This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T18:10:36+00:00 www.secnews.physaphae.fr Dark Reading - Informationweek Branch If it\'s exploited, bad actors can execute arbitrary code while evading detection thanks to a renamed process.]]> 2024-10-22T21:39:33+00:00 https://www.darkreading.com/endpoint-security/samsung-zero-day-vuln-under-active-exploit-google-warns www.secnews.physaphae.fr/article.php?IdArticle=8601410 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The vulnerability affects all versions prior to v0.68.0 and highlights the risks organizations assume when consuming open source software and code.]]> 2024-10-22T21:10:34+00:00 https://www.darkreading.com/vulnerabilities-threats/opa-windows-vulnerability-exposes-ntlm-hashes www.secnews.physaphae.fr/article.php?IdArticle=8601412 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The "Code-on-Toast" supply chain cyberattacks by APT37 delivered data-stealing malware to users in South Korea who had enabled Toast pop-up ads.]]> 2024-10-21T01:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/dprk-microsoft-zero-day-no-click-toast-attacks www.secnews.physaphae.fr/article.php?IdArticle=8600761 False Malware,Vulnerability,Threat APT 37 2.0000000000000000 Dark Reading - Informationweek Branch This year, the majority of developers have adopted AI assistants to help with coding and improve code output, but most are also creating more vulnerabilities that take longer to remediate.]]> 2024-10-18T15:53:46+00:00 https://www.darkreading.com/application-security/vulnerabilities-ai-compete-software-developers-attention www.secnews.physaphae.fr/article.php?IdArticle=8599806 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The shift to a distributed work model has exposed organizations to new threats, and a low but continuing stream of printer-related vulnerabilities isn\'t helping.]]> 2024-10-16T19:30:02+00:00 https://www.darkreading.com/vulnerabilities-threats/hybrid-work-vulnerabilities-print-security www.secnews.physaphae.fr/article.php?IdArticle=8598881 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Suspected nation-state actors are spotted stringing together three different zero-days in the Ivanti Cloud Services Application to gain persistent access to a targeted system.]]> 2024-10-14T22:16:17+00:00 https://www.darkreading.com/cyberattacks-data-breaches/serious-adversaries-circle-ivanti-csa-flaws www.secnews.physaphae.fr/article.php?IdArticle=8597822 False Vulnerability,Threat,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch The bug is already being exploited in the wild, but Firefox has provided patches for those who may be vulnerable.]]> 2024-10-10T21:10:13+00:00 https://www.darkreading.com/cyberattacks-data-breaches/critical-mozilla-firefox-zero-day-code-execution www.secnews.physaphae.fr/article.php?IdArticle=8595626 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Vulnerability prioritization has evolved over the years. Several frameworks exist to help organizations make the right decisions when it comes to deciding which patches to apply and when. But are these better than a Magic 8 Ball?]]> 2024-10-10T14:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/vulnerability-prioritization-magic-8-ball www.secnews.physaphae.fr/article.php?IdArticle=8595359 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The security bugs were found susceptible to exploitation in connection to the previously disclosed, critical CVE-2024-8963 vulnerability in the security vendor\'s Cloud Services Appliance (CSA).]]> 2024-10-09T18:47:44+00:00 https://www.darkreading.com/cyberattacks-data-breaches/three-more-ivanti-cloud-vulns-exploited www.secnews.physaphae.fr/article.php?IdArticle=8594982 False Vulnerability,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch ​​​With careful planning, ongoing evaluation, and a commitment to treat cybersecurity as a core business function, SMBs can transform their vulnerabilities into strengths​​.]]> 2024-10-09T14:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/building-cyber-resilience-smbs-limited-resources www.secnews.physaphae.fr/article.php?IdArticle=8594848 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Threat actors are actively exploiting two of the vulnerabilities, while three others are publicly known and ripe for attack.]]> 2024-10-08T21:48:57+00:00 https://www.darkreading.com/vulnerabilities-threats/5-cves-microsofts-october-2024-update-patch-now www.secnews.physaphae.fr/article.php?IdArticle=8594502 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch CVE-2024-44204 is one of two new Apple iOS security vulnerabilities that showcase an unexpected coming together of privacy snafus and accessibility features.]]> 2024-10-04T19:49:14+00:00 https://www.darkreading.com/cyber-risk/iphone-voiceover-feature-read-passwords-aloud www.secnews.physaphae.fr/article.php?IdArticle=8592177 False Vulnerability,Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch Several of the flaws enable remote code execution and denial-of-service attacks while others enable data theft, session hijacking, and other malicious activity.]]