#security-vulnerability

[ follow ]
#cybersecurity
Web frameworks
fromThe Hacker News
2 months ago

Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure

A critical vulnerability in Apache Tomcat enables remote code execution and information disclosure, with active exploitation noted shortly after its disclosure.
Information security
fromZDNET
2 days ago

Is your Asus router part of a botnet? How to check - and what you can do

Asus routers faced a significant security breach, impacting thousands as cybercriminals exploited vulnerabilities and established persistent backdoors.
fromZDNET
1 month ago
Privacy professionals

That Google email look real? Don't click - it might be scam. Here's how to tell

Web frameworks
fromThe Hacker News
2 months ago

Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure

A critical vulnerability in Apache Tomcat enables remote code execution and information disclosure, with active exploitation noted shortly after its disclosure.
Information security
fromZDNET
2 days ago

Is your Asus router part of a botnet? How to check - and what you can do

Asus routers faced a significant security breach, impacting thousands as cybercriminals exploited vulnerabilities and established persistent backdoors.
fromZDNET
1 month ago
Privacy professionals

That Google email look real? Don't click - it might be scam. Here's how to tell

more#cybersecurity
fromTechzine Global
5 days ago

Exploit details of serious Cisco IOS XE vulnerability now public

Cisco disclosed a critical vulnerability in IOS XE software for Wireless LAN Controllers that enables unauthenticated attackers to upload files and execute commands with root privileges.
Information security
fromTheregister
2 weeks ago

OpenPGP.js bug enables encrypted message spoofing

The vulnerability discovered in OpenPGP.js enables spoofing of both signed and encrypted messages, undermining the purpose of public key cryptography.
Privacy professionals
#remote-code-execution
Information security
fromSecuritymagazine
1 month ago

Devices exposed to remote hacking via Erlang/OTP SSH vulnerability

Erlang/OTP's SSH implementation has a critical vulnerability allowing remote code execution without authentication, requiring urgent attention and action from security teams.
Information security
fromSecuritymagazine
1 month ago

Devices exposed to remote hacking via Erlang/OTP SSH vulnerability

Erlang/OTP's SSH implementation has a critical vulnerability allowing remote code execution without authentication, requiring urgent attention and action from security teams.
more#remote-code-execution
#nextjs
Information security
fromInfoWorld
2 months ago

Warning for developers, web admins: update Next.js to prevent exploit

Next.js vulnerability allows trivial authentication bypass, potentially exposing sensitive features to unauthorized users.
Information security
fromInfoWorld
2 months ago

Warning for developers, web admins: update Next.js to prevent exploit

Next.js vulnerability allows trivial authentication bypass, potentially exposing sensitive features to unauthorized users.
more#nextjs
Apple
fromCreative Bloq
2 months ago

Apple issues urgent warning - update your iPhone now to stay safe

iPhone users must update to iOS 18.3.3 to avoid security risks associated with iOS 18.3.2.
Privacy technologies
fromTechCrunch
3 months ago

Exclusive: Stalkerware apps Cocospy and Spyic are exposing phone data of millions of people

A security vulnerability in Cocospy and Spyic apps exposes personal data of millions unknowingly monitored users.
Sensitive personal data can be accessed due to flaws in phone-monitoring spyware.
fromThe Hacker News
5 months ago

Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

An attacker can pollute the legitimate image by providing a package list that causes the hash collision, enabling exploitation of the ASU feature.
Information security
Information security
fromThe Hacker News
10 months ago

Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform

A vulnerability named ConfusedFunction allows attackers to escalate privileges in Google Cloud Functions and access unauthorized data.
Google has updated Cloud Build to prevent misuse post-responsible disclosure.
[ Load more ]