Vulnerability articles
AMD reverses course, releases microcode update to fix Sinkclose flaw in Ryzen 3000 CPUs
CPUs from 2019 will be protected against the dangerous low-level vulnerability
Browsers are finally addressing 0.0.0.0 Day vulnerability
The vulnerability has persisted for nearly two decades
AMD's update strategy for the Sinkclose vulnerability leaves some processors unprotected
Some of the affected processors are relatively recent and still widely used
Researchers reveal "Sinkclose" vulnerability affecting nearly all AMD processors since 2006
What just happened? Security researchers at this year's Def Con have presented findings regarding a long-standing albeit recently discovered vulnerability in AMD processors called "Sinkclose." Though rather hard to exploit, the security flaw can potentially yield catastrophic results for any system unlucky enough to fall victim to it.
Ecovacs robot vacuums can be hijacked remotely to spy on you
Hacked machines can even propagate the attack to other nearby robots
Windows update flaw allows hackers to downgrade systems to vulnerable versions
Microsoft hasn't spotted an attack in the wild yet, but it will take time to develop a mitigation
What just happened? Another day, another security flaw discovered in Microsoft Windows. The latest arrives courtesy of research presented at the Black Hat security conference, which revealed a design flaw in the Windows Update architecture that allows critical OS components to be downgraded by manipulating the update process.
Sensitive data published through GitHub can be accessed even after being deleted
The service is working as intended, the company claims
Secure Boot rendered useless, over 200 PC models from different makers are affected
WTF?! If you thought your laptop, desktop, or server was protected by Secure Boot, think again. A new vulnerability dubbed "PKfail" has left Secure Boot wide open on hundreds of PC and devices across several major tech brands. Researchers at cybersecurity firm Binarly just dropped a bombshell report showing how a leaked cryptographic key has essentially nuked the security guarantees of Secure Boot for over 200 product models.
Samsung is rushing a critical patch to all Galaxy devices amid active exploitation
Millions of devices are vulnerable but a fix is coming soon
Microsoft Outlook users should update the client ASAP
Hackers can exploit Office vulnerability for remote access, fixed in latest update
These Linksys routers are likely transmitting cleartext passwords
Owners should change their SSID and password without using the Linksys app
New Intel CPU vulnerability discovered, no new mitigations planned for "Indirector"
Exploit is similar to Spectre but targets a different Intel security system
Microsoft releases patch to fix critical Wi-Fi flaw in Windows, Windows Server
The Wi-Fi vulnerability is dangerous for anyone who works on their computer in a public space
Microsoft's latest security update fixes a nasty remote code execution bug in Windows Wi-Fi driver
June's Patch Tuesday is mandatory for users travelling with their Windows PCs
Cracking the code: How researchers recovered millions from a decade-old, password-protected crypto wallet
A lost password proved to be a blessing in disguise
Finding the flaw: A cryptocurrency holder reached out to renowned hacker Joe Grand about two years ago for help in regaining access to an encrypted digital wallet on his computer reportedly containing about $2 million worth of Bitcoin. Grand turned down the offer. You see, Grand specializes in hardware skills and Michael stored his crypto in a software based wallet.
Security flaw in this TP-Link Archer router receives 10 out of 10 severity rating
Update TP-Link's Archer C5400X router now to fix remote takeover vulnerability
College students find exploit to run laundromat machines for free or add money to an account without paying
UC San Cruz students are NOT using this hack en masse... No really
Google issues yet another Chrome update to fix a high-severity, zero-day vulnerability
The world's leading web browser is also popular among cybercriminals
Negating all VPNs may have been possible since 2002
All operating systems except Android are vulnerable, and the only foolproof mitigation is Linux-only
WordPress plugin vulnerability poses severe security risk, allows for site takeovers
Millions of exploitation attempts were detected in under a month
Nearly all Chinese keyboard apps have encryption flaws, exposing millions of users to keylogging
iOS and Huawei apps found to be safe, but others could allow passive snooping
GPT-4 can exploit zero-day security vulnerabilities all by itself, a new study finds
A hot potato: GPT-4 stands as the newest multimodal large language model (LLM) crafted by OpenAI. This foundational model, currently accessible to customers as part of the paid ChatGPT Plus line, exhibits notable prowess in identifying security vulnerabilities without requiring external human assistance.
LG TV owners should update their firmware, webOS vulnerability found in a few models
Security bug could grant root access on TVs running webOS versions 4 through 7
New HTTP/2 vulnerability leaves servers in danger of devastating DoS attacks, even from a single TCP connection
Affected server administrators are urged to take immediate action