> 2024-10-03T21:53:06+00:00 https://www.darkreading.com/endpoint-security/thousands-draytek-routers-at-risk-14-new-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8591561 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Ivanti reports that the bug is being actively exploited in the wild for select customers.]]> 2024-10-03T21:19:32+00:00 https://www.darkreading.com/threat-intelligence/cisa-high-severity-ivanti-vulnerability-kev-catalog www.secnews.physaphae.fr/article.php?IdArticle=8591562 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch All an attacker needs to exploit flaws in the Common Unix Printing System is a few seconds and less than 1 cent in computing costs.]]> 2024-10-02T21:12:05+00:00 https://www.darkreading.com/vulnerabilities-threats/unix-printing-vulnerabilities-easy-ddos-attacks www.secnews.physaphae.fr/article.php?IdArticle=8590708 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch For development teams awash in vulnerability reports, reachability analysis can help tame the chaos and offer another path to prioritize exploitable issues.]]> 2024-09-30T20:02:53+00:00 https://www.darkreading.com/application-security/reachability-analysis-static-security-testing-overload www.secnews.physaphae.fr/article.php?IdArticle=8589390 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The vulnerability is the latest discovered in connected vehicles in recent years, and it points out the cyber dangers lurking in automotive APIs.]]> 2024-09-27T19:54:55+00:00 https://www.darkreading.com/endpoint-security/millions-kia-vehicles-remote-hacks-license-plate www.secnews.physaphae.fr/article.php?IdArticle=8586754 False Vulnerability None 4.0000000000000000 Dark Reading - Informationweek Branch Adversaries can exploit CVE-2024-6769 to jump from regular to admin access without triggering UAC, but Microsoft says it\'s not really a vulnerability.]]> 2024-09-27T19:16:44+00:00 https://www.darkreading.com/vulnerabilities-threats/exploit-chain-windows-uac-bypass www.secnews.physaphae.fr/article.php?IdArticle=8586756 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The AI Incident Reporting and Security Enhancement Act would allow NIST to create a process for reporting and tracking vulnerabilities found in AI systems.]]> 2024-09-26T18:31:04+00:00 https://www.darkreading.com/application-security/congress-advances-bill-add-ai-nvd www.secnews.physaphae.fr/article.php?IdArticle=8585864 True Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Though the critical vulnerability was patched in August, Ivanti is reminding customers to update as soon as possible as attacks from unauthenticated threat actors start circulating.]]> 2024-09-25T18:03:57+00:00 https://www.darkreading.com/vulnerabilities-threats/cisa-adds-patched-ivanti-bug-kev-catalog www.secnews.physaphae.fr/article.php?IdArticle=8584937 False Vulnerability,Threat None 1.00000000000000000000 Dark Reading - Informationweek Branch The RISC-V chip architecture is gaining popularity worldwide, but the fact that it is easy to modify the processor design means it is also easy to introduce hard-to-patch vulnerabilities in the chips.]]> 2024-09-24T22:13:26+00:00 https://www.darkreading.com/endpoint-security/security-concerns-dog-emerging-chip-architecture www.secnews.physaphae.fr/article.php?IdArticle=8584716 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The security vulnerabilities could lead to everything from gas spills to operations data disclosure, affecting gas stations, airports, military bases, and other hypersensitive locations.]]> 2024-09-24T19:12:27+00:00 https://www.darkreading.com/ics-ot-security/critical-automated-tank-gauge-bugs-critical-infrastructure www.secnews.physaphae.fr/article.php?IdArticle=8584136 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The APT group uses spear-phishing and a vulnerability in a geospatial data-sharing server to compromise organizations in Taiwan, Japan, the Philippines, and South Korea.]]> 2024-09-23T01:00:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/china-earth-baxia-spies-geoserver-apac-orgs www.secnews.physaphae.fr/article.php?IdArticle=8582513 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The first patch lets threat actors with low-level credentials still exploit the vulnerability, while the second fully resolves the flaw.]]> 2024-09-19T19:57:21+00:00 https://www.darkreading.com/application-security/poc-exploit-for-rce-flaw-but-patches-from-veeam www.secnews.physaphae.fr/article.php?IdArticle=8579794 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The latest Secure by Design alert from CISA outlines recommended actions security teams should implement to reduce the prevalence of cross-site scripting vulnerabilities in software.]]