#security-vulnerability

[ follow ]
fromTheregister
3 days ago

OpenPGP.js bug enables encrypted message spoofing

The vulnerability discovered in OpenPGP.js enables spoofing of both signed and encrypted messages, undermining the purpose of public key cryptography.
Privacy professionals
#remote-code-execution
Information security
fromSecuritymagazine
1 month ago

Devices exposed to remote hacking via Erlang/OTP SSH vulnerability

Erlang/OTP's SSH implementation has a critical vulnerability allowing remote code execution without authentication, requiring urgent attention and action from security teams.
Web frameworks
fromThe Hacker News
2 months ago

Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure

A critical vulnerability in Apache Tomcat enables remote code execution and information disclosure, with active exploitation noted shortly after its disclosure.
Information security
fromSecuritymagazine
1 month ago

Devices exposed to remote hacking via Erlang/OTP SSH vulnerability

Erlang/OTP's SSH implementation has a critical vulnerability allowing remote code execution without authentication, requiring urgent attention and action from security teams.
Web frameworks
fromThe Hacker News
2 months ago

Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure

A critical vulnerability in Apache Tomcat enables remote code execution and information disclosure, with active exploitation noted shortly after its disclosure.
more#remote-code-execution
#phishing
fromZDNET
1 month ago
Privacy professionals

That Google email look real? Don't click - it might be scam. Here's how to tell

fromZDNET
1 month ago
Privacy professionals

That Google email look real? Don't click - it might be scam. Here's how to tell

more#phishing
#nextjs
Information security
fromInfoWorld
1 month ago

Warning for developers, web admins: update Next.js to prevent exploit

Next.js vulnerability allows trivial authentication bypass, potentially exposing sensitive features to unauthorized users.
Information security
fromInfoWorld
1 month ago

Warning for developers, web admins: update Next.js to prevent exploit

Next.js vulnerability allows trivial authentication bypass, potentially exposing sensitive features to unauthorized users.
more#nextjs
Apple
fromCreative Bloq
2 months ago

Apple issues urgent warning - update your iPhone now to stay safe

iPhone users must update to iOS 18.3.3 to avoid security risks associated with iOS 18.3.2.
#privacy
Privacy technologies
fromTechCrunch
3 months ago

Exclusive: Stalkerware apps Cocospy and Spyic are exposing phone data of millions of people

A security vulnerability in Cocospy and Spyic apps exposes personal data of millions unknowingly monitored users.
Sensitive personal data can be accessed due to flaws in phone-monitoring spyware.
Privacy technologies
fromTechCrunch
3 months ago

Exclusive: Stalkerware apps Cocospy and Spyic are exposing phone data of millions of people

A security vulnerability in Cocospy and Spyic apps exposes personal data of millions unknowingly monitored users.
Sensitive personal data can be accessed due to flaws in phone-monitoring spyware.
more#privacy
fromThe Hacker News
5 months ago

Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

An attacker can pollute the legitimate image by providing a package list that causes the hash collision, enabling exploitation of the ASU feature.
Information security
Information security
fromThe Hacker News
9 months ago

Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform

A vulnerability named ConfusedFunction allows attackers to escalate privileges in Google Cloud Functions and access unauthorized data.
Google has updated Cloud Build to prevent misuse post-responsible disclosure.
[ Load more ]