New Security Flaws Uncovered in SSH Protocol
A team of researchers from Ruhr University Bochum in Germany have uncovered new security vulnerabilities in the Secure Shell (SSH) protocol that coul…
Vulnerability
Barracuda Patches Actively Exploited Flaw Used by Chinese APT
Barracuda has disclosed a critical vulnerability in its Email Security Gateway (ESG) appliances that has been actively exploited by a Chinese state-s…
New 'Mayhem' Attack Bypasses Security in OpenSSH, OpenSSL and MySQL via Fault Injection
A new paper titled " Mayhem: Targeted Corruption of Register and Stack Variables " reveals a critical security vulnerability that could all…
Critical OpenSSH Flaw Could Allow Remote Code Execution
A high-severity vulnerability has been discovered in OpenSSH that could potentially be exploited by an attacker to execute arbitrary commands on a ta…
CacheWarp - New Vulnerability Breaks Integrity of AMD SEV
Researchers from CISPA Helmholtz Center for Information Security have discovered a new software-based fault attack named CacheWarp that breaks the in…
'Reptar' - New Intel CPU Vulnerability Discovered by Google
A Google security researcher has uncovered a new CPU vulnerability impacting Intel desktop, mobile, and server CPUs. The vulnerability dubbed ' …
AMD Warns of High-Risk Vulnerability in Graphics Drivers
The processor manufacturer AMD has disclosed a high-risk security vulnerability affecting certain graphics drivers for Radeon graphics chips. The vu…
Signal Denies Rumors of Zero-day Vulnerability Bug
Yesterday, rumors circulated about a discovered zero-day exploit in the popular encrypted messaging app Signal that allegedly gives full access to a …
Curl Fix Heap Buffer Overflow Vulnerability Could Lead to Remote Code Execution
The Curl team has finally disclosed a high-severity vulnerability (CVE-2023-38545) that could allow remote code execution in applications using affec…
Is Curl Vulnerability leaked Before Schedule Time?
Last week, the developer of Curl announced a forthcoming version of Curl version 8.4.0 to be scheduled for release with the patch of two security vul…
HTTP/2 'Rapid Reset' Attack Flaw Allows DDoS at Record-Breaking Scale
Cloudflare, Google, and Amazon AWS have publicly disclosed a serious vulnerability in the HTTP/2 web protocol that has been used to conduct record-br…
Critical Vulnerability Disclosed in libcue Library Used by GNOME Desktop
A critical security vulnerability has been disclosed in the open source libcue library, which could enable remote code execution on Linux systems run…
Looney Tunables Flaw in Linux Allows Root Access
Security researchers at Qualys have disclosed a high-severity vulnerability in the GNU C Library (glibc) that could allow local attackers to gain roo…
Six 0day Vulnerabilities Discovered in Exim Mail Server - Update Now!
There was already news about the new critical vulnerabilities reported to the Exim Mail transfer agent, which if exploited successfully, allows remot…
Critical Security Vulnerabilities Discovered in WebKitGTK and WPE WebKit
The WebKitGTK and WPE WebKit projects have disclosed multiple critical security vulnerabilities that affect the open-source web browser engine used i…
Progress Fixes Critical Pre-Auth RCE Flaws in WS_FTP Server
Progress Software Corporation subsidiary, Ipswitch has disclosed multiple high severity security flaws affecting WS_FTP Server software on all platf…
New MOVEit Transfer SQL Injection Vulnerabilities Discovered - Patch Now!
Progress Software has released security updates for its MOVEit Transfer file transfer application. The updates fix a couple of SQL injection vulnerab…
Microsoft Uncovered Critical Flaws in Ncurses Library Impacting Linux and macOS
Microsoft researchers have recently discovered a series of critical memory corruption vulnerabilities in ncurses , an open-source library that enable…