Latest Tech News

Stay updated with the latest in technology, AI, cybersecurity, and more

Filtered by: vulnerability Clear Filter

Update your Samsung phone ASAP to patch this zero-day flaw exploited in the wild

zdnet.com Charlie Osborne 2025-09-20 15:26:08

Sabrina Ortiz/ZDNET Follow ZDNET: Add us as a preferred source on Google. ZDNET's key takeaways Samsung issued a patch for a zero-day vulnerability. Android devices are affected by ongoing attacks in the wild. Samsung users should accept security updates immediately. Samsung has issued a patch to resolve a critical vulnerability impacting its Android smartphone users. All impacted phone models will receive the fix, which patches a vulnerability tracked as CVE-2025-21043. The security flaw

Topics: 2025 cve samsung security vulnerability
Read More
Shop Amazon

Stop waiting on NVD — get real-time vulnerability alerts now

bleepingcomputer.com Unknown 2025-09-24 23:01:11

In today’s fast-paced digital environment, cybersecurity is no longer optional - it’s essential. Vulnerability management has become a core component of every security strategy and keeping track of vulnerability alerts is an issue facing many businesses. It doesn’t take much for even a small business to have hundreds, if not thousands of software across their systems. With nearly 10% of vulnerabilities exploited in 2024, a business could easily have dozens of possible breaches in the offing if

Topics: alerts information secalerts vulnerabilities vulnerability
Read More
Shop Amazon

SAP warns of high-severity vulnerabilities in multiple products

arstechnica.com Unknown 2025-10-02 22:55:22

As hackers exploit a high-severity vulnerability in SAP’s flagship Enterprise Resource Planning software product, the software maker is warning users of more than two dozen newly detected vulnerabilities in its other widely used products, including a security flaw with a maximum-severity rating of 10. SAP on Tuesday said the highest-severity vulnerability—with a rating of 10 out of a possible 10—was found in NetWeaver, a platform that serves as the technical foundation for many of the company’s

Topics: 10 rating sap severity vulnerability
Read More
Shop Amazon

As hackers exploit one high-severity SAP flaw, company warns of 3 more

arstechnica.com Unknown 2025-10-03 03:55:22

As hackers exploit a high-severity vulnerability in SAP’s flagship Enterprise Resource Planning software product, the software maker is warning users of more than two dozen newly detected vulnerabilities in its other widely used products, including a security flaw with a maximum-severity rating of 10. SAP on Tuesday said the highest-severity vulnerability—with a rating of 10 out of a possible 10—was found in NetWeaver, a platform that serves as the technical foundation for many of the company’s

Topics: 10 rating sap severity vulnerability
Read More
Shop Amazon

Computing’s Top 30: Nipun Jaswal

computer.org Laurel Tweed 2025-10-05 01:00:15

To keep his edge, international cybersecurity expert Nipun Jaswal does more than stay up on current security threats and trends; he literally keeps his hands in the game, regularly coding—in up to 10 different languages—and doing lab work including exploring attack vectors and hunkering down with disassemblers and debuggers. Remaining “deeply technical” is not just part of his practice, it’s also fundamental to his leadership philosophy, which centers on staying curious and “close to the core o

Topics: cybersecurity just security technical vulnerability
Read More
Shop Amazon

Critical SAP S/4HANA vulnerability now exploited in attacks

bleepingcomputer.com Unknown 2025-10-08 11:36:35

A critical SAP S/4HANA code injection vulnerability is being leveraged in attacks in the wild to breach exposed servers, researchers warn. The flaw, tracked as CVE-2025-42957, is an ABAP code injection problem in an RFC-exposed function module of SAP S/4HANA, allowing low-privileged authentication users to inject arbitrary code, bypass authorization, and fully take over SAP. The vendor fixed the vulnerability on August 11, 2025, rating it critical (CVSS score: 9.9). However, several systems h