> 2024-09-17T21:55:08+00:00 https://www.darkreading.com/application-security/cisa-urges-software-makers-eliminate-xss-flaws www.secnews.physaphae.fr/article.php?IdArticle=8579050 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Attackers could have exploited a dependency confusion vulnerability affecting various Google Cloud services to execute a sprawling supply chain attack via just one malicious Python code package.]]> 2024-09-17T09:49:32+00:00 https://www.darkreading.com/cloud-security/cloudimposer-flaw-google-cloud-affected-millions-servers www.secnews.physaphae.fr/article.php?IdArticle=8578481 False Vulnerability,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch Attackers have been using the Windows MSHTML Platform spoofing vulnerability in conjunction with another zero-day flaw.]]> 2024-09-16T22:05:38+00:00 https://www.darkreading.com/application-security/void-banshee-exploits-second-microsoft-zero-day www.secnews.physaphae.fr/article.php?IdArticle=8577979 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Three days after Ivanti published an advisory about the high-severity vulnerability CVE-2024-8190, threat actors began to abuse the flaw.]]> 2024-09-16T21:04:22+00:00 https://www.darkreading.com/threat-intelligence/ivanti-cloud-bug-exploit-alarms-raised www.secnews.physaphae.fr/article.php?IdArticle=8577950 False Vulnerability,Threat,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch This month\'s Patch Tuesday contains a total of 79 vulnerabilities - the fourth largest of the year.]]> 2024-09-10T21:08:47+00:00 https://www.darkreading.com/application-security/microsoft-discloses-4-zero-days-in-september-update www.secnews.physaphae.fr/article.php?IdArticle=8574167 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Researchers flagged a pair of Gallup site XSS vulnerabilities.]]> 2024-09-10T11:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/gallup-xss-bugs-website www.secnews.physaphae.fr/article.php?IdArticle=8575504 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Researchers flagged a pair of Gallup polling site XSS vulnerabilities that could have allowed malicious actors to execute arbitrary code, access sensitive data, or take over a victim account.]]> 2024-09-10T11:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/gallup-poll-bugs-open-door-to-election-misinformation www.secnews.physaphae.fr/article.php?IdArticle=8573811 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch CISA has added CE-2024-40766 to its known exploited vulnerabilities catalog.]]> 2024-09-09T20:39:23+00:00 https://www.darkreading.com/ics-ot-security/akira-ransomware-actors-exploit-sonicwall-bug-for-rce www.secnews.physaphae.fr/article.php?IdArticle=8573439 False Ransomware,Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The vulnerabilities affect industrial control tech used across the healthcare and critical manufacturing sectors.]]> 2024-09-06T19:44:38+00:00 https://www.darkreading.com/ics-ot-security/cisa-flags-ics-bugs-in-baxter-mitsubishi-products www.secnews.physaphae.fr/article.php?IdArticle=8571473 False Vulnerability,Industrial,Medical None 2.0000000000000000 Dark Reading - Informationweek Branch Public-facing vulnerabilities, cloud sprawl, access to back-end servers are just a few of the challenges travel and hospitality companies must address.]]> 2024-08-29T19:34:28+00:00 https://www.darkreading.com/threat-intelligence/top-travel-sites-have-some-first-class-security-issues-to-clean-up www.secnews.physaphae.fr/article.php?IdArticle=8566389 False Vulnerability,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch The vulnerability carries nearly the highest score possible on the CVSS scale, at 9.8, impacting a system used by major companies around the world.]]> 2024-08-29T19:10:56+00:00 https://www.darkreading.com/threat-intelligence/cisa-highlights-apache-ofbiz-flaw-after-poc-open-access www.secnews.physaphae.fr/article.php?IdArticle=8566390 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Telecom-based attacks such as SMS toll fraud and 2FA hijacking have evolved into a mainstream concern for CISOs.]]> 2024-08-29T14:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/how-telecom-vulnerabilities-can-be-a-threat-to-cybersecurity-posture www.secnews.physaphae.fr/article.php?IdArticle=8566204 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The most popular office software suite in China actually has two critical vulnerabilities, which allowed hackers the opportunity for remote code execution. Time to patch.]]> 2024-08-29T01:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/south-korean-apt-exploits-1-click-wps-office-bug-nabs-chinese-intel www.secnews.physaphae.fr/article.php?IdArticle=8565784 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch CISA warned about the RCE zero-day vulnerability in AVTECH IP cameras in early August, and now vulnerable systems are being used to spread malware.]]