vulnerabilities

A vulnerability that permits bypassing authentication has been found in a popular security hardening plugin for WordPress.

Exploitation of vulnerability CVE-2024-43451 allows an attacker to steal an NTLMv2 hash with minimal interaction from the victim.

A vulnerability in Kia’s web portal made it possible to hack cars and track their owners. All you needed was the car’s VIN number or just its license plate number.

Recent research describes a method for snooping on what Apple Vision Pro users enter on the virtual keyboard.

A guide to securely setting up the free office suite for organizations.

Researchers have discovered several potential attack vectors targeting bicycles fitted with Shimano Di2 wireless gear-shifting system.

Windows Downdate is an attack that can roll back updates to your OS to reintroduce vulnerabilities and allow attackers to take full control of your system. How to mitigate the risk?

How to protect the less obvious parts of your IT infrastructure (and from what) — from printers and video surveillance kit to insulin pumps.

A zero-day vulnerability actively exploited by attackers has been discovered in Internet Explorer — the browser that Microsoft supposedly laid to rest over a year ago.

Someone is targeting security experts using an archive that allegedly contains an exploit for the regreSSHion vulnerability.

The JavaScript CDN service Polyfill.io has started spreading malicious code. Remove the service’s script from your website.

A new vulnerability allows remote attackers to gain root privileges on Linux servers. How easy is it for CVE-2024-6387 to be exploited – and how to prevent it

Based on our analysis of ZKTeco vulnerabilities, we dissect the risks associated with biometric authentication.

Today we discuss which services and applications should be patched first, and what attackers are focusing on.

Kaspersky ICS-CERT experts have discovered several critical vulnerabilities in Telit Cinterion M2M modems, which are used in millions of devices.

A backdoor implanted into XZ Utils has found its way into popular Linux distributions.

We review a recent research paper highlighting a major hardware vulnerability in Apple M1, M2, and M3 CPUs.

Commercial spyware — what it is, how it infiltrates devices, what it can do once inside, and how to defend against it.

Our experts found that a popular children’s toy robot contained vulnerabilities allowing malicious actors to make video calls to it, steal the parental account, and modify the firmware.

A look at the biggest ransomware attacks of 2023.

The KeyTrap DoS attack, which can disable DNS servers with a single malicious packet exploiting a vulnerability in DNSSEC.