Negating all VPNs may have been possible since 2002
All operating systems except Android are vulnerable, and the only foolproof mitigation is Linux-only
Vulnerability articles
WordPress plugin vulnerability poses severe security risk, allows for site takeovers
Millions of exploitation attempts were detected in under a month
Nearly all Chinese keyboard apps have encryption flaws, exposing millions of users to keylogging
iOS and Huawei apps found to be safe, but others could allow passive snooping
GPT-4 can exploit zero-day security vulnerabilities all by itself, a new study finds
A hot potato: GPT-4 stands as the newest multimodal large language model (LLM) crafted by OpenAI. This foundational model, currently accessible to customers as part of the paid ChatGPT Plus line, exhibits notable prowess in identifying security vulnerabilities without requiring external human assistance.
LG TV owners should update their firmware, webOS vulnerability found in a few models
Security bug could grant root access on TVs running webOS versions 4 through 7
New HTTP/2 vulnerability leaves servers in danger of devastating DoS attacks, even from a single TCP connection
Affected server administrators are urged to take immediate action
Unpatchable Apple Silicon vulnerability could leak encryption keys
In brief: Hardware-based security flaws have become more frequent over the last several years but have mostly affected Intel and AMD processors. Now, Apple joins those ranks with a recently discovered vulnerability that causes Mac M-series CPUs to expose encryption keys. Since it is hardware-based, there is little users can do besides keeping macOS updated.
Ethical hackers show how to open millions of hotel keycard locks
Any NFC-enabled Android phone could forge a master key for every room in a hotel
In a nutshell: Over three million hotel room locks in 13,000 buildings in 131 countries are vulnerable to an exploit that lets attackers forge master keys for any door. Although the manufacturer of the affected locks is rolling out a fix, it's unclear when or if every impacted hotel will upgrade its systems.
Some QNAP NAS devices affected by a critical vulnerability, updates available right now
The company is once again scrambling to improve security of its network OSes
Google awarded $10 million in bug bounties last year, the second highest in the program's history
The largest single payout was $113,337
VMware forced to patch dangerous vulnerabilities in discontinued products
Flaws so severe, the company felt the need to update the now-abandoned ESXi hypervisor
AMD Ryzen CPUs are impacted by all of these serious vulnerabilities
A hot potato: All users with AMD Ryzen processors from the last few years should check and update their motherboard firmware ASAP, especially if they haven't done so since before 2023. AMD has published a detailed chart describing four severe security issues affecting server, desktop, workstation, HEDT, mobile, and embedded Zen CPUs. Recent BIOS updates have addressed most, but not all of the flaws.
Your favorite password manager could be exposing your credentials
AutoSpill is a security nightmare that affects even up-to-date Android devices
Use Rust or C#, abandon C++: Five Eyes agencies warn about memory safety in programming languages
Software developers need to step up their secure-by-design game, and fast
Google fixes critical Android flaw that could be exploited to hack your phone remotely
A total of 85 security vulnerabilities were patched in the December 2023 Android security bulletin
PSA: You should update your iPhone, iPad, or Mac now
Actively exploited WebKit zero days addressed for most Apple devices
Zyxel warns about new critical vulnerabilities found in its NAS devices
The Taiwanese company is in crisis mode once more because of some nasty security flaws
Intel knew about the Downfall CPU vulnerability but did nothing for five years, a new class action claims
PC buyers suffered degraded performance and want their money back
If you haven't updated WinRAR in the past few weeks, do so now
Versions older than 6.23 have a flaw that state-backed actors are exploiting
TP-Link Tapo smart bulb vulnerabilities could expose Wi-Fi passwords to attackers
Fixes will be released "in due course"
Ford owners using Sync 3 infotainment should turn off Wi-Fi
Wi-Fi driver vulnerability allows remote code execution
Microsoft finds critical vulnerabilities in equipment that could be used to shut down power plants
As if Zenbleed and Downfall security vulnerabilities weren't enough
Intel's Downfall mitigations take a significant toll on CPU performance, early testing reveals
To mitigate, or not to mitigate
Researchers suspect a neglected Exchange Server zero-day likely caused one of the UK's worst hacks
Microsoft is accused of dragging its feet, causing the personal information of 40 million voters to be exposed
'Inception' vulnerability could leak sensitive data on AMD Ryzen systems
The vulnerability could allow attackers to access sensitive information on affected PCs