Apple doubles its top bug bounty to $2 million – payouts can now exceed $5 million
But Apple says only a rare few earn the top rewards
Vulnerability articles
Unity patches 8-year-old security flaw affecting thousands of games
Games have to be "rebuilt" on the patched engine rather than just pushing a fix out to end users
Trusted enclaves from Intel and AMD shown vulnerable to physical attacks
Academic teams bypass chip-level enclave protections with low-cost hardware
Supermicro servers hit by critical vulnerabilities that allow undetectable malware attacks
Supermicro is already testing a fix
New Faceplant attack exposes serious flaw in Windows Hello at Black Hat
Biometric data injection attack lets hackers instantly unlock victim accounts
Copeland refrigeration controllers hit by critical flaws threatening supermarkets and cold storage
Researchers warn flaws could disrupt global food supply chain
Claude for Chrome arrives despite 11% prompt injection success rate
Pilot program only exposes 1,000 premium users to security risk
Microsoft ends support for Office 2016 and 2019, leaving third-party patches as the only option
Don't throw your old Office installations away just yet, says 0patch
Dell patches critical "ReVault" vulnerabilities affecting millions of business PCs
A collection of five hardware-based vulnerabilities
ChatGPT vulnerability allows hidden prompts to steal Google Drive cloud data
A single "poisonous" document can cause massive damage
Nvidia workstation GPUs fall to first-ever GDDR6 Rowhammer bit-flip attack
Rowhammer jumps from CPU to GPU memory
Meet the 17-year-old who helped change Microsoft's bug bounty program
High school student helps strengthen Microsoft's digital defenses
Editor's take: At an age when most teenagers are just beginning to explore the possibilities of technology, one high school junior has already made a name for himself in the world of cybersecurity. Dylan, now 17, first caught the attention of Microsoft's Security Response Center at just 13, when he reported a critical vulnerability in Microsoft Teams. The discovery ultimately reshaped the company's bug bounty program and set Dylan on a unique professional path.
Critical flaw in AMI's MegaRAC firmware puts thousands of servers at risk
The bug is already being exploited by unknown state-sponsored hackers
Brother printer hack puts thousands of users at risk of remote takeover
Hackers can regenerate default administrator passwords after learning a device's serial number
Two exploits are threatening Secure Boot, but Microsoft is only patching one of them
The security standard keeps on failing, spectacularly
Intel releases patches to fix security vulnerabilities in its CPUs, GPUs, and gaming software
Severity levels of the now-fixed issues were rated between medium and high
European Union public vulnerability database enters beta phase
Europe has a backup plan in case the CVE system tanks
Google research exposes ongoing global risk from zero-day vulnerabilities
Traditional targets are becoming more secure, while government-backed hackers are feasting
Researchers find numerous Apple AirPlay vulnerabilities allowing "wormable" exploits over Wi-Fi
Apple already issued patches, so be sure to update your systems immediately
In brief: Security researchers have uncovered a wide-ranging set of vulnerabilities in Apple's AirPlay protocol that could allow attackers to hijack Apple and third-party devices remotely without user interaction. The exploit chain, dubbed "AirBorne," includes 23 individual bugs – 17 with official CVEs – and enables zero-click remote code execution on vulnerable systems.
The US almost let the CVE system die - the cybersecurity world's universal bug tracker
A last-minute funding extension saved the system–but only for 11 months
New approach from DeepMind partitions LLMs to mitigate prompt injection
Secure interpreter tracks data flow to block unsafe actions triggered by manipulated text
Microsoft's latest Windows security update creates an empty folder you should not delete
It's unclear how an empty folder helps prevent security flaws
AMD confirms Zen 5 silicon is also vulnerable to "EntrySign" BIOS microcode bug
A delay in acknowledgment, but at least the fix is out
Oracle buried serious data breach from customers, now hacker has it up for sale
Company remains quiet since denying the attack, even after researchers conclude the breach is real