Okta breach post mortem reveals weaknesses exploited by attackers
The recent breach of the Okta Support system was carried out via a compromised service account with permissions to view and update customer support cases. “During our investigation into suspicious use of this account, Okta Security identified t.....»»
Week in review: Exploited Citrix Bleed vulnerability, Atlassian patches critical Confluence bug
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: AI threat landscape: Model theft and inference attacks emerge as top concerns In this Help Net Security interview, Guy Guzner, CEO at Savvy, discuss.....»»
Atlassian Confluence data-wiping vulnerability exploited
Threat actors are trying to exploit CVE-2023-22518, a critical Atlassian Confluence flaw that allows unauthenticated attackers to reset vulnerable instances’ database, Greynoise is observing. The Shadowserver Foundation has also seen 30+ IP add.....»»
For a $1,700 folding phone, the OnePlus Open has one big flaw
OnePlus recently released its first foldable, the OnePlus Open. While it's a pretty great device, there is one big flaw with the design......»»
How the world might look if animals had legal rights
Let's picture what our societies might look like if animals were granted rights against being killed, made to suffer or exploited for human gain......»»
iLeakage flaw could force iPhones and Macs to divulge passwords and more
A vulnerability in A-series and M-series chips could force iPhones, Macs, and iPads to divulge passwords and other sensitive information to an attacker. Security researchers have dubbed the flaw – which affects Safari on the Mac, and any browser on.....»»
iOS 17.1 patches these 18 security flaws
Apple has launched its first major update for all users since debuting iOS 17 in September. iOS 17.1 comes with a range of security patches and none of them were identified as exploited in the wild ahead of the fixes. more….....»»
Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631)
The Winter Vivern APT group has been exploiting a zero-day vulnerability (CVE-2023-5631) in Roundcube webmail servers to spy on email communications of European governmental entities and a think tank, according to ESET researchers. “Exploitatio.....»»
VMware patches critical vulnerability in vCenter Server (CVE-2023-34048)
VMware has fixed a critical out-of-bounds write vulnerability (CVE-2023-34048) and a moderate-severity information disclosure flaw (CVE-2023-34056) in vCenter Server, its popular server management software. About CVE-2023-34048 and CVE-2023-34056 CVE.....»»
Citrix urges users to patch immediately after serious bug discovered
A critical flaw was found affecting a couple of Citrix products and a proof-of-concept is already available......»»
The latest high-severity Citrix vulnerability under attack isn’t easy to fix
If you run a Netscaler ADC or Gateway, assume it's compromised and take action ... fast. Enlarge (credit: Getty Images) A critical vulnerability that hackers have exploited since August, which allows them to bypass multi.....»»
Patch WinRAR now - it"s got a major security flaw
Chinese and Russians criminals are using WinRAR to target victims and deliver infostealers, so patch now......»»