Security News

New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks
2024-05-16 16:02

Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard that tricks victims into connecting to a less secure wireless network and...

Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002)
2024-05-16 11:14

New versions of Git are out, with fixes for five vulnerabilities, the most critical of which can be used by attackers to remotely execute code during a "Clone" operation.CVE-2024-32002 is a critical vulnerability that allows specially crafted Git repositories with submodules to trick Git into writing files into a.git/ directory instead of the submodule's worktree.

Is an open-source AI vulnerability next?
2024-05-16 05:30

Let's explore why open-source AI security is lacking and what security professionals can do to improve it. First, it's essential to acknowledge that AI is not something different from software; it is software.

Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability
2024-05-16 03:01

Google has rolled out fixes to address a set of nine security issues in its Chrome browser, including a new zero-day that has been exploited in the wild. Assigned the CVE identifier CVE-2024-4947,...

New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation
2024-05-14 13:51

Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild. The high-severity vulnerability, tracked...

Another Chrome Vulnerability
2024-05-14 11:01

Google has patched another Chrome zero-day: On Thursday, Google said an anonymous source notified it of the vulnerability. The vulnerability carries a severity rating of 8.8 out of 10. In...

How AI affects vulnerability management in open-source software
2024-05-13 04:00

In this Help Net Security video, Itamar Sher, CEO of Seal Security, discusses how AI affects the risk and operational aspects of managing vulnerabilities in open-source software. One of the core issues around open-source vulnerability patch management has been the coupling between security patches and other code changes.

Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability
2024-05-10 10:23

Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the wild. Tracked as CVE-2024-4671, the high-severity vulnerability...

When is One Vulnerability Scanner Not Enough?
2024-05-02 10:25

Like antivirus software, vulnerability scans rely on a database of known weaknesses. That’s why websites like VirusTotal exist, to give cyber practitioners a chance to see whether a malware...

CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability
2024-05-02 06:15

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw impacting GitLab to its Known Exploited Vulnerabilities (KEV) catalog, owing to active exploitation in...