#security-vulnerability

[ follow ]
#remote-code-execution
Information security
fromSecuritymagazine
3 months ago

Devices exposed to remote hacking via Erlang/OTP SSH vulnerability

Erlang/OTP's SSH implementation has a critical vulnerability allowing remote code execution without authentication, requiring urgent attention and action from security teams.
Web frameworks
fromThe Hacker News
4 months ago

Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure

A critical vulnerability in Apache Tomcat enables remote code execution and information disclosure, with active exploitation noted shortly after its disclosure.
Information security
fromSecuritymagazine
3 months ago

Devices exposed to remote hacking via Erlang/OTP SSH vulnerability

Erlang/OTP's SSH implementation has a critical vulnerability allowing remote code execution without authentication, requiring urgent attention and action from security teams.
Web frameworks
fromThe Hacker News
4 months ago

Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure

A critical vulnerability in Apache Tomcat enables remote code execution and information disclosure, with active exploitation noted shortly after its disclosure.
more#remote-code-execution
fromThe Hacker News
3 days ago

Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers

"CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS."
Information security
#cybersecurity
Information security
fromZDNET
1 month ago

Is your Asus router part of a botnet? How to check - and what you can do

Asus routers faced a significant security breach, impacting thousands as cybercriminals exploited vulnerabilities and established persistent backdoors.
fromZDNET
3 months ago
Privacy professionals

That Google email look real? Don't click - it might be scam. Here's how to tell

Information security
fromZDNET
1 month ago

Is your Asus router part of a botnet? How to check - and what you can do

Asus routers faced a significant security breach, impacting thousands as cybercriminals exploited vulnerabilities and established persistent backdoors.
fromZDNET
3 months ago
Privacy professionals

That Google email look real? Don't click - it might be scam. Here's how to tell

more#cybersecurity
#cisco
more#cisco
fromZDNET
3 weeks ago

Google Chrome hit by another serious security flaw - update your browser ASAP

The NIST page describes it as: "Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page."
Privacy technologies
from6abc Philadelphia
1 month ago

2 of 4 detainees who escaped Delaney Hall immigration detention center back in custody: FBI Newark

According to authorities, the four detainees had escaped following what the city's mayor referred to as an 'uprising' at the facility.
NYC parents
fromTechzine Global
1 month ago

AMD releases security update for Ryzen CPUs with TPM vulnerability

The flaw in the CryptHmacSign function enables attackers to read unauthorized data from the TPM, raising security concerns despite AMD’s timely firmware update.
Privacy technologies
fromTheregister
2 months ago

OpenPGP.js bug enables encrypted message spoofing

The vulnerability discovered in OpenPGP.js enables spoofing of both signed and encrypted messages, undermining the purpose of public key cryptography.
Privacy professionals
#nextjs
Information security
fromInfoWorld
3 months ago

Warning for developers, web admins: update Next.js to prevent exploit

Next.js vulnerability allows trivial authentication bypass, potentially exposing sensitive features to unauthorized users.
Information security
fromInfoWorld
3 months ago

Warning for developers, web admins: update Next.js to prevent exploit

Next.js vulnerability allows trivial authentication bypass, potentially exposing sensitive features to unauthorized users.
more#nextjs
Apple
fromCreative Bloq
4 months ago

Apple issues urgent warning - update your iPhone now to stay safe

iPhone users must update to iOS 18.3.3 to avoid security risks associated with iOS 18.3.2.
Privacy technologies
fromTechCrunch
5 months ago

Exclusive: Stalkerware apps Cocospy and Spyic are exposing phone data of millions of people

A security vulnerability in Cocospy and Spyic apps exposes personal data of millions unknowingly monitored users.
Sensitive personal data can be accessed due to flaws in phone-monitoring spyware.
fromThe Hacker News
7 months ago

Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

An attacker can pollute the legitimate image by providing a package list that causes the hash collision, enabling exploitation of the ASU feature.
Information security
Information security
fromThe Hacker News
11 months ago

Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform

A vulnerability named ConfusedFunction allows attackers to escalate privileges in Google Cloud Functions and access unauthorized data.
Google has updated Cloud Build to prevent misuse post-responsible disclosure.
[ Load more ]