Security News
On Wednesday, the KDE team warned Linux users to exercise "Extreme caution" when installing global themes, even from the official KDE Store, because these themes run arbitrary code on devices to customize the desktop's appearance. As KDE said, it currently lacks the resources to review the code used by each global theme submitted for inclusion in its official store.
Researchers disclosed vulnerabilities today that impact 3 million Saflok electronic RFID locks deployed in 13,000 hotels and homes worldwide, allowing the researchers to easily unlock any door in a hotel by forging a pair of keycards. As first reported by Wired, the researchers were invited to a private hacking event in Las Vegas, where they competed with other teams to find vulnerabilities in a hotel room and all the devices within it.
The Russia-linked threat actor known as Turla infected several systems belonging to an unnamed European non-governmental organization (NGO) in order to deploy a backdoor called TinyTurla-NG. "The...
A previously unknown malware campaign called Sign1 has infected over 39,000 websites over the past six months, causing visitors to see unwanted redirects and popup ads. The threat actors inject the malware into custom HTML widgets and legitimate plugins on WordPress sites to inject the malicious Sign1 scripts rather than modifying the actual WordPress files.
The Rhysida ransomware group claims it was responsible for the cyberattack at US luxury yacht dealer MarineMax earlier this month. Rhysida this week posted a snippet of the data it claims to have stolen from MarineMax to its website, but the montages of documents don't clearly or conclusively reveal their nature.
Security researchers have released a proof-of-concept exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server software, which is now actively exploited in attacks.On Thursday, one week after Fortinet released security updates to address the security flaw, security researchers with Horizon3's Attack Team published a technical analysis and shared a proof-of-concept exploit that helps confirm if a system is vulnerable without providing remote code execution capabilities.
New research has discovered over 800 packages in the npm registry which have discrepancies from their registry entries, out of which 18 have been found to exploit a technique called manifest...
Here's a lowdown on some recent ransomware attacks, lessons worth learning from them, and tips to help limit ransomware risk. Ransomware attacks have knock-on financial impacts when companies need to swiftly shut down systems that might form the backbone of their normal operations.
Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that's used to target Laravel applications and steal sensitive data. "It works by scanning and taking out important...
Microsoft confirmed that a memory leak introduced with the March 2024 Windows Server security updates is behind a widespread issue causing Windows domain controllers to crash. The known issue impacts all domain controller servers with the latest Windows Server 2012 R2, 2016, 2019, and 2022 updates.