Two exploits are threatening Secure Boot, but Microsoft is only patching one of them
The security standard keeps on failing, spectacularly
Vulnerability articles
Intel releases patches to fix security vulnerabilities in its CPUs, GPUs, and gaming software
Severity levels of the now-fixed issues were rated between medium and high
European Union public vulnerability database enters beta phase
Europe has a backup plan in case the CVE system tanks
Google research exposes ongoing global risk from zero-day vulnerabilities
Traditional targets are becoming more secure, while government-backed hackers are feasting
Researchers find numerous Apple AirPlay vulnerabilities allowing "wormable" exploits over Wi-Fi
Apple already issued patches, so be sure to update your systems immediately
In brief: Security researchers have uncovered a wide-ranging set of vulnerabilities in Apple's AirPlay protocol that could allow attackers to hijack Apple and third-party devices remotely without user interaction. The exploit chain, dubbed "AirBorne," includes 23 individual bugs – 17 with official CVEs – and enables zero-click remote code execution on vulnerable systems.
The US almost let the CVE system die - the cybersecurity world's universal bug tracker
A last-minute funding extension saved the system–but only for 11 months
New approach from DeepMind partitions LLMs to mitigate prompt injection
Secure interpreter tracks data flow to block unsafe actions triggered by manipulated text
Microsoft's latest Windows security update creates an empty folder you should not delete
It's unclear how an empty folder helps prevent security flaws
AMD confirms Zen 5 silicon is also vulnerable to "EntrySign" BIOS microcode bug
A delay in acknowledgment, but at least the fix is out
Oracle buried serious data breach from customers, now hacker has it up for sale
Company remains quiet since denying the attack, even after researchers conclude the breach is real
Federal agents confirm LastPass breach linked to massive cryptocurrency heists
The LastPass breach is tied to a $150 million crypto theft
Google researchers uncover critical security flaw in all AMD Zen processors
Google has released an open-source jailbreak toolkit to deploy custom microcode patches on vulnerable CPUs
Researchers uncover hidden 'backdoor' in widely used ESP32 microchip
Over a billion devices worldwide contain this chip
Google calls for industry-wide memory safety standards to enhance software security
Mountain View issues a call to arms against memory buffer issues
US cyber defense agency urges developers to eliminate buffer overflow vulnerabilities
"Secure by design" is the new way forward
Apple patches actively exploited zero-day vulnerability on iOS devices
The release also introduces new features powered by Apple Intelligence
AMD confirms microcode vulnerability revealed in beta BIOS update
Thankfully, there is a high bar for exploitation
Subaru vulnerability exposed millions of cars to remote hacking and tracking
"You can retrieve at least a year's worth of location history for the car, where it's pinged precisely"
iPhone USB-C is hackable, but users don't need to worry yet
Code execution, electromagnetic fault injection, and firmware dumping are possible
D-Link won't patch its older VPN routers, leaving critical vulnerability unaddressed
Instead, it is offering a 20% discount on a newer model
A hot potato: D-Link is strongly recommending that users of its older VPN routers replace the devices following the discovery of a serious remote code execution (RCE) vulnerability. As the models have reached their end of life and end of support dates, they won't be patched to protect against the flaw.
D-Link will not fix a critical vulnerability in discontinued NAS devices
A security risk for thousands of internet-connected devices
New attack methods work against Spectre mitigations in modern PC CPUs
Speculation barriers don't work as intended
Facepalm: Spectre-based flaws are still causing some security issues in recent Intel and AMD CPUs. A newly developed attack can bypass protection "barriers" OEMs added to avoid personal data leakage. However, microcode and system updates should already be available for affected systems.
Security expert uncovers widespread vulnerabilities in US voting and government systems
Hackers can manipulate court records and voter databases, researcher reveals
PKfail security flaw is far more extensive than initially thought
Facepalm: Binarly analysts have issued a new warning just a couple of months after unveiling a security issue related to compromised platform keys used to enforce Secure Boot protection. The PKfail problem affects a significantly larger pool of devices and brands, and is not limited to firmware products developed by AMI.
Major TSA security flaw exposed, simple SQL vulnerability could have allowed access to airplane cockpits
An attacker could have added fake pilots to the roster using SQL injection