> 2024-08-28T21:00:08+00:00 https://www.darkreading.com/ics-ot-security/cctv-zero-day-targeted-by-mirai-botnet-campaign www.secnews.physaphae.fr/article.php?IdArticle=8565658 False Malware,Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The company has assessed four of the five disclosed vulnerabilities as being of high to critical severity.]]> 2024-08-28T14:43:08+00:00 https://www.darkreading.com/ics-ot-security/hitachi-energy-vulnerabilities-plague-scada-power-systems www.secnews.physaphae.fr/article.php?IdArticle=8565468 False Vulnerability,Industrial None 4.0000000000000000 Dark Reading - Informationweek Branch The exploit can be accessed on GitHub and makes it easier for the flaw to be exploited by threat actors.]]> 2024-08-27T20:56:41+00:00 https://www.darkreading.com/vulnerabilities-threats/poc-exploit-for-zero-click-vulnerability-made-available-to-the-masses www.secnews.physaphae.fr/article.php?IdArticle=8564934 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch So far, the threat actor has compromised at least five organizations using CVE-2024-39717; CISA has added bug to its Known Exploited Vulnerability database.]]> 2024-08-27T14:00:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/china-s-volt-typhoon-actively-exploiting-now-patched-0-day-in-versa-director-servers www.secnews.physaphae.fr/article.php?IdArticle=8564781 False Vulnerability,Threat Guam 3.0000000000000000 Dark Reading - Informationweek Branch Vulnerability gave attackers with access to a pod a way to obtain credentials and other secrets.]]> 2024-08-20T20:55:54+00:00 https://www.darkreading.com/application-security/azure-kubernetes-bug-lays-open-cluster-secrets www.secnews.physaphae.fr/article.php?IdArticle=8561178 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch AI jailbreaks are not vulnerabilities; they are expected behavior.]]> 2024-08-19T13:39:41+00:00 https://www.darkreading.com/application-security/assume-breach-when-building-ai-apps www.secnews.physaphae.fr/article.php?IdArticle=8561191 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The vulnerability was given a high-severity CVSS score, indicating that customers should act swiftly to mitigate the flaw.]]> 2024-08-15T18:51:26+00:00 https://www.darkreading.com/vulnerabilities-threats/solarwinds-critical-rce-bug-requires-urgent-patch www.secnews.physaphae.fr/article.php?IdArticle=8558286 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Attackers are already actively exploiting six of the bugs and four others are public, including one for which Microsoft has no patch yet.]]> 2024-08-13T20:56:46+00:00 https://www.darkreading.com/vulnerabilities-threats/microsoft-discloses-10-zero-day-bugs-in-pacth-tuesday-update www.secnews.physaphae.fr/article.php?IdArticle=8557242 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Privilege escalation flaws in the healthcare chatbot platform could have allowed unauthorized cross-tenant access and management of other customers\' resources.]]> 2024-08-13T18:36:28+00:00 https://www.darkreading.com/application-security/microsoft-azure-ai-health-bot-infected-with-critical-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8557167 False Vulnerability,Medical None 3.0000000000000000 Dark Reading - Informationweek Branch The vulnerability has been around for nearly 20 years and gives sophisticated attackers a way to bury virtually undetectable bootkits on devices with EPYC and Ryzen microprocessors.]]> 2024-08-12T20:14:47+00:00 https://www.darkreading.com/remote-workforce/amd-issues-updates-for-silicon-level-sinkclose-flaw www.secnews.physaphae.fr/article.php?IdArticle=8556559 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch As attack surfaces increase, partner networks widen, and security teams remain stretched, vulnerabilities and errors continue to be a daunting challenge.]]> 2024-08-09T14:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/tackling-vulnerabilities-and-errors-head-on-for-proactive-security www.secnews.physaphae.fr/article.php?IdArticle=8554715 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Researchers at Aqua Security discovered the "Shadow Resource" attack vector and the "Bucket Monopoly" problem, where threat actors can guess the name of S3 buckets based on their public account IDs.]]> 2024-08-08T12:00:00+00:00 https://www.darkreading.com/remote-workforce/critical-aws-vulnerabilities-allow-s3-attack-bonanza www.secnews.physaphae.fr/article.php?IdArticle=8554041 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The number of additions to the Known Exploited Vulnerabilities catalog is growing quickly, but even silent changes to already-documented flaws can help security teams prioritize.]]> 2024-08-07T22:05:00+00:00 https://www.darkreading.com/cybersecurity-analytics/monitoring-kev-list-for-changes-can-guide-security-teams www.secnews.physaphae.fr/article.php?IdArticle=8553676 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch A security vulnerability in Rockwell Automation\'s ControlLogix 1756 programmable logic controllers, tracked as CVE-2024-6242, could allow tampering with physical processes at plants.]]