Getty Images reader comments 9 Threat actors carried out zero-day attacks that targeted Windows users with malware for more than a year before Microsoft fixed the vulnerability that made them possible, researchers said Tuesday. The vulnerability, present in both Windows 10 and 11, causes devices to open Internet Explorer, a legacy browser that Microsoft decommissioned… Read More »
reader comments 23 Researchers have warned of a critical vulnerability affecting the OpenSSH networking utility that can be exploited to give attackers complete control of Linux and Unix servers with no authentication required. The vulnerability, tracked as CVE-2024-6387, allows unauthenticated remote code execution with root system rights on Linux systems that are based on glibc,… Read More »
reader comments 35 A critical vulnerability recently discovered in a widely used piece of software is putting huge swaths of the Internet at risk of devastating hacks, and attackers have already begun actively trying to exploit it in real-world attacks, researchers warn. The software, known as MOVEit and sold by Progress Software, allows enterprises to… Read More »
Getty Images reader comments 48 Hardware manufacturer Asus has released updates patching multiple critical vulnerabilities that allow hackers to remotely take control of a range of router models with no authentication or interaction required of end users. The most critical vulnerability, tracked as CVE-2024-3080 is an authentication bypass flaw that can allow remote attackers to… Read More »
reader comments 21 Hackers working for the Chinese government gained access to more than 20,000 VPN appliances sold by Fortinet using a critical vulnerability that the company failed to disclose for two weeks after fixing it, Netherlands government officials said. The vulnerability, tracked as CVE-2022-42475, is a heap-based buffer overflow that allows hackers to remotely… Read More »
reader comments 15 A critical vulnerability in the PHP programming language can be trivially exploited to execute malicious code on Windows devices, security researchers warned as they urged those affected to take action before the weekend starts. Within 24 hours of the vulnerability and accompanying patch being published, researchers from the nonprofit security organization Shadowserver… Read More »
Getty Images reader comments 15 Researchers on Wednesday reported critical vulnerabilities in a widely used networking appliance that leaves some of the world’s biggest networks open to intrusion. The vulnerabilities reside in BIG-IP Next Central Manager, a component in the latest generation of the BIG-IP line of appliances, which organizations use to manage traffic going… Read More »
reader comments 29 A maximum severity vulnerability that allows hackers to hijack GitLab accounts with no user interaction required is now under active exploitation, federal government officials warned as data showed that thousands of users had yet to install a patch released in January. A change GitLab implemented in May 2023 made it possible for… Read More »
Getty Images reader comments 16 Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years in attacks that targeted a vast array of organizations with a previously undocumented tool, the software maker disclosed Monday. When Microsoft patched the vulnerability in October 2022—at least two years after it came under attack by the Russian… Read More »
reader comments 14 Highly capable hackers are rooting multiple corporate networks by exploiting a maximum-severity zero-day vulnerability in a firewall product from Palo Alto Networks, researchers said Friday. The vulnerability, which has been under active exploitation for at least two weeks now, allows the hackers with no authentication to execute malicious code with root privileges,… Read More »