#securityflaw

Pure Tech

@puretech.news

1 month ago

I took apart the new AirTag 2 and found a serious flaw in Apple's popular tracker I disabled the new AirTag's speaker in two minutes with just one tool. Here's why that's a major problem.

I took apart the new AirTag 2 and found a serious flaw in Apple's popular tracker #Technology #Hardware #Other #AirTag2 #Apple #SecurityFlaw

www.zdnet.com/article/apple-airtag-2-p...

iT4iNT SERVER

@it4intserver.bsky.social

2 months ago

Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to Patchstack. The vulnerability, tracked as CVE-2026-23550 (CVSS score: 10.0), has been described as a case of unauthenticated privilege escalation impacting all versions of the plugin prior to and including 2.5.1. It has been patched in version 2.5.2. The plugin

iT4iNT SERVER Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access VDS VPS Cloud #WordPress #SecurityFlaw #CyberSecurity #AdminAccess #Vulnerability

umut

@thelawnmoverman.bsky.social

5 months ago

In Turkey, over 8,000 premature births were forced in a private hospital. this is not medicine. this is a crime aganist humanity.

In Turkey, over 8,000 premature births were forced in a private hospital. this is not medicine. this is a crime aganist humanity.

#privacybreach #securityflaw #justice #undergroundcomix #glitchart #cyberpunk #neonnoir #vhs #mmmunderground #WritersBlockInc #Sinedrom #noir #indieart #zineculture #streetart #diy #grunge #aesthetic #design #art #coverup

Pure Tech

@puretech.news

5 months ago

Redis Warns of Critical Flaw Impacting Thousands of Instances An anonymous reader quotes a report from BleepingComputer: The Redis security team has released patches for a maximum severity vulnerability that could allow attackers to gain remote code execution on...

Redis Warns of Critical Flaw Impacting Thousands of Instances #Technology #Cybersecurity #Redis #SecurityFlaw #CriticalVulnerability

Korea JoongAng Daily

@koreajoongangdaily.com

5 months ago

"Top tier" security? Not quite, says KCA about Chinese robot vacuums Even though they are marketed with slogans like “Top-tier security,” “Safe two-way communication” and “Trust the No. 1 in protection,” Chinese-made robot vacuums were found to have serious security…

Chinese-made robot vacuums marketed with slogans like “Top-tier security,” “Safe two-way communication” and “Trust the No. 1 in protection” have been found to contain serious security flaws, according to the Korea Consumer Agency. #robotvacuum #securityflaw

buff.ly/VBFmcR9

GetNews.me

@getnews-me.bsky.social

5 months ago

Neon Call‑Recording App Shuts Down After Security Flaw Exposes User Data

Neon, a call‑recording app, shut down after a security flaw let logged‑in users see others' phone numbers and recordings, reported by TechCrunch on September 25 2025. getnews.me/neon-call-recording-app-... #neon #securityflaw

Profit Trading USA

@profittradingusa.bsky.social

7 months ago

Security flaw found, fixed that could have left millions of Dell laptops vulnerable, researchers say By AJ Vicens (Reuters) -A flaw in the chips used to secure tens of millions of Dell (NYSE:DELL) laptops could have given attackers the ability to steal sensitive data as well as maintain access even after a fresh operating system install, researchers with Cisco (NASDAQ:CSCO) Talos said Tuesday. The previously unreported analysis, validated by Dell in a June security advisory, affected more than 100 models of Dell laptops, according to the company, and targeted a chip in the computer that stores passwords, biometric data and security codes, and installs fingerprint, smartcard and near-field communications drivers and firmware. There is no indication that the vulnerabilities have been exploited in the wild, according to the researchers, and Dell issued patches for the devices in March, April and May, with an overall security advisory published June 13. The vulnerabilities are specific to the Broadcom (NASDAQ:AVGO) BCM5820X chip used by Dell in its ControlVault security firmware and software. The flaw affects laptop models common in the cybersecurity industry and government settings, according to Philippe Laulheret, the senior vulnerability researcher at Cisco Talos who discovered and led the analysis. “Sensitive industries that require heightened security when logging in (via smartcard or NFC) are more likely to find ControlVault devices in their environment,” Laulheret wrote in a blog published Tuesday ahead of a presentation of the analysis at the Black Hat security conference in Las Vegas scheduled for August 6. The findings highlight the need for more security research focused on computer hardware tasked with handling biometrics and other sensitive data, said Nick Biasini, head of outreach at Cisco Talos. “These concepts of secure enclaves and using biometrics and these various other types of technologies are getting more and more widespread,” Biasini said. “It’s becoming commonplace on devices but it also introduces a new attack surface." A spokesperson for Dell said in a statement that the company addressed the issues “quickly and transparently,” and directed customers to the June 13 advisory. “As always, it is important that customers promptly apply security updates that we make available and move to supported versions of our products to ensure their systems remain secure,” the spokesperson said. Broadcom declined to comment.

