Zyxel silently patches command injection vulnerability with 9.8 severity rating
Flaw makes it possible to install web shell to maintain control of affected devices. Enlarge (credit: Zyxel) Hardware manufacturer Zyxel quietly released an update fixing a critical vulnerability that gives hackers the ability.....»»
1Password 8 for Mac flaw allows attackers to steal credentials, here’s how to patch it
1Password has shared that its software for Mac has a vulnerability that exposes users to a potentially serious threat. Along with attackers being able to compromise credentials, the flaw can give bad actors access to your account unlock key. more.....»»
This new patch might finally fix the issues with Intel CPUs
Intel's partners are beginning to release microcode patches that might fix the problems with 13th- and 14th-gen processors......»»
Prompt injection attack on Apple Intelligence reveals a flaw, but is easy to fix
A prompt injection attack on Apple Intelligence reveals that it is fairly well protected from misuse, but the current beta version does have one security flaw which can be exploited. However, the issue would be very easy for the company to fix, so.....»»
Endor Labs launches Upgrade Impact Analysis and Magic Patches for SCA market
Endor Labs unveiled two capabilities, Upgrade Impact Analysis and Endor Magic Patches, that fix an expensive and time-consuming problem in the Software Composition Analysis (SCA) market. Software version upgrades are often required to fix critical vu.....»»
Apple has closed an ancient macOS Safari security hole
Apple is fixing a vulnerability in Safari for macOS, that seems to date back to the dawn of Intel Macs.Icon for Safari in macOSThe Defcon hacking conference is taking place from August 8 to August 11 in Las Vegas, which hosts talks about newly discov.....»»
Most existing heat wave indices fail to capture heat wave severity, experts report
Even though climate change is bringing more frequent and severe heat waves, there is no standard, global way to measure heat-wave severity, and existing indices have different thresholds for defining dangerous heat-stress conditions......»»
Study revisits Texas seismic activity occurring before 2017, confirming connection to wastewater injection
There's an important dividing line in the history of recent Texas earthquakes—those occurring before and after 2017, when the establishment of the Texas Seismological Network (TexNet) introduced the ability to monitor seismic events to much lower m.....»»
Rapid7 releases Command Platform, unified attack defense and response
Rapid7 launched its Command Platform, a unified threat exposure, detection, and response platform. It allows customers to integrate their critical security data to provide a unified view of vulnerabilities, exposures, and threats from endpoint to clo.....»»
Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856)
CVE-2024-38856, an incorrect authorization vulnerability affecting all but the latest version of Apache OFBiz, may be exploited by remote, unauthenticated attackers to execute arbitrary code on vulnerable systems. About CVE-2024-38856 Apache OFBiz is.....»»
Nucleus Vulnerability Intelligence Platform enhances threat assessment and remediation speed
Nucleus Security has launched its Nucleus Vulnerability Intelligence Platform. Platform enables enterprises to aggregate, analyze, and act on insights from government, open-source, and premium threat intelligence feeds while reducing manual effort, a.....»»
VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085)
Ransomware operators have been leveraging CVE-2024-37085, an authentication bypass vulnerability affecting Active Directory domain-joined VMware ESXi hypervisors, to gain full administrative access to them and encrypt their file system. VMware owner.....»»
The New Gods of Weather Can Make Rain on Demand—or So They Want You to Believe
In a gold-trimmed command center on the outskirts of Abu Dhabi, scientists are seeking to wring moisture from desert skies. But will all their extravagant cloud-seeding tech—planes that sprinkle nanomaterials, lasers that scramble the atmosphere—.....»»
Hackers exploit VMware vulnerability that gives them hypervisor admin
Create new group called "ESX Admins" and ESXi automatically gives it admin rights. Enlarge (credit: Getty Images) Microsoft is urging users of VMware’s ESXi hypervisor to take immediate action to ward off ongoing attac.....»»
Timber plantations near urbanized areas support the movement of small and medium-sized terrestrial mammals
In the fight to mitigate climate change and deforestation in the tropics, timber plantations have emerged as a promising strategy for reforesting degraded land and connecting patches of natural forest. Often, these are species with commercial value f.....»»
Avocado genome assembled: Uncovering disease resistance and fatty acid secrets
The avocado, celebrated for its nutritious unsaturated fats and distinctive flavor, encounters notable agricultural challenges, particularly its vulnerability to diseases that can drastically reduce fruit quality and yield......»»
Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249)
CVE-2023-45249, a critical vulnerability affecting older versions of Acronis Cyber Infrastructure, is being exploited by attackers. About Acronis Cyber Infrastructure Acronis is a privately held Swiss cybersecurity and data protection technology comp.....»»
Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327)
Progress Software has fixed a critical vulnerability (CVE-2024-6327) in its Telerik Report Server solution and is urging users to upgrade as soon as possible. About CVE-2024-6327 (and CVE-2024-6096) Telerik Report Server is an enterprise solution for.....»»
Docker fixes critical auth bypass flaw, again (CVE-2024-41110)
A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, allowing them to perform unauthorized actions, including privilege escalation. A.....»»
Fruit fly post-mating behavior controlled by male-derived peptide via command neurons, finds study
Scientists have succeeded in pinpointing the neurons within a female fruit fly's brain that respond to signals from the male during mating......»»
Vulnerability in Telegram app for Android allows sending malicious files disguised as videos
ESET researchers discovered a zero-day exploit, which targets the Telegram app for Android, that appeared for sale for an unspecified price in an underground forum post from June 2024. Example of how the EvilVideo exploit appears on Telegram (source:.....»»