Here you will find all the articles with the tag: vulnerability.
Apple recently patched two zero-day vulnerabilities in iOS, iPadOS and macOS that allow cybercriminals to hack virtually any Apple device. These are WebKit and kernel vulnerabilities discovered by third parties. The discovered zero-day vulnerabilities may already be actively exploited, Apple ind... Read more
1 month ago
The KeePass team, which created the popular open-source password management software, is disputing a recent discovery of a vulnerability in their software. According to the vulerability report it's possible to steal passwords by exploiting it. KeePass helps users store their passwords in a loca... Read more
2 months ago
Researchers at Trellix said they have patched nearly 62,000 open-source projects susceptible to a 15-year-old path traversal vulnerability in the Python ecosystem. The bug, tracked under CVE-2007-4559, was discovered by Trellix's team in Python’s tarfile module late last year. It was first rep... Read more
2 months ago
Cisco alerted that several routers in its Small Business series contain vulnerabilities that could provide remote access to cybercriminals. The models have reached end-of-life status, meaning no patches are available. Cisco stated that the vulnerabilities affect its RV016, RV042, RV042G and RV08... Read more
2 months ago
The JFrog Security Research team has discovered and disclosed multiple DoS (Denial of Service) vulnerabilities in popular Rust projects such as Axum, Salvo and conduit-hyper. In a recent blog post, JFrog says that all vulnerabilities stem from the same root cause, namely developers failing to se... Read more
3 months ago
New Linux-based malware uses 30 vulnerabilities in WordPress plugins to inject malicious JavaScript. Antivirus vendor Dr. Web reports that the malware comes in two variants capable of attacking Linux-based WordPress sites by exploiting outdated plugins. The first variant found, Linux.BackDoor.Wo... Read more
3 months ago
Researchers have identified a Windows code execution vulnerability that has the potential to rival EternalBlue, a Windows security issue used to ignite WannaCry, which took down computer networks around the world in 2017. The newly discovered vulnerability is listed as CVE-2022-37958. It allows ... Read more
3 months ago
The phaseout of Google’s Manifest V2 Chrome extension framework has been delayed. The framework was supposed to be discontinued in 2023. The tech giant announced the phaseout of Manifest V2 in 2021. Manifest V2 is a framework for capabilities and permissions that introduced more stringent rule... Read more
3 months ago
Hackers are using BYOF (bring your own filesystem) attacks to abuse the open-source Linux PRoot utility and develop a consistent source of harmful tools compatible with Linux devices. A BYOF attack involves a threat actor building a malicious file system on their devices that includes a typical ... Read more
4 months ago
A critical vulnerability in MegaRAC BMC allows unauthorized attackers to execute code on servers. MegaRAC BMC is one of the world's most popular server management solutions. On-premises datacenter operators and cloud providers use MegaRAC BMC to remotely manage servers. The technology is incorp... Read more
4 months ago
