Vulnerability articles
Ethical hackers show how to open millions of hotel keycard locks
Any NFC-enabled Android phone could forge a master key for every room in a hotel
In a nutshell: Over three million hotel room locks in 13,000 buildings in 131 countries are vulnerable to an exploit that lets attackers forge master keys for any door. Although the manufacturer of the affected locks is rolling out a fix, it's unclear when or if every impacted hotel will upgrade its systems.
Some QNAP NAS devices affected by a critical vulnerability, updates available right now
The company is once again scrambling to improve security of its network OSes
Google awarded $10 million in bug bounties last year, the second highest in the program's history
The largest single payout was $113,337
VMware forced to patch dangerous vulnerabilities in discontinued products
Flaws so severe, the company felt the need to update the now-abandoned ESXi hypervisor
AMD Ryzen CPUs are impacted by all of these serious vulnerabilities
A hot potato: All users with AMD Ryzen processors from the last few years should check and update their motherboard firmware ASAP, especially if they haven't done so since before 2023. AMD has published a detailed chart describing four severe security issues affecting server, desktop, workstation, HEDT, mobile, and embedded Zen CPUs. Recent BIOS updates have addressed most, but not all of the flaws.
Your favorite password manager could be exposing your credentials
AutoSpill is a security nightmare that affects even up-to-date Android devices
Use Rust or C#, abandon C++: Five Eyes agencies warn about memory safety in programming languages
Software developers need to step up their secure-by-design game, and fast
Google fixes critical Android flaw that could be exploited to hack your phone remotely
A total of 85 security vulnerabilities were patched in the December 2023 Android security bulletin
PSA: You should update your iPhone, iPad, or Mac now
Actively exploited WebKit zero days addressed for most Apple devices
Zyxel warns about new critical vulnerabilities found in its NAS devices
The Taiwanese company is in crisis mode once more because of some nasty security flaws
Intel knew about the Downfall CPU vulnerability but did nothing for five years, a new class action claims
PC buyers suffered degraded performance and want their money back
If you haven't updated WinRAR in the past few weeks, do so now
Versions older than 6.23 have a flaw that state-backed actors are exploiting
TP-Link Tapo smart bulb vulnerabilities could expose Wi-Fi passwords to attackers
Fixes will be released "in due course"
Ford owners using Sync 3 infotainment should turn off Wi-Fi
Wi-Fi driver vulnerability allows remote code execution
Microsoft finds critical vulnerabilities in equipment that could be used to shut down power plants
As if Zenbleed and Downfall security vulnerabilities weren't enough
Intel's Downfall mitigations take a significant toll on CPU performance, early testing reveals
To mitigate, or not to mitigate
Researchers suspect a neglected Exchange Server zero-day likely caused one of the UK's worst hacks
Microsoft is accused of dragging its feet, causing the personal information of 40 million voters to be exposed
'Inception' vulnerability could leak sensitive data on AMD Ryzen systems
The vulnerability could allow attackers to access sensitive information on affected PCs
New "Downfall" vulnerability can steal passwords and encryption keys, discovered in Intel CPUs from 2015 to 2019
Your sensitive data could be at risk
Researchers jailbreak Tesla using unpatchable AMD hardware flaw for free feature upgrades
TU Berlin researchers' voltage fault attack strikes again
Five Eyes intelligence agencies discloses the 12 top-exploited vulnerabilities of 2022
Cybercriminals are mostly interested in (ab)using older security flaws for their attacks
Microsoft criticized for security practices, the Azure platform is "worse than you think"
Redmond behaves in a "grossly irresponsible" way when dealing with dangerous vulnerabilities
Researchers demo decades-old backdoors in encrypted radio systems used by police
Vendors have known of these vulnerabilities since the 90s but never said a word
"Zenbleed" vulnerability puts AMD Ryzen users at risk of data theft
Zen 2 users could have their passwords and encryption keys stolen