New 7-Zip security flaw could put hundreds of millions of systems at risk
The situation is bad, but a software update is already available
Vulnerability articles
Google accidentally published a four-year-old Chromium security bug, then tried to hide it again
Discovered in 2022 and rated high priority, it still hasn't been fixed
Facepalm: The open-source Chromium project provides the foundation for Google Chrome and many other popular web browsers like Microsoft Edge, Opera, and Brave. When a serious security flaw is discovered in the shared codebase, it can quickly become a widespread threat affecting millions of devices across multiple computing platforms.
A security researcher says Microsoft secretly built a backdoor into BitLocker, releases an exploit to prove it
YellowKey exploit bypasses BitLocker full volume encryption via USB stick and WinRE
Newly disclosed "Dirty Frag" vulnerability left Linux exposed for nearly a decade
Another massive support headache for the Linux world
Facepalm: The open-source community is once again facing a major security incident tied to an "unprecedented" vulnerability. The new flaw could give attackers a reliable way to escalate user privileges, and no patch is available yet. Fortunately, the mitigation process is relatively straightforward. Still, kernel developers are already growing frustrated with the seemingly endless stream of critical bugs.
"Copy Fail" is a rare Linux bug that can turn an unprivileged user into a root admin in seconds
Affects virtually every Linux distro released in the past nine years, and working exploits were on GitHub within 24 hours
Facepalm: Security researchers recently unveiled "Copy Fail," a bug that could potentially bring the entire Linux ecosystem to a screeching halt. The flaw can be reliably exploited across all Linux-based systems, both on local machines and in cloud environments. Vendors are now scrambling to patch the issue.
Researchers warn Microsoft Defender vulnerability is already being exploited
The "Red Sun" flaw can overwrite system files and grant elevated access through Defender's file handling behavior
New Rowhammer attack can grant kernel-level control on Nvidia workstation GPUs
ECC offers only limited protection
New "Zombie ZIP" attack can evade most antivirus scanners
However some experts argue the technique is not a true security flaw
Hackers are selling a critical Windows zero-day exploit for $220,000 on the dark web
Another day, another Windows zero-day being exploited in the wild
Mozilla says Claude AI uncovered over 100 Firefox bugs in just two weeks, including 14 high-severity flaws
Apparently AI can accelerate both attacks and defenses in computer security
Hackers can now track your car's location through tire pressure sensors
$100 DIY device can intercept TPMS data from 50 meters away
A developer accidentally gained control of more than 10,000 DJI devices
Vibe-coded remote control app revealed camera feeds, floor plans, and more from 24 countries
New study finds security gaps in Bitwarden, LastPass, and Dashlane
Zero-knowledge encryption doesn't fully protect popular password managers
OpenClaw (formerly Clawdbot) can manage your entire digital life, but it might leak your credentials
The assistant can browse the web, handle files, and even use your credit card
In brief: A new local AI assistant first popularized under the name "Clawdbot" is experiencing a surge in popularity because it fulfills many of the promises made by prior smart assistants and AI agents. However, its impressive range of capabilities requires full access to the user's device, files, and login credentials – and security researchers have found gaping vulnerabilities.
Patched WinRAR vulnerability remains a favorite tool for hackers and spies
When a dangerous n-day security vulnerability becomes a commodity
Critical vulnerability in React JS framework has a near 100% chance to be exploited
A "perfect ten" security flaw that requires immediate patching on web servers
FFmpeg thanks Google for the bug reporting, now asks where the funding is
Volunteer maintainers are struggling to keep pace with AI-generated bug reports
Europe fears Chinese EV buses on its roads could be shut down remotely
Officials warn OTA systems could be a potential vulnerability for remote shutdowns
Critical vulnerability in AMD Zen 5 CPUs could make encryption keys predictable
AMD is rolling out patches for some affected CPUs
OpenAI's ChatGPT Atlas is vulnerable to prompt injection attacks within the omnibox
No strict boundaries for untrusted user inputs mean a massive security flaw for agentic browsers
Which tech company launched the world's first bug bounty program?
Was is Mozilla, Google, Microsoft?
Seduction is the new spyware: US tech startups are now the target of "sex warfare"
The spy who shagged me?
Mail-order spies: Tech companies employ some of the most robust network security to protect against IP theft. However, no amount of network security protects against theft from within. While corporate espionage is largely digital these days, good old-fashioned infiltration is still in use. China and Russia increasingly use sexual honeypots to compromise employees and gain access to sensitive technology.
Microsoft blocks one-click IE Mode launch in Edge after browser exploits emerge
Researchers have already tracked malicious usage in the wild
Pixnapping attack lets malicious apps steal sensitive data from Android devices
The attack works, but requires a lot of "ifs" to properly achieve its goal
Two critical flaws put 7-Zip users at risk of remote code execution
Updated versions are available, but users need to manually install the latest release ASAP