> 2024-08-06T13:00:00+00:00 https://www.darkreading.com/ics-ot-security/rockwell-plc-security-bypass-threatens-manufacturing-processes www.secnews.physaphae.fr/article.php?IdArticle=8552747 False Vulnerability None 4.0000000000000000 Dark Reading - Informationweek Branch The enterprise resource planning platform bug CVE-2024-38856 has a vulnerability-severity score of 9.8 out of 10 on the CVSS scale and offers a wide avenue into enterprise applications for cyberattackers.]]> 2024-08-05T19:15:23+00:00 https://www.darkreading.com/application-security/critical-apache-ofbiz-vulnerability-allows-preauth-rce www.secnews.physaphae.fr/article.php?IdArticle=8552300 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch In a monoculture, cybercriminals need to look for a weakness in only one product, or discover an exploitable vulnerability, to affect a significant portion of services.]]> 2024-08-02T16:30:00+00:00 https://www.darkreading.com/cyber-risk/is-us-federal-government-increasing-cyber-risk-through-monoculture www.secnews.physaphae.fr/article.php?IdArticle=8549913 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Malicious actors could potentially exploit this vulnerability if they gain physical access to a user\'s device.]]> 2024-07-31T19:17:20+00:00 https://www.darkreading.com/vulnerabilities-threats/siri-bug-enables-data-theft-on-locked-apple-devices www.secnews.physaphae.fr/article.php?IdArticle=8548264 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The security vulnerabilities, CVE-2024-37394, CVE-2024-37395, and CVE-2024-37396, could lay open proprietary and sensitive research to data thieves.]]> 2024-07-31T14:15:01+00:00 https://www.darkreading.com/threat-intelligence/dangerous-xss-bugs-redcap-academic-scientific-research www.secnews.physaphae.fr/article.php?IdArticle=8548042 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Intel works closely with academic researchers on hardware flaws and coordinates efforts with other vendors to roll out fixes for emerging vulnerabilities. That wasn\'t always the case.]]> 2024-07-26T13:43:47+00:00 https://www.darkreading.com/vulnerabilities-threats/could-intel-have-fixed-meltdown-spectre-earlier www.secnews.physaphae.fr/article.php?IdArticle=8544795 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Though IE was officially retired in June 2022, the vulnerability ramped up in January 2023 and has been going strong since.]]> 2024-07-25T19:46:46+00:00 https://www.darkreading.com/threat-intelligence/microsofts-internet-explorer-gets-revived-to-lure-in-windows-victims www.secnews.physaphae.fr/article.php?IdArticle=8544314 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch An exploit sold on an underground forum requires user action to download an unspecified malicious payload.]]> 2024-07-23T16:21:16+00:00 https://www.darkreading.com/cyberattacks-data-breaches/attackers-exploit-evilvideo-telegram-zero-day-malware www.secnews.physaphae.fr/article.php?IdArticle=8542846 False Malware,Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Apps like Tinder, Bumble, Grindr, Badoo, OKCupid, MeetMe, and Hinge all have API vulnerabilities that expose sensitive user data, and six allow a threat actor to pinpoint exactly where someone is.]]> 2024-07-22T18:18:55+00:00 https://www.darkreading.com/application-security/swipe-right-for-data-leaks-dating-apps-expose-location-more www.secnews.physaphae.fr/article.php?IdArticle=8542270 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The vulnerability was given the highest CVSS score possible, though few details have been released due to its severity.]]> 2024-07-18T19:17:59+00:00 https://www.darkreading.com/vulnerabilities-threats/high-severity-cisco-bug-grants-attackers-password-access www.secnews.physaphae.fr/article.php?IdArticle=8539766 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch 2024-07-17T21:00:46+00:00 https://www.darkreading.com/application-security/tumeryk-inc-launches-with-free-gen-ai-llm-vulnerability-scanner www.secnews.physaphae.fr/article.php?IdArticle=8539107 False Vulnerability TYPEFRAME 3.0000000000000000 Dark Reading - Informationweek Branch The threat group used CVE-2024-38112 and a "zombie" version of IE to spread Atlantida Stealer through purported PDF versions of reference books.]]> 2024-07-16T14:30:59+00:00 https://www.darkreading.com/threat-intelligence/void-banshee-apt-microsoft-zero-day-spear-phishing-attacks www.secnews.physaphae.fr/article.php?IdArticle=8538228 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Agencies say flaws are preventable and can be addressed with secure-by-design principles.]]> 2024-07-12T14:50:26+00:00 https://www.darkreading.com/vulnerabilities-threats/cisa-fbi-warn-of-os-command-injection-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8535875 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Likely two separate threat actors are using the just-patched CVE-2024-38112 in targeted, concurrent infostealer campaigns.]]