File upload logic in GitHub's comments allows hackers to host malware on the service and abuse trusted developers and companies, such as Microsoft, to create legitimate-looking URLs.
Flaw RSS
Google's Project Zero security team has publicly disclosed multiple flaws in certain Linux kernels and distros following Red Hat's inability to fix them within the 90-day deadline assigned by Google.
_medium.jpg)
Google has revealed an expansion to its Vulnerability Reward Program (VRP). It is designed to encourage privately reporting security flaws in open source software in exchange for monetary rewards.
_medium.jpg)
Microsoft's latest Patch Tuesday updates - released yesterday - fix a lot of recently publicized security issues like Follina, however, DogWalk remains unpatched as Microsoft continues to downplay it.
Some IT admins may be in for a scare this weekend as Atlassian has warned of a critical RCE flaw affecting all Confluence Server and Data Center versions. Internet access should be restricted ASAP.
A newly discovered zero-day vulnerability in modern Windows versions allows bad actors to launch a Windows Search window and connect to infected directories using a single Word file.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is no longer recommending the installation of May Patch Tuesday updates on Domain Controllers because of authentication issues.
Microsoft has published details about a security vulnerability dubbed "AutoWarp" in Azure Automation service. It could enable attackers to get access to resources of other Azure customers.
Google's Project Zero team has shared some interesting stats regarding its findings for the past couple of years today. Interestingly, it found the most security issues in Microsoft products.
Tesla has recalled nearly half a million Model 3 and Model S units for exhibiting engineering flaws related to the rearview camera and the front trunk, which can result in accidents in the worst case.
Microsoft has revealed more details about a macOS vulnerability that it discovered and reported to Apple. A patch is now out for OS-level flaw "Shrootless" on macOS Monterey, Catalina, and Big Sur.
A security team has issued an advisory about an apparent design flaw which allows single-factor brute-force attack on Azure Active Directory. However, Microsoft says that this is by design.
Microsoft has recently revealed that a KB update in August's Patch Tuesday effectively breaks printing for some organizations by repeatedly requiring admin credentials when printing.
Microsoft has patched a security flaw in the Azure Container Instances services that allowed data to leak across customers using the same clusters. Potentially affected customers have been notified.
A major flaw in Azure Cosmos DB has exposed customer data and given admin access to it for the past couple of years. Microsoft has now patched the issue and asked customers to rotate their keys.
Google Project Zero has disclosed yet another Windows vulnerability that can lead to elevation of privilege. Microsoft had initially stated that it would not resolve it, but is now working on a fix.
"Half-double" is a Rowhammer exploit which grants access to wider memory addresses on newer DRAM chips. Malicious code can potentially take control of the full system through this hardware bypass.
Microsoft has released a new set of security updates for numerous Exchange Server versions following the discovery of certain security flaws. Exchange Online once again contains protections already.
Following multiple delays from Microsoft, Google's Project Zero security team has disclosed yet another high severity security flaw in Windows. If exploited, it can cause elevation of privilege.
Following a botched fix by Qualcomm which caused a new kernel privilege escalation bug, Google Project Zero has publicly disclosed details of a high severity security flaw in the Adreno GPU driver.
The "high" severity security flaw in GitHub publicly disclosed by Google's Project Zero team earlier this month has finally been patched. The security team has validated the fix and closed it.
Google's Project Zero team has disclosed a "high" severity security flaw in GitHub following the latter's inability to provide a fix in the 104 days - which includes a grace period - allotted to it.
A new report has emerged claiming that Microsoft fixed a significant security vulnerability in various versions of Windows, even though a Google-owned service disclosed it to Microsoft in 2018.
Google's Project Zero team has publicly revealed yet another security flaw in Windows which allows elevation of privilege, claiming that Microsoft's fix is incomplete and does not resolve the issue.
Google's Project Zero members have disclosed five security flaws in iOS, four of which have been fixed by Apple in iOS 12.4. However, one of these still hasn't fully been patched yet.
Google's Project Zero has exposed a "high severity" flaw in macOS' kernel XNU - which apparently has issues in its implementation of copy-on-write behavior - after Apple failed to fix it in 90 days.
Apple has issued an apology for the FaceTime bug which allowed you to eavesdrop on others during group calls. An update to squash the bug will be rolled out to the public next week.
New variants of Spectre have been discovered by Microsoft and Google, which allow attackers to read privileged data. While mitigations will be available soon, they will result in a performance hit.
Researchers today warned that a critical flaw in OpenPGP and S/MIME encryption tools could leave your electronic communications at risk, allowing attackers to read encrypted emails in plaintext form.
Despite Microsoft's repeated requests for an extension to the standard 90-day disclosure deadline, Google has gone on to reveal a "medium" severity flaw in systems with UMCI, such as Windows 10 S.
It appears that Control Flow Guard (CFG) in Windows 8.1 and 10 can be bypassed, effectively putting 500 million computers at risk. Microsoft is investigating the issue and should have a fix soon.
Two independent Israeli researchers have found a loophole with Microsoft's digital assistant- Cortana. The assistant can be used by anyone with malicious intent to bypass a locked PC.
After Microsoft's failure to fix a flaw in its Edge browser in the allotted time, Google has publicly disclosed the bug - which allows bypassing Edge's ACG and creating an executable page in memory.
A bug in the Windows 10 Anti-Malware Scan Interface causes the security apparatus to truncate its scans when encountering a null character. The bug was fixed in this month's Patch Tuesday.
A newly discovered Skype bug that can allow an attacker to gain system-level privileges will be left unfixed for now, as Microsoft chooses to instead concentrate on creating a new client altogether.
In its quarterly earnings call for investors, the company vowed that it was working to fix the flaws in its chips, and vowed that its processors due out later this year will be vulnerability-free.
Security researchers are always trying to find ways to break devices or get into their code. If a problem is found, they alert the manufacturer to it can be fixed quietly. Others can be more vocal.
A new flaw discovered in the remote access monitoring AMT technology found in Intel processors can be used to take complete control over a laptop and circumvent all security measures.
The chipmaker is now recommending some of its bigger customers delay the installation of its latest patches aimed at Meltdown and Spectre after reports of unsolicited reboots on some processors.
Following the discovery of three critical flaws in a range of processors, OEMs and OS manufacturers have issued various patches. Microsoft has detailed what performance impact its patches have.
