Security News

Updates released on Tuesday for the Git version control system patch two security flaws, including a serious vulnerability that can be exploited for remote code execution using specially crafted...

Schneider Electric on Tuesday issued fixes for a vulnerability its SoMachine Basic software that could result in disclosure and retrieval of arbitrary data.

Fortunately, existing fixes should provide the protection we need.

Google and Microsoft researchers have disclosed another Spectre-like CPU side-channel vulnerability, called "Speculative Store Bypass." Like the others, the fix will slow the CPU down. The German...

Dell Patches Local Privilege Escalation in SupportAssist Dell recently addressed a local privilege escalation (LPE) vulnerability in SupportAssist, a tool pre-installed on most of all new Dell...

A flaw related to a NetworkManager integration script is trivially easy for attackers to leverage.

Researchers have discovered a serious cross-site scripting (XSS) vulnerability affecting all desktop versions of Edward Snowden’s favourite security application, Signal.

Unless the pace of vulnerability disclosure slows down in the coming quarters, we are looking at yet another record-breaking year, according to Risk Based Security’s 2018 Q1 Vulnerability...

The EFAIL bug shows how to trick some mail clients into turning the email encryption tools S/MIME and OpenPGP against themselves.

A new PGP vulnerability was announced today. Basically, the vulnerability makes use of the fact that modern e-mail programs allow for embedded HTML objects. Essentially, if an attacker can...