Security News

GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs
2025-01-27 14:17

Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access...

Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers
2025-01-23 14:55

Enterprise-grade Juniper Networks routers have become the target of a custom backdoor as part of a campaign dubbed J-magic. According to the Black Lotus Labs team at Lumen Technologies, the...

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw
2025-01-23 12:57

Cisco has released patches for a critical privilege escalation vulnerability in Meeting Management (CVE-2025-20156) and a heap-based buffer overflow flaw (CVE-2025-20128) that, when triggered,...

Web Cache Vulnerability Scanner: Open-source tool for detecting web cache poisoning
2025-01-23 05:00

The Web Cache Vulnerability Scanner (WCVS) is an open-source command-line tool for detecting web cache poisoning and deception. The scanner, developed by Maximilian Hildebrand, offers extensive...

New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits
2025-01-16 11:23

Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems. The vulnerability,...

New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)
2025-01-16 10:00

ESET researchers have identified a vulnerability (CVE-2024-7344) impacting most UEFI-based systems, which allows attackers to bypass UEFI Secure Boot. The issue was found in a UEFI application...

Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation
2025-01-14 16:53

Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to bypass the operating system's...

Google OAuth Vulnerability Exposes Millions via Failed Startup Domains
2025-01-14 16:38

New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data....

Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners
2025-01-13 13:33

A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency...

Zero-Day Vulnerability in Ivanti VPN
2025-01-09 17:16

It’s being actively exploited.