Click Subscribe #CyberSecurity #DellLaptops #Vulnerability #TechNews #SecurityFlaw

Rene Robichaud

@neroqc.bsky.social

7 months ago

Apple patches security flaw exploited in Chrome zero-day attacks Apple has released security updates to address a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users.

Apple patches security flaw exploited in Chrome zero-day attacks
www.bleepingcomputer.com/news/securit...

#Infosec #Security #Cybersecurity #CeptBiro #Apple #SecurityFlaw #Chrome #ZeroDayAttacks

@emergingtechnews.bsky.social

7 months ago

Google AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act Google AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyb...

#Google revealed that its #LLM-assisted vulnerability discovery framework #discovered a #SecurityFlaw in the #SQLite open-source database engine before it could have been exploited in the wild. thehackernews.com/2025/07/goog...

Aaj News

@aajnews.bsky.social

9 months ago

'ایکو لیک' نے سیکیورٹی ماہرین کو چونکا دیا،ہیکرز پالیسیز کو بائی پاس کرنے میں کامیاب ہو گئے
مزید پڑھیئے: www.aaj.tv/news/30465288
#AajNews #AISecurity #AIAgents #SecurityFlaw #cyberrisk

@xstreamfm.bsky.social

9 months ago

DoorDasher drives onto tarmac Chicago's O'Hare Airport, exposing security flaw Newly obtained video shows a DoorDash driver's attempt to deliver food to a customer at Chicago's O'Hare International Airport last month not only breached perimeter security but also failed to trigger an immediate response.

WHNT 19Alabama News Beacon #DoorDash #SecurityFlaw #Chicago

Winbuzzer

@winbuzzer.com

10 months ago

Windows Remote Desktop Protocol Allows Revoked Passwords; Microsoft Calls it a Feature - WinBuzzer Microsoft has confirmed that its Remote Desktop Protocol allows logins with revoked passwords due to local caching, calling it intentional design despite security backdoor concerns.

Windows Remote Desktop Protocol Allows Revoked Passwords; Microsoft Calls it a Feature

#Cybersecurity #Windows11 #RDP #Microsoft #SecurityFlaw #PasswordSecurity #InfoSec #CachedCredentials #WindowsSecurity #SysAdmin

winbuzzer.com/2025/05/01/w...

Hacker News Companion

@hncompanion.com

10 months ago

6/12 "The core problem is that older systems never proved distance..." - H8crilA. Older systems only proved connectivity, making them vulnerable to relay attacks. #securityflaw #relayattack #carhacking

Pure Tech

@puretech.news

10 months ago

A critical Erlang/OTP security flaw is Security researchers find a 10/10 flaw in Erlang/OTP SSHHorizon3 Attack Team says the flaw is

A critical Erlang/OTP security flaw is "surprisingly easy" to exploit, experts warn - so patch now #Technology #Cybersecurity #ErlangOTP #SecurityFlaw #PatchNow

