vulnerability

Speculative attacks continue to find loopholes even in modern processors. It's been more than six years since the legendary Spectre vulnerability was discovered, however, the latest AMD and Intel CPUs are still susceptible to speculative execution attacks. This is the conclusion reached by...

What is behind the attempted attack on the Trump and Harris campaigns. Chinese hackers tried to access data on the phones of former US President Donald Trump and his campaign partner J.D. Vance, as well as people associated with the campaign of Vice President Kamala Harris. This is reported by...

Talking Traffic is a system that will solve the problem or put entire provinces at risk. A serious vulnerability has been discovered in the Netherlands in a traffic light management system that allows attackers to remotely control signals at thousands of intersections across the country. This...

A vulnerability (CVE-2024-47191) has been identified in the pam_oath PAM module, which is part of the oath-toolkit package and is used for two-factor authentication using one-time passwords (OTP), which allows an unprivileged user to gain root access in the system. The pam_oath module is...

Attackers disguise commands in email messages. Cybersecurity experts are calling for immediate updates to Zimbra's email servers, as a new critical vulnerability is already being actively exploited by hackers. The vulnerability with the identifier CVE-2024-45519 was discovered on September 27...

The protocol was attacked again due to a bug in Compound Finance v2. On September 26, the decentralized finance (DeFi) protocol Onyx was attacked, as a result of which attackers managed to steal assets worth $3.8 million. Information about the incident was published by the blockchain security...

The project promises compensation after the leakage of funds. The Bedrock team has announced the identification of a vulnerability related to the uniBTC token, which affected funds worth about $2 million. Most of the losses affected liquidity pools on decentralized exchanges (DEXs LPs). Despite...

A fix for a vulnerability in the libnv library, released in early September, identified a logical error that prevented the vulnerability from being properly addressed and the system remained vulnerable to attack. The libnv library is developed by the FreeBSD project and is used in the kernel and...

Experts warn of a critical vulnerability affecting all GNU/Linux systems. If exploited, an unauthenticated attacker can execute the code remotely. Apparently, the problem has existed for more than a decade, and in two weeks, the researchers promise to publish technical details. Interestingly...

PatchStack researchers have revealed details of critical security flaws. Two vulnerabilities have been discovered in the Houzez WordPress theme, as well as in the associated Login Register plugin, threatening the security of more than 46,000 websites. Researchers from PatchStack found that...

Aqua Nautilus cites 28,000 reasons for concern in its report. There is an alarming trend in the field of cybersecurity: the number of vulnerabilities identified is breaking all records. According to the National Database (NVD), 28,821 security breaches were reported in 2023. Even more alarming...

The identified flaw received the highest possible CVSS score. GitLab has released updates to address a critical vulnerability in its Community Edition (CE) and Enterprise Edition (EE) editions that could lead to authentication bypass. The issue is related to the ruby-saml library (...

How could the leading software vendors have made such a gross miscalculation? SolarWinds has released updates to address two vulnerabilities in its Access Rights Manager (ARM) software, one of which is classified as critical. The vulnerability, identified CVE-2024-28991, has a CVSS score of 9.0...

The problem has been known for 5 years, but experts began to sound the alarm only now. Akamai has detected a new wave of attacks on outdated security cameras from the Taiwanese manufacturer AVTECH. Attackers exploit a critical vulnerability in the AVM1203 model to spread malware from the Mirai...

Update your browser urgently to avoid cyberattacks. Google has announced the release of an update that closes the tenth zero-day vulnerability that was actively exploited by attackers or white hat hackers as part of the competition in 2024. CVE-2024-7965 (CVSS score: 8.8) is a bug in the...

Update as soon as possible if you don't want to share your data with hackers. On August 20, GitHub released updates to address three security vulnerabilities in its Enterprise Server product, including one critical issue that allowed attackers to gain site administrator privileges. The most...

The TCP / IP error propagates over IPv6 systems without user intervention. Microsoft has warned users about a critical TCP / IP vulnerability that allows remote code execution (RCE) on all Windows systems with IPv6 enabled by default. Vulnerability CVE-2024-38063 (CVSS score: 9.8) is...

Cobalt Strike and Pypykatz open the way to full control of the network. A recently fixed vulnerability in the VMware ESXi hypervisors is actively used by several ransomware groups to gain elevated rights and deploy malicious software that encrypts files. These attacks exploit the vulnerability...

Why is Meta slow to take measures to protect users? The latest version of WhatsApp for Windows hides a serious vulnerability. It allows attackers to send attachments with Python and PHP scripts that run without warning as soon as the recipient opens them. The problem is similar to the Telegram...

A massive supply chain problem affects 813 UEFI products. Binarly experts report that hundreds of UEFI products from 10 vendors are at risk of being hacked due to a critical PKfail vulnerability in the firmware supply chain that allows you to bypass Secure Boot and install malware. Vulnerable...