Getty Images reader comments 5 with Firewalls made by Zyxel are being wrangled into a destructive botnet, which is taking control of them by exploiting a recently patched vulnerability with a severity rating of 9.8 out of a possible 10. “At this stage if you have a vulnerable device exposed, assume compromise,” officials from Shadowserver,… Read More »
Getty Images reader comments 20 with Share this story Exploit code for a critical printer software vulnerability became publicly available on Monday in a release that may exacerbate the threat of malware attacks that have already been underway for the past five days. The vulnerability resides in print management software known as PaperCut, which the… Read More »
Getty Images reader comments 19 with Share this story Hackers are actively exploiting a critical vulnerability in a widely used WordPress plugin that gives them the ability to take complete control of millions of sites, researchers said. The vulnerability, which carries a severity rating of 8.8 out of a possible 10, is present in Elementor… Read More »
reader comments 6 with Share this story Threat actors are exploiting a critical vulnerability in an IBM file-exchange application in hacks that install ransomware on servers, security researchers have warned. The IBM Aspera Faspex is a centralized file-exchange application that large organizations use to transfer large files or large volumes of files at very high… Read More »
Getty Images reader comments 26 with Share this story Multiple threat actors—one working on behalf of a nation-state—gained access to the network of a US federal agency by exploiting a four-year-old vulnerability that remained unpatched, the US government warned. Exploit activities by one group likely began in August 2021 and last August by the other,… Read More »
reader comments 8 with 0 posters participating Share this story Researchers have unearthed four game modes that could successfully exploit a critical vulnerability that remained unpatched in the popular Dota 2 video game for 15 months after a fix had become available. The vulnerability, tracked as CVE-2021-38003, resided in the open source JavaScript engine from… Read More »
Getty Images reader comments 12 with 0 posters participating Share this story Malicious hackers have begun exploiting a critical vulnerability in unpatched versions of the Control Web Panel, a widely used interface for web hosting. “This is an unauthenticated RCE,” members of the Shadowserver group wrote on Twitter, using the abbreviation for remote code exploit.… Read More »
reader comments 8 with 0 posters participating Share this story For the past two weeks, hackers have been exploiting a critical vulnerability in the SugarCRM (customer relationship management) system to infect users with malware that gives them full control of their servers. The vulnerability began as a zero-day when the exploit code was posted online… Read More »
reader comments 3 with 3 posters participating Share this story It’s the second Tuesday of the month, and that means it’s Update Tuesday, the monthly release of security patches available for nearly all software Microsoft supports. This time around, the software maker has fixed six zero-days under active exploit in the wild, along with a… Read More »
Enlarge / A tin toy robot lying on its side. reader comments 35 with 31 posters participating Share this story On Thursday, a few Twitter users discovered how to hijack an automated tweet bot, dedicated to remote jobs, running on the GPT-3 language model by OpenAI. Using a newly discovered technique called a “prompt injection… Read More »