Researchers demo decades-old backdoors in encrypted radio systems used by police
Vendors have known of these vulnerabilities since the 90s but never said a word
Vulnerability articles
"Zenbleed" vulnerability puts AMD Ryzen users at risk of data theft
Zen 2 users could have their passwords and encryption keys stolen
Update your firmware immediately if you own one of these 19 Asus routers
Vulnerabilities could enable remote code execution and denial of service attacks
Thousands left vulnerable after severe weakness is discovered in home security system's mobile app
The bug was quickly fixed but calls into question the security of smart home mobile apps
Barracuda Networks has disclosed that hackers have been actively exploiting a severe zero-day for 8 months
Bad actors created backdoors into an undisclosed number of networks
Google reveals bug bounty program for its own Android apps like Chrome, Gmail and the search widget
The company paid $12 million to security researchers in 2022
Apple urges users to upgrade their devices immediately to patch three 'active' zero day exploits
The security patch was deployed using Apple's new Rapid Security Response automatic update system
Microsoft releases optional fix for actively exploited Secure Boot vulnerability
Why it matters: Microsoft has issued guidance for fixing a serious Secure Boot vulnerability that affects all Windows systems and is actively being exploited in the wild. Normally, this kind of issue would be patched via monthly servicing updates but the Redmond company has chosen a phased approach to reduce the risk of you or your organization ending up with devices that won't boot. The fix will require some manual steps for now, but will be applied automatically on all supported Windows systems starting next year.
Researchers discover new side-channel attack that works against Intel CPUs
The Swiss cheese of Chipzilla has more holes than we thought
HP prepping firmware update to fix critical security vulnerability in LaserJet printers
The bug could allow hackers to remotely access sensitive information
In a nutshell: Dozens of HP printers are vulnerable to a security issue that could potentially allow attackers to access sensitive information. The company is aware of the problem and is working on an update that will be rolled out later this year. In the meantime, HP is suggesting that users downgrade the firmware version of the affected models as a temporary workaround to mitigate the issue.
Researchers find severe vulnerabilities in garage door openers and other smart devices
The Department of Homeland Security advises users to change equipment immediately
Hackers put the triple whammy on a Tesla Model 3, remotely accessing several features
Tesla called the exploits "annoying" but not serious
You should update your Netgear Orbi router now and check for more patches soon
The latest firmware fixes three recent exploits, but a fourth remains unresolved
Google advises Android users to take action after finding 18 zero-day vulnerabilities in popular phones
All an attacker needs is the target's phone number
Bitwarden's password manager browser extension has a known exploit it hasn't addressed in five years (Update: fix coming)
PSA: Hackers can steal your username and password for a website using an embedded iframe. It's a weakness for all password managers, and most have addressed the flaw in various ways, including issuing warnings when users are on a login page with an iframe or not trusting subdomains. Bitwarden is the sole exception, having determined in 2018 that the threat was not significant enough to address.
Microsoft's Patch Tuesday for March 2023 provides security fixes for 83 bugs, 2 zero-day flaws
Russian hackers have been hard at work exploiting the latest Outlook zero-day flaws
Valve left a security flaw in Dota 2 for two years until someone tried to exploit it
An outdated build of the V8 JavaScript engine put players at risk
CryptoAPI bug makes 99% of Windows servers vulnerable
The newly released PoC code can exploit a flaw that was already patched in August
Researchers find serious vulnerabilities in cars and emergency vehicles, including BMW, Mercedes, Honda, Nissan, more
Attackers could have taken over fleets of police cars and ambulances
You should probably update your Netgear router ASAP
Two dozen security alerts in one day affecting many routers, range extenders, and Wi-Fi systems
Another critical, EternalBlue-like vulnerability threatens Windows machines worldwide
"Wormable" flaw could unleash the same chaos the world saw with WannaCry
Apple iOS 16.2, macOS 13.1, and concurrent updates include many security and feature updates
Apple introduces Freeform collaboration app, Apple Music karaoke, enhanced end-to-end iCloud encryption, and more
Hackers find a way to access your personal information and steal your car at the same time
All they need is your VIN, which is visible through your windshield
Google reports on a company selling spyware for Chrome, Firefox, and Windows Defender
Another company similar to RCS Labs and NSO Group
Security experts urge Chrome users to patch new zero-day exploit immediately
The finding marks the popular browser's 8th zero-day exploit of 2022