> 2024-07-10T19:59:19+00:00 https://www.darkreading.com/application-security/attackers-have-been-leveraging-microsoft-zero-day-for-18-months www.secnews.physaphae.fr/article.php?IdArticle=8534517 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The state-sponsored threat group is capable of exploiting fresh software vulnerabilities within hours of their initial discovery.]]> 2024-07-09T17:08:06+00:00 https://www.darkreading.com/endpoint-security/chinese-apt40-exploits-nday-vulns-rapid-pace www.secnews.physaphae.fr/article.php?IdArticle=8533656 False Vulnerability,Threat APT 40 3.0000000000000000 Dark Reading - Informationweek Branch The exploitation of vulnerabilities in Ivanti\'s software underscores the need for robust cybersecurity measures and proactive response strategies to mitigate risks and protect critical assets.]]> 2024-07-09T14:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/cisa-takedown-ivanti-systems-is-wake-up-call www.secnews.physaphae.fr/article.php?IdArticle=8533509 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Threat actor "Velvet Ant" has been exploiting a vulnerability in Cisco\'s NX-OS Software for managing a variety of switches, executing commands and dropping custom malware.]]> 2024-07-02T13:18:22+00:00 https://www.darkreading.com/vulnerabilities-threats/patch-now-cisco-zero-day-chinese-apt www.secnews.physaphae.fr/article.php?IdArticle=8529462 False Malware,Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch If security researchers can execute a guest-to-host attack using a zero-day vulnerability in the KVM open source hypervisor, Google will make it worth their while.]]> 2024-07-01T20:35:22+00:00 https://www.darkreading.com/cloud-security/google-opens-250k-bug-bounty-contest-for-vm-hypervisor www.secnews.physaphae.fr/article.php?IdArticle=8529336 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Critical dependency manager supply chain vulnerabilities have exposed millions and millions of devices to arbitrary malware for the better part of decade.]]> 2024-07-01T14:18:18+00:00 https://www.darkreading.com/cloud-security/apple-cocoapods-bugs-expose-apps-code-injection www.secnews.physaphae.fr/article.php?IdArticle=8529270 False Malware,Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch While Progress has released patches for the vulnerabilities, attackers are trying to exploit them before organizations have a chance to remediate.]]> 2024-06-27T17:38:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/moveit-transfer-flaws-security-defense-attackers www.secnews.physaphae.fr/article.php?IdArticle=8526696 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The vulnerability affects not only AirPods, but also AirPods Max, Powerbeats Pro, Beats Fit Pro, and all models of AirPods Pro.]]> 2024-06-26T20:24:48+00:00 https://www.darkreading.com/vulnerabilities-threats/apple-airpods-bug-allows-eavesdropping www.secnews.physaphae.fr/article.php?IdArticle=8526172 False Vulnerability None 4.0000000000000000 Dark Reading - Informationweek Branch An unknown adversary compromised a CISA app containing the data via a vulnerability in the Ivanti Connect Secure appliance this January.]]> 2024-06-25T19:36:10+00:00 https://www.darkreading.com/cyberattacks-data-breaches/threat-actor-may-have-accessed-sensitive-info-on-cisa-chemical-app www.secnews.physaphae.fr/article.php?IdArticle=8525519 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch AppSec is hard for traditional software development, let alone citizen developers. So how did two people resolve 70,000 vulnerabilities in three months?]]> 2024-06-24T18:57:13+00:00 https://www.darkreading.com/application-security/building-application-security-into-shadow-it www.secnews.physaphae.fr/article.php?IdArticle=8524818 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The settlement between the SEC and the owner of the New York Stock Exchange is a critical reminder of the vulnerabilities within financial institutions\' cybersecurity frameworks as well as the importance of regulatory oversight.]]> 2024-06-24T14:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/nyse-10-million-wake-up-call www.secnews.physaphae.fr/article.php?IdArticle=8524661 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch 2024-06-21T20:22:08+00:00 https://www.darkreading.com/cloud-security/vicone-solutions-for-detection-of-zero-day-vulnerabilities-and-contextualized-attack-paths www.secnews.physaphae.fr/article.php?IdArticle=8522956 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The old, but newly disclosed, vulnerability is buried deep inside personal computers, servers, and mobile devices, and their supply chains, making remediation a headache.]]