Security News
Israel’s brazen attacks on Hezbollah last week, in which hundreds of pagers and two-way radios exploded and killed at least 37 people, graphically illustrated a threat that cybersecurity experts...
CISA and the FBI urged tech companies to review their software and eliminate cross-site scripting (XSS) vulnerabilities before shipping. [...]
Ivanti has fixed a slew of vulnerabilities affecting its Endpoint Manager solution, including a maximum severity one (CVE-2024-29847) that may allow unauthenticated attackers to remotely execute...
Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 critical vulnerabilities that could result in remote code execution. A brief...
A Mark of the Web security alert vulnerability and three others have been exploited in the wild and are now covered by Redmond’s monthly patch batch.
The internet-facing assets were found to be susceptible to potential exploitation in a sample of 90 banking and financial services organisations.
The most dangerous vulnerability you’ve never heard of. In the world of cybersecurity, vulnerabilities are discovered so often, and at such a high rate, that it can be very difficult to keep up...
Cybersecurity researchers are warning about the security risks in the machine learning (ML) software supply chain following the discovery of more than 20 vulnerabilities that could be exploited to...
Vulnerabilities in popular Microsoft apps for macOS can be abused by attackers to record video and audio clips, take pictures, access and exfiltrate data and send emails, Cisco Talos researchers have discovered. Library injection vulnerabilities in Microsoft apps for macOS. The flaws - CVE-2024-41138, CVE-2024-41145, CVE-2024-41159, CVE-2024-42004, CVE-2024-41165, CVE-2024-43106, CVE-2024-39804 and CVE-2024-42220 - have been found in Microsoft Teams, OneNote, Outlook, Word, Excel and Powerpoint for macOS. They allow attackers to inject specially crafted libraries so they can assume the vulnerable apps' entitlements and the permissions they've been granted by users.
Cybersecurity researchers have discovered two security flaws in Microsoft's Azure Health Bot Service that, if exploited, could permit a malicious actor to achieve lateral movement within customer environments and access sensitive patient data. The critical issues, now patched by Microsoft, could have allowed access to cross-tenant resources within the service, Tenable said in a new report shared with The Hacker News.