Google: 2021 was a Banner Year for Exploited 0-Day Bugs
Last year, Google Project Zero tracked a record 58 exploited-in-the-wild zero-day security holes.
Google Project Zero reported 58 exploited zero-day vulnerabilities in 2021, a record in the short time...
Argo CD Security Bug Opens Kubernetes Cloud Apps to Attackers
The popular continuous-delivery platform has a path-traversal bug (CVE-2022-24348) that could allow cyberattackers to hop from one application ecosystem to another.
A high-severity security vulnerability in Argo CD can enable...
Where the Latest Log4Shell Attacks Are Coming From
Analysts find at least 10 Linux botnets actively exploiting Log4Shell flaw.
Cybersecurity professionals across the world have been scrambling to shore up their systems against a critical remote code-execution (RCE)...
‘Trojan Source’ Hides Invisible Bugs in Source Code
The old RLO trick of exploiting how Unicode handles script ordering and a related homoglyph attack can imperceptibly switch the real name of malware.
Researchers have found a new way...
Tesla Hacked and Stolen Again Using Key Fob
Belgian researchers demonstrate third attack on the car manufacturer’s keyless entry system, this time to break into a Model X within minutes.
Researchers have demonstrated for the third time how...
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
Apple is urging...
CISA Orders Federal Agencies to Fix Actively Exploited Windows Bug
Feb. 18 is the deadline to patch a bug that affects all unpatched versions of Windows 10 and requires zero user interaction to exploit.
CISA is putting the thumbscrews...
Critical WordPress-Plugin Bug Found in ‘Orbit Fox’ Allows Site Takeover
Two security vulnerabilities — one a privilege-escalation problem and the other a stored XSS bug — afflict a WordPress plugin with 40,000 installs.
Two vulnerabilities (one critical) in a...
Threat Actors Can Exploit Windows RDP Servers to Amplify DDoS Attacks
Netscout researchers identify more than 14,000 existing servers that can be abused by ‘the general attack population’ to flood organizations’ networks with traffic.
Cybercriminals can exploit Microsoft Remote Desktop Protocol...
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
New research indicates that over 80,000 Hikvision surveillance cameras in the world...