CySecurity News

@cysecuritynews.bsky.social

11 months ago

WinRAR Bug Circumvents Windows Mark of Web Security Notifications.  A security flaw in the WinRAR file archiver solution might be used to circumvent the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows computer. The vulnerability is known as CVE-2025-31334 and impacts all WinRAR versions except the most recent release, 7.11.  Mark of the Web is a security mechanism in Windows that uses a metadata value (an additional data stream called 'zone-identifier') to identify potentially dangerous files downloaded from the internet. When you launch an executable with the MotW tag, Windows informs you that it was obtained from the internet and can be risky, and you can choose whether to continue or terminate it. Symlink to executable The CVE-2025-31334 flaw allows an attacker to circumvent the MotW security warning when opening a symbolic link (symlink) to an executable file in any WinRAR version prior to 7.11. Using a specially designed symbolic link, an attacker can execute arbitrary code. It should be noted that on Windows, symlinks can only be generated with administrator privileges.  The security flaw received a medium severity score of 6.8 and was fixed in the latest version of WinRAR, according to the applications change log: “If symlink pointing at an executable was started from WinRAR shell, the executable Mark of the Web data was ignored” - WinRaR.  Shimamine Taihei of Mitsui Bussan Secure Directions reported the vulnerability to the Information Technology Promotion Agency (IPA) in Japan. The responsible disclosure was organised by Japan's Computer Security Incident Response Team with the developer of WinRAR. Starting with version 7.10, WinRAR allows you to remove information from the MotW alternative data stream (such as location and IP address) that could be deemed a privacy issue. Cybercriminals, including state-sponsored ones, have previously used MotW bypasses to transmit malware without triggering the security warning.  Recently, Russian attackers exploited a vulnerability in the 7-Zip archiver that did not propagate the MotW when double archiving (archiving one file within another) to launch the Smokeloader malware dropper.

WinRAR Bug Circumvents Windows Mark of Web Security Notifications. #MarkoftheWeb #Securityflaw #Symlink

The DefendOps Diaries

@defendopsdiaries.bsky.social

11 months ago

Understanding the 'inetpub' Folder: A Security Update Mystery | The DefendOps Diaries Explore the mystery of the 'inetpub' folder's appearance after a Windows security update and its security implications.

Noticed an unexpected 'inetpub' folder on your Windows PC? Microsoft’s latest update is creating it to tackle a serious security flaw. Curious how a routine update turned into a security mystery?

#inetpub
#windowsupdate
#securityflaw
#microsoft
#cve202521204

CyberTaters

@potato.software

11 months ago

WinRAR security flaw ignores Windows Mark of the Web security warnings #Technology #Potatosecurity #WinRAR #SecurityFlaw #MarkOfTheWeb

Pure Tech

@puretech.news

11 months ago

WinRAR security flaw ignores Windows Mark of the Web security warnings WinRAR users not running the latest version are subject to a security flaw that's capable of ignoring the Windows Mark of the Web security warnings.

WinRAR security flaw ignores Windows Mark of the Web security warnings #Technology #Cybersecurity #WinRAR #SecurityFlaw #MarkOfTheWeb

The Nimble Nerd - BREAKING NEWS

@nimblenerd.social

1 year ago

Cisco IOS XR Vulnerability: The BGP Bug That Crashed the Party! A Cisco IOS XR flaw allows unauthenticated attackers to crash the BGP process on routers with a well-aimed BGP update. If you ever wanted to take down a carrier-grade router with the precision of a pro bowler, now’s your chance—just keep your AS_CONFED_SEQUENCE under 254 or face a DoS strikeout.

Cisco IOS XR Vulnerability: The BGP Bug That Crashed the Party!

Cisco IOS XR flaw spells trouble for BGP processes. Learn how a crafty hacker could turn your router into a paperweight! #Cisco #IOSXR #BGP #SecurityFlaw
thenimblenerd.com?p=1039943

@william8000.bsky.social

1 year ago

Elon Musk’s DOGE website has been defaced because anyone can edit it Such security, much open.

Elon Musk’s DOGE website has been defaced because anyone can edit it www.theverge.com/news/612865/... #ButHerEmails #HerEmails #Insecure #InsecureDatabase #SecurityFlaw #DOGE #SensitiveFinancialData #PersonalInformation #PrivateServer #Cloudflare

The DefendOps Diaries

@defendopsdiaries.bsky.social

1 year ago

Google Fixes Flaw That Could Unmask YouTube Users' Email Addresses | The DefendOps Diaries Google patches a flaw exposing YouTube users' emails, highlighting critical privacy risks and the need for robust cybersecurity measures.