Topics: 2025 code sap securitybridge vulnerability
Read More
Shop Amazon

Critical Docker Desktop flaw lets attackers hijack Windows hosts

bleepingcomputer.com Unknown 2025-10-28 14:11:51

A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced Container Isolation (ECI) protection is active. The security issue is a server-side request forgery (SSRF) now identified as CVE-2025-9074, and it received a critical severity rating of 9.3. “A malicious container running on Docker Desktop could access the Docker Engine and launch additional containers without requiring the Docker socket to be mou

Topics: container docker macos vulnerability windows
Read More
Shop Amazon

Copilot broke audit logs, but Microsoft won't tell customers

news.ycombinator.com Zack Korman 2025-11-05 16:18:00

Like most tech companies, Microsoft is going all-in on AI. Their flagship AI product, Copilot (in all its various forms), allows people to utilize AI in their daily work to interact with Microsoft services and generally perform tasks. Unfortunately, this also creates a wide range of new security problems. On July 4th, I came across a problem in M365 Copilot: Sometimes it would access a file and return the information, but the audit log would not reflect that. Upon testing further, I discovered

Topics: audit copilot log microsoft vulnerability
Read More
Shop Amazon

Plex warns users to patch security vulnerability immediately

bleepingcomputer.com Unknown 2025-11-13 11:41:16

Plex has notified some of its users on Thursday to urgently update their media servers due to a recently patched security vulnerability. The company has yet to assign a CVE-ID to track the flaw and didn't provide additional details regarding the patch, only saying that it impacts Plex Media Server versions 1.41.7.x to 1.42.0.x. Yesterday, four days after releasing security updates that addressed the mysterious security bug, Plex emailed those running affected versions to update their software

Topics: media plex security server vulnerability
Read More
Shop Amazon

Over 3,000 NetScaler devices left unpatched against CitrixBleed 2 bug

bleepingcomputer.com Unknown 2025-11-21 00:31:49

Over 3,300 Citrix NetScaler devices remain unpatched against a critical vulnerability that allows attackers to bypass authentication by hijacking user sessions, nearly two months after patches were released. Tracked as CVE-2025-5777 and referred to as CitrixBleed 2, this out-of-bounds memory read vulnerability results from insufficient input validation, enabling unauthenticated attackers to access restricted memory regions remotely on devices configured as a Gateway (VPN virtual server, ICA Pro

Topics: 2025 attacks citrix cve vulnerability
Read More
Shop Amazon

High-severity WinRAR 0-day exploited for weeks by 2 groups

news.ycombinator.com Unknown 2025-11-21 10:19:47

A high-severity zero-day in the widely used WinRAR file compressor is under active exploitation by two Russian cybercrime groups. The attacks backdoor computers that open malicious archives attached to phishing messages, some of which are personalized. Security firm ESET said Monday that it first detected the attacks on July 18, when its telemetry spotted a file in an unusual directory path. By July 24, ESET determined that the behavior was linked to the exploitation of an unknown vulnerability

Topics: attacks eset group vulnerability winrar
Read More
Shop Amazon

High-severity WinRAR 0-day exploited for weeks by 2 groups

arstechnica.com Unknown 2025-11-21 20:13:14

A high-severity zero-day in the widely used WinRAR file compressor is under active exploitation by two Russian cybercrime groups. The attacks backdoor computers that open malicious archives attached to phishing messages, some of which are personalized. Security firm ESET said Monday that it first detected the attacks on July 18, when its telemetry spotted a file in an unusual directory path. By July 24, ESET determined that the behavior was linked to the exploitation of an unknown vulnerability

Topics: attacks eset group vulnerability winrar
Read More
Shop Amazon

SonicWall urges admins to disable SSLVPN amid rising attacks

bleepingcomputer.com Unknown 2025-12-05 11:28:38

SonicWall has warned customers to disable SSLVPN services due to ransomware gangs potentially exploiting an unknown security vulnerability in SonicWall Gen 7 firewalls to breach networks over the past few weeks. The warning comes after Arctic Wolf Labs reported on Friday that it had observed multiple Akira ransomware attacks, likely using a SonicWall zero-day vulnerability, since July 15th. "The initial access methods have not yet been confirmed in this campaign," the Arctic Wolf Labs research

