Security News

TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks
2024-05-28 05:11

A maximum-severity security flaw has been disclosed in the TP-Link Archer C5400X gaming router that could lead to remote code execution on susceptible devices by sending specially crafted...

CISA Warns of Actively Exploited Apache Flink Security Vulnerability
2024-05-23 16:44

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, the open-source, unified stream-processing and batch-processing...

HHS pledges $50M for autonomous vulnerability management solution for hospitals
2024-05-23 07:14

As organizations in the healthcare sector continue to be a prime target for ransomware gangs and CISA warns about a vulnerability in a healthcare-specific platform being leveraged by attackers, the Advanced Research Projects Agency for Health has announced the Universal PatchinG and Remediation for Autonomous DEfense program aimed at developing a vulnerability management platform for healthcare IT teams. CVE-2023-43208, an easily exploitable unauthenticated remote code execution vulnerability affecting NextGen HealthCare's Mirth Connect data integration platform, has been patched by the company and publicly disclosed by Horizon3.

"Linguistic Lumberjack" Vulnerability Discovered in Popular Logging Utility Fluent Bit
2024-05-21 06:43

Cybersecurity researchers have discovered a critical security flaw in a popular logging and metrics utility called Fluent Bit that could be exploited to achieve denial-of-service (DoS),...

New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks
2024-05-16 16:02

Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard that tricks victims into connecting to a less secure wireless network and...

Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002)
2024-05-16 11:14

New versions of Git are out, with fixes for five vulnerabilities, the most critical of which can be used by attackers to remotely execute code during a "Clone" operation.CVE-2024-32002 is a critical vulnerability that allows specially crafted Git repositories with submodules to trick Git into writing files into a.git/ directory instead of the submodule's worktree.

Is an open-source AI vulnerability next?
2024-05-16 05:30

Let's explore why open-source AI security is lacking and what security professionals can do to improve it. First, it's essential to acknowledge that AI is not something different from software; it is software.

Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability
2024-05-16 03:01

Google has rolled out fixes to address a set of nine security issues in its Chrome browser, including a new zero-day that has been exploited in the wild. Assigned the CVE identifier CVE-2024-4947,...

New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation
2024-05-14 13:51

Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild. The high-severity vulnerability, tracked...

Another Chrome Vulnerability
2024-05-14 11:01

Google has patched another Chrome zero-day: On Thursday, Google said an anonymous source notified it of the vulnerability. The vulnerability carries a severity rating of 8.8 out of 10. In...