Security News

Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine
2024-11-04 10:04

Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime)....

Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines
2024-10-08 16:26

Users searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads. "These...

Automattic blocks WP Engine’s access to WordPress resources
2024-09-26 13:51

WordPress.org has banned WP Engine from accessing its resources and stopped delivering plugin updates to websites hosted on the platform, urging impacted users to choose other hosting providers. [...]

WordPress.org denies service to WP Engine, potentially putting sites at risk
2024-09-26 01:45

That escalated quickly WordPress on Wednesday escalated its conflict with WP Engine, a hosting provider, by blocking the latter's servers from accessing WordPress.org resources – and therefore...

Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins
2024-07-25 05:47

Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins under specific circumstances. "An attacker could exploit a bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request without the body to the AuthZ plugin, which might approve the request incorrectly," the Moby Project maintainers said in an advisory.

Jet engine dealer to major airlines discloses 'unauthorized activity'
2024-02-12 17:15

Willis Lease Finance Corporation admitted that some internal processes have required workarounds to be developed so that it can continue to operate and service customers, without providing any specifics about what those workarounds entail.As is often the case with early-stage ransomware disclosures, the company appears to be reluctant to mention "Ransomware" or even "Attack" in its wording.