Tag: vulnerability

Here you will find all the articles with the tag: vulnerability.

Apple patches two dangerous zero-day vulnerabilities

Apple patches two dangerous zero-day vulnerabilities

Apple recently patched two zero-day vulnerabilities in iOS, iPadOS and macOS that allow cybercriminals to hack virtually any Apple device. These are WebKit and kernel vulnerabilities discovered by third parties. The discovered zero-day vulnerabilities may already be actively exploited, Apple ind... Read more

date1 month ago
15-year-old Python bug puts 350,000 open-source projects at risk

15-year-old Python bug puts 350,000 open-source projects at risk

Researchers at Trellix said they have patched nearly 62,000 open-source projects susceptible to a 15-year-old path traversal vulnerability in the Python ecosystem. The bug, tracked under CVE-2007-4559, was discovered by Trellix's team in Python’s tarfile module late last year. It was first rep... Read more

date2 months ago
Researchers find DoS vulnerabilities in Rust Hyper

Researchers find DoS vulnerabilities in Rust Hyper

The JFrog Security Research team has discovered and disclosed multiple DoS (Denial of Service) vulnerabilities in popular Rust projects such as Axum, Salvo and conduit-hyper. In a recent blog post, JFrog says that all vulnerabilities stem from the same root cause, namely developers failing to se... Read more

date3 months ago
Linux-based malware uses 30 WordPress exploits to inject JavaScript

Linux-based malware uses 30 WordPress exploits to inject JavaScript

New Linux-based malware uses 30 vulnerabilities in WordPress plugins to inject malicious JavaScript. Antivirus vendor Dr. Web reports that the malware comes in two variants capable of attacking Linux-based WordPress sites by exploiting outdated plugins. The first variant found, Linux.BackDoor.Wo... Read more

date3 months ago
IBM discovers wormable vulnerability eerily similar to EternalBlue

IBM discovers wormable vulnerability eerily similar to EternalBlue

Researchers have identified a Windows code execution vulnerability that has the potential to rival EternalBlue, a Windows security issue used to ignite WannaCry, which took down computer networks around the world in 2017. The newly discovered vulnerability is listed as CVE-2022-37958. It allows ... Read more

date3 months ago
Google postpones Manifest V2 phaseout

Google postpones Manifest V2 phaseout

The phaseout of Google’s Manifest V2 Chrome extension framework has been delayed. The framework was supposed to be discontinued in 2023. The tech giant announced the phaseout of Manifest V2 in 2021. Manifest V2 is a framework for capabilities and permissions that introduced more stringent rule... Read more

date3 months ago
Hackers hijack Linux devices using PRoot-isolated file systems

Hackers hijack Linux devices using PRoot-isolated file systems

Hackers are using BYOF (bring your own filesystem) attacks to abuse the open-source Linux PRoot utility and develop a consistent source of harmful tools compatible with Linux devices. A BYOF attack involves a threat actor building a malicious file system on their devices that includes a typical ... Read more

date4 months ago
Critical vulnerability in server management solution MegaRAC BMC

Critical vulnerability in server management solution MegaRAC BMC

A critical vulnerability in MegaRAC BMC allows unauthorized attackers to execute code on servers. MegaRAC BMC is one of the world's most popular server management solutions. On-premises datacenter operators and cloud providers use MegaRAC BMC to remotely manage servers. The technology is incorp... Read more

date4 months ago
1 2 3 11