Security News

The GoFetch vulnerability found on Apple M-series and Intel Raptor Lake CPUs has been further unpacked by the researchers who first disclosed it. DMPs are present on all Apple M-series CPUs and Intel's Raptor Lake processors, and the dedicated website for GoFetch now shows how exactly the exploit is carried out.

Around 3 million doors protected by popular keycard locks are thought to be vulnerable to security flaws that allow miscreants to quickly slip into locked rooms. Security researchers developed an exploit that applies to various Saflok keycard locks made by Swiss security company dormakaba, ones that are prevalent in hotels around the world, as well as properties of multiple occupancy.

Security researchers have released a proof-of-concept exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server software, which is now actively exploited in attacks.On Thursday, one week after Fortinet released security updates to address the security flaw, security researchers with Horizon3's Attack Team published a technical analysis and shared a proof-of-concept exploit that helps confirm if a system is vulnerable without providing remote code execution capabilities.

New research has discovered over 800 packages in the npm registry which have discrepancies from their registry entries, out of which 18 have been found to exploit a technique called manifest...

Proof-of-concept exploit code for a critical RCE vulnerability in Fortra FileCatalyst MFT solution has been published.Fortra FileCatalyst is an enterprise managed file transfer software solution that includes several components: FileCatalyst Direct, Workflow, and Central.

The ransomware actor 'ShadowSyndicate' was observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aiohttp Python library. On January 28, 2024, aiohttp released version 3.9.2, addressing CVE-2024-23334, a high-severity path traversal flaw impacting all versions of aiohttp from 3.9.1 and older that allows unauthenticated remote attackers to access files on vulnerable servers.

A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. The flaw tracked as CVE-2024-21412 is a Windows Defender SmartScreen flaw that allows specially crafted downloaded files to bypass these security warnings.

A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. According to Sucuri, the campaign has infected...

Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and...

A financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically breach edge devices and public-facing...