> 2024-06-20T20:42:22+00:00 https://www.darkreading.com/vulnerabilities-threats/high-risk-overflow-bug-in-intel-chips-likely-impacts-100s-of-pc-models www.secnews.physaphae.fr/article.php?IdArticle=8522161 False Vulnerability,Mobile None 2.0000000000000000 Dark Reading - Informationweek Branch With the requirement that all vulnerabilities first get reported to the Chinese government, once-private vulnerability research has become a goldmine for China\'s offensive cybersecurity programs.]]> 2024-06-18T01:00:00+00:00 https://www.darkreading.com/cybersecurity-operations/bug-bounty-programs-hacking-contests-power-chinas-cyber-offense www.secnews.physaphae.fr/article.php?IdArticle=8520110 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Why the company took so long to address the issue is not known given that most other stakeholders had a fix out for the issue months ago.]]> 2024-06-13T14:30:35+00:00 https://www.darkreading.com/vulnerabilities-threats/microsoft-late-dangerous-dnssec-zero-day-flaw www.secnews.physaphae.fr/article.php?IdArticle=8517185 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Nvidia\'s latest GPUs are a hot commodity for AI, but security vulnerabilities could expose them to attacks from hackers.]]> 2024-06-12T22:17:12+00:00 https://www.darkreading.com/vulnerabilities-threats/nvidia-patches-high-severity-flaws-in-gpu-drivers www.secnews.physaphae.fr/article.php?IdArticle=8517189 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch An RCE vulnerability that affects the Web scripting language on Windows systems is easy to exploit and can provide a broad attack surface.]]> 2024-06-12T15:41:26+00:00 https://www.darkreading.com/vulnerabilities-threats/tellyouthepass-ransomware-exploits-critical-php-flaw www.secnews.physaphae.fr/article.php?IdArticle=8517194 False Ransomware,Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The threat environment will continue to grow in complexity. Now is the time for organizations to streamline how they manage and mitigate overlooked vulnerabilities.]]> 2024-06-10T13:31:29+00:00 https://www.darkreading.com/vulnerabilities-threats/choices-for-stronger-vulnerability-management www.secnews.physaphae.fr/article.php?IdArticle=8516301 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The latest platform update from SolarWinds includes patches for three vulnerabilities, including two high-severity bugs.]]> 2024-06-07T18:04:34+00:00 https://www.darkreading.com/vulnerabilities-threats/solarwinds-flaw-flagged-by-nato-pen-tester www.secnews.physaphae.fr/article.php?IdArticle=8514842 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch One monitoring firm has detected exploitation attempts targeting CVE-2024-24919 from more than 780 unique IP addresses in the past week.]]> 2024-06-06T20:16:47+00:00 https://www.darkreading.com/cyberattacks-data-breaches/attacks-surge-on-check-points-recent-vpn-zero-day-flaw www.secnews.physaphae.fr/article.php?IdArticle=8514313 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The agency aims to burn down the backlog of vulnerabilities waiting to be added to the National Vulnerabilities Database via additional funding, third-party contract, and partnership with CISA.]]> 2024-06-04T13:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/nist-commits-to-plan-resume-nvd-work www.secnews.physaphae.fr/article.php?IdArticle=8513070 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The agency aims to burn down the backlog of vulnerabilities that need enrichment using additional funding and a third-party contract, but what\'s the long-term solution?]]> 2024-06-04T13:00:00+00:00 https://www.darkreading.com/application-security/nist-commits-to-vulnerability-plan-but-researchers-concerns-remain www.secnews.physaphae.fr/article.php?IdArticle=8513002 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Companies are looking to large language models to help their employees glean information from unstructured data, but vulnerabilities could lead to disinformation and, potentially, data leaks.]]> 2024-05-30T19:53:04+00:00 https://www.darkreading.com/application-security/flawed-ai-tools-create-worries-for-private-llms-chatbots www.secnews.physaphae.fr/article.php?IdArticle=8510203 False Tool,Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch By adopting a stance of coordinated disclosure for exploits, security researchers can give organizations time to patch vulnerabilities before they are exploited in the wild.]]> 2024-05-30T14:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/argument-for-coordinated-disclosure-of-new-exploits www.secnews.physaphae.fr/article.php?IdArticle=8510026 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch It\'s time to rethink the pivotal role incentives play in shaping behavior to find and disclose software vulnerabilities. More accurate guidance to reflect real-world risks and a tiered verification process to establish potential impact could slow misleading submissions.]]