Google Fixes Flaw That Could Unmask YouTube Users' Email Addresses

thedefendopsdiaries.com/google-fixes...

#google
#youtube
#cybersecurity
#privacy
#api
#securityflaw
#emailprotection
#infosec
#dataprotection
#vulnerability

CyberMaterial

@cybermaterial.bsky.social

1 year ago

🚨 Researchers Expose Security Flaw in Abandoned AWS S3 Buckets

#CyberSecurity #InfoSec #AWS #DataProtection #Hacking #CloudSecurity #TechNews
#DigitalSecurity #SecurityFlaw #CyberAttack

Chris Barylick

@poingferret.bsky.social

1 year ago

Wiz Research locates, publishes information as to DeepSeek security flaw As nifty and attention-garnering as the Chinese AI chatbot DeepSeek may be, there may be some security concerns associated with it. A group known as Wiz Research has discovered an issue wherein more…

Wiz Research locates, publishes information as to DeepSeek security flaw

www.powerpage.org/wiz-research...

#Apple #AI #ChatpGPT #WizResearch #DeepSeek #hack #privacy #security #authentication #encryption #publish #securityflaw #flaw #bug #China

CySecurity News

@cysecuritynews.bsky.social

1 year ago

TPM-Equipped Devices Trigger Warnings Due to a Windows BitLocker Flaw  Microsoft is examining a flaw that activates security alerts on systems equipped with a Trusted Platform Module (TPM) processor after enabling BitLocker.  A Windows security feature called BitLocker encrypts storage discs to guard against data leakage or…

TPM-Equipped Devices Trigger Warnings Due to a Windows BitLocker Flaw #Bitlocker #Securityflaw #TPM

Cybersecurity News Everyday

@hendryadrian.bsky.social

1 year ago

#SecurityFlaw #Microsoft #USA #CybersecurityNews New vulnerability CVE-2024-7344 in UEFI Secure Boot exposes systems to bootkit attacks, compromising Microsoft-signed applications. Patch is crucial to mi... www.hendryadrian.com/new-uefi-secure-boot-fla...

ReconBee

@reconbee.bsky.social

1 year ago

Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers system firmware to "brick" the device read more about Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers

Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers reconbee.com/researchers-...

#researchers #securityflaw #Illumina #iseq #DNA #CybersecurityNews #cybersecurity

Winbuzzer

@winbuzzer.com

1 year ago

Critical Microsoft MFA Loophole Exposed Millions of User Accounts - WinBuzzer A flaw in Microsoft Azure multi-factor authentication allowed attackers to brute-force accounts, exposing data in Teams, OneDrive, and more.

A flaw in Microsoft Azure multi-factor authentication allowed attackers to brute-force accounts, exposing data in Teams, OneDrive, and more. #Microsoft #Cybersecurity #MFA #Authentication #Microsoft365 #Azure #Infosec #CloudSecurity #SecurityFlaw #Passwordless #CyberThreats

cyb3rint3l

@cyb3rint3l.bsky.social

1 year ago

NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise Critical flaws in Palo Alto GlobalProtect and SonicWall NetExtender VPNs enable remote code execution. Patch now!

NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise

#paloalto #sonicwall #vpn #securityflaw #remotecodexecution

thehackernews.com/2024/12/nach... via @thehackernews.bsky.social

CyberTaters

@potato.software

1 year ago

WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks
themashernews.com/2024/10/word...
#Infosec #Security #Potatosecurity #CeptBiro #WordPress #LiteSpeedCachePlugin #SecurityFlaw #XSSAttacks

Rene Robichaud

@neroqc.bsky.social

1 year ago

WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks LiteSpeed Cache plugin vulnerability (CVE-2024-47374) exposes WordPress sites to XSS attacks. Update to version 6.5.1 now.

WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks
thehackernews.com/2024/10/word...
#Infosec #Security #Cybersecurity #CeptBiro #WordPress #LiteSpeedCachePlugin #SecurityFlaw #XSSAttacks