Security News

Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool
2024-06-24 13:52

Cybersecurity researchers have detailed a now-patch security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platform that could be exploited to achieve remote...

SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately
2024-06-21 08:54

A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995...

Phoenix UEFI vulnerability impacts hundreds of Intel PC models
2024-06-20 21:31

A newly discovered vulnerability in Phoenix SecureCore UEFI firmware tracked as CVE-2024-0762 impacts devices running numerous Intel CPUs, with Lenovo already releasing new firmware updates to resolve the flaw. Due to the large number of Intel CPUs using this firmware, the vulnerability has the potential to impact hundreds of models from Lenovo, Dell, Acer, and HP. UEFI firmware is considered more secure as it includes Secure Boot, which is supported by all modern operating systems, including Windows, macOS, and Linux.

Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs
2024-06-20 14:22

Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors....

VMware fixes critical vCenter RCE vulnerability, patch now
2024-06-18 18:08

VMware has issued a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws. VMware vCenter Server is a central management platform for VMware vSphere, enabling the management of virtual machines and ESXi hosts.

Apple Operating Systems are Being Targeted by Threat Actors, Plus 4 More Vulnerability Trends
2024-06-18 10:00

The number of macOS vulnerabilities exploited in 2023 increased by more than 30%, according to a new report. The Software Vulnerability Ratings Report 2024 from patch management software company Action1 also found that Microsoft Office programs are becoming more exploitable, while attackers are targeting load balancers like NGINX and Citrix at a record rate.

Week in review: JetBrains GitHub plugin vulnerability, 20k FortiGate appliances compromised
2024-06-16 08:00

Users of JetBrains IDEs at risk of GitHub access token compromiseJetBrains has fixed a critical vulnerability that could expose users of its integrated development environments to GitHub access token compromise. AWS unveils new and improved security featuresAt its annual re:Inforce conference, Amazon Web Services has announced new and enhanced security features and tools.

Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability
2024-06-12 04:26

Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is...

Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers
2024-06-11 06:37

Arm is warning of a security vulnerability impacting Mali GPU Kernel Driver that it said has been actively exploited in the wild. Tracked as CVE-2024-4610, the use-after-free issue impacts the...

Azure Service Tags Vulnerability: Microsoft Warns of Potential Abuse by Hackers
2024-06-10 11:20

Microsoft is warning about the potential abuse of Azure Service Tags by malicious actors to forge requests from a trusted service and get around firewall rules, thereby allowing them to gain...