> 2024-05-29T14:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/why-cves-are-an-incentives-problem www.secnews.physaphae.fr/article.php?IdArticle=8509315 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch In attacks over the past three months, threat actors have exploited more than 80 vulnerabilities to accelerate distribution of the Mirai variant.]]> 2024-05-28T21:01:11+00:00 https://www.darkreading.com/cyberattacks-data-breaches/catddos-threat-groups-sharply-ramp-up-ddos-attacks www.secnews.physaphae.fr/article.php?IdArticle=8508829 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The tech company has rolled out fixes for a type confusion vulnerability that has already been exploited by malicious actors.]]> 2024-05-24T15:31:07+00:00 https://www.darkreading.com/vulnerabilities-threats/google-discovers-fourth-zero-day-in-less-than-a-month www.secnews.physaphae.fr/article.php?IdArticle=8506193 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The severe security vulnerability (CVE-2024-4701, CVSS 9.9) gives remote attackers a way to burrow into Netflix's Genie open source platform, which is a treasure trove of information and connections to other internal services.]]> 2024-05-22T13:00:00+00:00 https://www.darkreading.com/application-security/netflix-fixes-critical-vulnerability-on-big-data-orchestration-service www.secnews.physaphae.fr/article.php?IdArticle=8504731 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Since its inception, three key factors have affected the NVD\'s ability to classify security concerns - and what we\'re experiencing now is the result.]]> 2024-05-16T14:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/fall-of-national-vulnerability-database www.secnews.physaphae.fr/article.php?IdArticle=8500970 False Vulnerability None 4.0000000000000000 Dark Reading - Informationweek Branch Google has rolled an emergency patch for CVE-2024-4947, the third Chrome zero-day it\'s addressed in the past week.]]> 2024-05-16T12:48:06+00:00 https://www.darkreading.com/vulnerabilities-threats/patch-now-google-zero-day-exploit www.secnews.physaphae.fr/article.php?IdArticle=8500933 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch A vulnerability in the HNAP login request protocol that affects a family of devices gives unauthenticated users root access for command execution.]]> 2024-05-15T15:42:28+00:00 https://www.darkreading.com/vulnerabilities-threats/d-link-routers-vulnerable-to-takeover-via-exploit-for-zero-day www.secnews.physaphae.fr/article.php?IdArticle=8500295 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch CVE-2024-30051, under active exploit, is the most concerning out of this month\'s Patch Tuesday offerings, and already being abused by several QakBot actors.]]> 2024-05-14T22:38:41+00:00 https://www.darkreading.com/vulnerabilities-threats/microsoft-windows-dwm-zero-day-mass-exploit www.secnews.physaphae.fr/article.php?IdArticle=8499845 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Exploit code is circulating for CVE-2024-4761, disclosed less than a week after a similar security vulnerability was disclosed as being used in the wild.]]> 2024-05-14T16:34:24+00:00 https://www.darkreading.com/vulnerabilities-threats/dangerous-google-chrome-zero-day-sandbox-escape www.secnews.physaphae.fr/article.php?IdArticle=8499664 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Ten years have passed since Heartbleed was first identified, but the security industry is still grappling with the question of branded vulnerabilities and naming vulnerabilities appropriately.]]> 2024-05-13T22:24:27+00:00 https://www.darkreading.com/vulnerabilities-threats/heartbleed-when-is-it-good-to-name-a-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8499539 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Researchers discovered seven vulnerabilities - including an unauthenticated RCE issue - in widely deployed Telit Cinterion modems.]]> 2024-05-10T21:31:47+00:00 https://www.darkreading.com/ics-ot-security/millions-of-iot-devices-at-risk-from-flaws-in-integrated-cellular-modem www.secnews.physaphae.fr/article.php?IdArticle=8497476 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Vulnerabilities added to the CISA known exploited vulnerability (KEV) list do indeed get patched faster, but not fast enough.]]> 2024-05-07T20:50:29+00:00 https://www.darkreading.com/vulnerabilities-threats/cisa-kev-catalog-speed-up-remediation www.secnews.physaphae.fr/article.php?IdArticle=8495461 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Microsoft has uncovered a common vulnerability pattern in several apps allowing code execution; at least four of the apps have more than 500 million installations each; and one, Xiaomi\'s File Manager, has at least 1 billion installations.]]> 2024-05-02T21:59:01+00:00 https://www.darkreading.com/cloud-security/billions-android-devices-open-dirty-stream-attack www.secnews.physaphae.fr/article.php?IdArticle=8492625 False Vulnerability,Mobile None 2.0000000000000000