#security-vulnerabilities

[ follow ]
fromThe Verge
1 day ago

DJI couldn't confirm or deny it disguised this drone to evade a US ban

Security researchers discovered that the SkyRover X1 not only shares specs and features with DJI drones but also utilizes DJI's online infrastructure. This included connections to multiple DJI accounts, with one hacker logging in using their DJI credentials.
Gadgets
fromsfist.com
3 days ago

Sam Altman Warns of Coming AI-Created 'Fraud Crisis'

I am very nervous that we have an impending, significant, impending fraud crisis. A thing that terrifies me is apparently there are still some financial institutions that will accept a voice print as authentication for you to move a lot of money.
Privacy professionals
fromTheregister
1 week ago

Curl creator mulls nixing bug bounty awards to stop AI slop

The general trend so far in 2025 has been way more AI slop than ever before (about 20 percent of all submissions) as we have averaged about two security report submissions per week.
Software development
#bitchat
fromTechCrunch
2 weeks ago
Privacy technologies

Jack Dorsey says his 'secure' new Bitchat app has not been tested for security | TechCrunch

fromTechCrunch
2 weeks ago
Privacy technologies

Jack Dorsey says his 'secure' new Bitchat app has not been tested for security | TechCrunch

more#bitchat
#cybersecurity
Information security
fromThe Hacker News
5 months ago

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

Xerox VersaLink printers have serious security vulnerabilities that can lead to credential theft.
The vulnerabilities can allow attackers to redirect authentication information to rogue servers.
Effective exploitation of these vulnerabilities requires specific conditions, including access to MFP configuration and user address books.
Information security
fromTheregister
3 months ago

CISA warns of new malware targeting Ivanti flaw

Ivanti products face a new malware threat called Resurge, exploiting a critical vulnerability. Immediate action is required to protect systems.
Information security
fromThe Hacker News
9 months ago

Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries

Multiple vulnerabilities in MMS protocol can severely impact industrial environments, allowing potential crashes and remote code execution.
Information security
fromThe Hacker News
5 months ago

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

Xerox VersaLink printers have serious security vulnerabilities that can lead to credential theft.
The vulnerabilities can allow attackers to redirect authentication information to rogue servers.
Effective exploitation of these vulnerabilities requires specific conditions, including access to MFP configuration and user address books.
Information security
fromTheregister
3 months ago

CISA warns of new malware targeting Ivanti flaw

Ivanti products face a new malware threat called Resurge, exploiting a critical vulnerability. Immediate action is required to protect systems.
Information security
fromThe Hacker News
9 months ago

Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries

Multiple vulnerabilities in MMS protocol can severely impact industrial environments, allowing potential crashes and remote code execution.
more#cybersecurity
fromTheregister
1 month ago

Sitecore fixes pre-auth RCE exploits in enterprise CMS

This is sadly not a joke. The hardcoded password 'b' is a significant vulnerability that poses a risk across multiple organizations using Sitecore.
Privacy technologies
#linux
fromITPro
3 months ago
Privacy technologies

Qualys discovers three bypasses of Ubuntu's unprivileged user namespace restrictions

fromITPro
3 months ago
Privacy technologies

Qualys discovers three bypasses of Ubuntu's unprivileged user namespace restrictions

more#linux
fromThe Cyber Express
2 months ago

Multer Vulnerabilities Expose Node.js Apps To DoS Attacks

The high-severity vulnerabilities in Multer allow attackers to cause a Denial of Service (DoS) by sending malformed multi-part upload requests, crashing Node.js applications.
Node JS
Tech industry
fromTheregister
2 months ago

Intel data-leaking Spectre defenses scared off once again

ETH Zurich researchers developed a method to bypass Intel's protections against Spectre vulnerabilities, highlighting ongoing security concerns.
fromInfoQ
2 months ago

Spring News Roundup: RCs of Spring Boot, Data, Security, Auth, Session, Integration, Web Services

The first release candidate of Spring Boot 3.5.0 introduces significant bug fixes, dependency upgrades, and new annotations to enhance servlet and filter registration.
Web frameworks
#data-protection
Information security
fromDevOps.com
6 months ago

The State of Application Risk: Key Findings Reveal Widespread Security Vulnerabilities - DevOps.com

Enterprise software development environments are critically vulnerable, as all organizations face high security risks.
Traditional application security approaches are ineffective against modern threats, leaving organizations exposed.
Information security
fromDevOps.com
6 months ago

The State of Application Risk: Key Findings Reveal Widespread Security Vulnerabilities - DevOps.com

Enterprise software development environments are critically vulnerable, as all organizations face high security risks.
Traditional application security approaches are ineffective against modern threats, leaving organizations exposed.
more#data-protection
London startup
fromDeveloper Tech News
3 months ago

Security flaws hit PyTorch Lightning deep learning framework

PyTorch Lightning has critical security flaws due to deserialisation vulnerabilities, potentially allowing arbitrary code execution from untrusted model files.
Gadgets
fromwww.theguardian.com
3 months ago

Hyundai facing legal action over car that can be stolen effortlessly in seconds'

Hyundai is facing lawsuits for not warning customers about easy thefts of its electric cars.
Roam Research
fromSecuritymagazine
3 months ago

27,000 records in Australian fintech database were exposed

An exposed Amazon S3 database for Vroom by YouX contained sensitive records, highlighting severe security risks associated with unprotected data.
#kubernetes
more#kubernetes
Privacy technologies
fromTechRepublic
4 months ago

Billions of Devices at Risk of Hacking Due to Hidden Commands

Undocumented commands in the ESP32 Bluetooth chip pose serious security risks, enabling potential impersonation and memory manipulation.
Web development
fromSmashing Magazine
5 months ago

How OWASP Helps You Secure Your Full-Stack Web Applications - Smashing Magazine

The OWASP vulnerabilities list is essential for web developers to establish security measures against common threats.
fromTheregister
6 months ago

MediaTek says 'Happy New Year' with critical RCE, other bugs

MediaTek disclosed a critical remote code execution vulnerability affecting 51 chipsets, which could lead to serious security risks if exploited.
Information security
Information security
fromTechCrunch
9 months ago

Socket lands a fresh $40M to scan software for security flaws | TechCrunch

The software supply chain is currently at high risk, particularly with outdated open-source components leading to security vulnerabilities.
[ Load more ]