Patch now: 1,300 Harbor cloud registries open to attack
Have you heard that a severe critical privilege escalation vulnerability has been found in Harbor open-source registry software? Learn more:
Have you heard that a severe critical privilege escalation vulnerability has been found in Harbor open-source registry software? Learn more:
Are you a phpMyAdmin user? A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin—one of the most popular applications for managing the MySQL and MariaDB databases. Learn more:
Are you a Chromebook user? Google has discovered a serious flaw in a Chromebook security feature which allows owners to press their device’s power button to initiate U2F two-factor authentication (2FA). Learn more:
Are you a Chromebook user? If so, make sure you have updated to Chrome OS 75 or later to receive a fix for a vulnerability in a "built-in security key" feature. Learn more:
A ‘critical’ security vulnerability has been discovered in the Exim mail server that requires admins’ urgent attention. Learn more about the flaw and how to protect your servers:
Are you an Exim user? Have you heard that Exim has been impacted by its second major bug this summer? Learn more:
A security flaw in Google Chrome allows an attacker to eventually take control a vulnerable host, and Google recommends users to deploy a patch as soon as possible. All versions of the browser are affected, including Google Chrome for Linux. Learn more:
Are you a Google Chrome user? If so, have you heard about the system-controlling Chrome bug in Blink? Get the details:
Have you heard that the Red Hat Enterprise Linux 6 and CentOS 6 GNU/Linux operating systems have received an important Linux kernel security update that addresses several critical vulnerabilities and fixes various bugs? Learn more about this update:
Neglecting basic security practices exposes companies to long-standing security threats. Learn what you can do to mitigate the risk that security vulnerabilities pose to your business:
Are you an Apache Struts user who follows security advisories? If so, they may be giving you a false sense of security.
Have you heard that Netflix hasidentifiedseveral denial of service (DoS) flaws in numerous implementations of HTTP/2, a popular network protocol that underpins large parts of the web? Exploiting them could make servers grind to a halt. These vulnerabilities affect various Linux distributions and open-source vendors and projects. Learn the details in this article:
All major BIOS vendors, along with the likes of AMD, Nvidia, Intel, Huawei, and many others, are offering drivers that have serious security issues. A new report, called Screwed Drivers, from Eclypsium, revealed the worrying extent of the problem.
The feature that a researcher discovered could be used to execute malicious code had no actual use case.
If you are running a KDE desktop environment on your Linux operating system, you need to be extra careful and avoid downloading any ".desktop" or ".directory" file for a while.
The SWAPGS vulnerability can allow attackers to access contents of kernel memory addresses. Microsoft and Intel have coordinated on a mitigation.
Cisco Systems has agreed to pay $8.6 million to settle a lawsuit that accused the company of knowingly selling video surveillance system containing severe security vulnerabilities to the U.S. federal and state government agencies.
Security researchers have uncovered a security flaw in a popular home security camera which permits remote spying without any form of authentication.
Researchers have found 11 serious vulnerabilities in VxWorks, the world's most popular real-time operating system (RTOS) that powers over 2 billion devices including enterprise network firewalls and routers, industrial controllers and medical equipment. Many of the flaws allow attackers to take over devices remotely by just sending network packets, which make them particularly dangerous.
There has been a lot of confusion over the last few days after news spread of a supposedvulnerability in the media player VLC. Despite being labelled as "critical", VLC's developers, VideoLAN, denied there was a problem at all.