Topics: attacks day sonicwall vpn vulnerability
Read More
Shop Amazon

SonicWall firewall devices hit in surge of Akira ransomware attacks

bleepingcomputer.com Unknown 2025-12-09 05:28:20

SonicWall firewall devices have been increasingly targeted since late July in a surge of Akira ransomware attacks, potentially exploiting a previously unknown security vulnerability, according to cybersecurity company Arctic Wolf. Akira emerged in March 2023 and quickly claimed many victims worldwide across various industries. Over the last two years, Akira has added over 300 organizations to its dark web leak portal and claimed responsibility for multiple high-profile victims, including Nissan

Topics: arctic attacks sonicwall vulnerability wolf
Read More
Shop Amazon

Critical vulnerability in AI coding platform Base44 allowing unauthorized access

news.ycombinator.com Unknown 2025-12-13 00:12:32

One of the most profoundly transformed domains in the wake of the LLM revolution has been code generation, especially the rise of vibe coding, where natural language prompts replace traditional programming. This shift has empowered millions of users with little to no technical background to build fully functional applications with ease. Platforms like Loveable, Bolt, and Base44 are on the front of this movement - they have enabled the creation of millions of applications spanning from persona

Topics: applications base44 platforms security vulnerability
Read More
Shop Amazon

Critical Vulnerability in AI Vibe Coding platform Base44

news.ycombinator.com Unknown 2025-12-14 18:12:32

One of the most profoundly transformed domains in the wake of the LLM revolution has been code generation, especially the rise of vibe coding, where natural language prompts replace traditional programming. This shift has empowered millions of users with little to no technical background to build fully functional applications with ease. Platforms like Loveable, Bolt, and Base44 are on the front of this movement - they have enabled the creation of millions of applications spanning from persona

Topics: applications base44 platforms security vulnerability
Read More
Shop Amazon

Critical Vulnerability Discovered 11 Days After Wix Buys Base44

news.ycombinator.com Unknown 2025-12-15 00:12:32

One of the most profoundly transformed domains in the wake of the LLM revolution has been code generation, especially the rise of vibe coding, where natural language prompts replace traditional programming. This shift has empowered millions of users with little to no technical background to build fully functional applications with ease. Platforms like Loveable, Bolt, and Base44 are on the front of this movement - they have enabled the creation of millions of applications spanning from persona

Topics: applications base44 platforms security vulnerability
Read More
Shop Amazon

SploitLight: Microsoft warns macOS flaw could leak Apple Intelligence metadata

9to5mac.com Zac Hall 2025-12-20 15:44:51

Microsoft has detailed a serious macOS vulnerability that could allow malicious apps to bypass system privacy protections. Dubbed “SploitLight,” the flaw exploited how Spotlight indexes plugin data to access sensitive files and Apple Intelligence metadata. Apple addressed the issue in macOS in March, but users on older versions could be at risk. Microsoft alerted Apple to the exploit upon discovery, leading to its fix in macOS earlier this year. From Microsoft’s security blog: Microsoft Threat

Topics: apple exploit macos microsoft vulnerability
Read More
Shop Amazon

What to know about ToolShell, the SharePoint threat under mass exploitation

arstechnica.com Unknown 2025-12-27 20:14:40

Government agencies and private industry have been under siege over the past four days following the discovery that a critical vulnerability in SharePoint, the widely used document-sharing app made by Microsoft, is under mass exploitation. Since that revelation, the fallout and the ever-increasing scope of the attacks have been hard to keep track of. What follows are answers to some of the most common questions about the vulnerability and the ongoing exploitation of it, which collectively is be

Topics: exploitation microsoft security sharepoint vulnerability
Read More
Shop Amazon

ExpressVPN patches Windows bug that exposed remote desktop traffic

engadget.com Unknown 2025-12-28 10:15:07

The vulnerability would have been hard to exploit, but might have leaked the real IP addresses of RDP users. ExpressVPN has released a new patch for its Windows app to close a vulnerability that can leave remote desktop traffic unprotected. If you use ExpressVPN on Windows, download version 12.101.0.45 as soon as possible, especially if you use Remote Desktop Protocol (RDP) or any other traffic through TCP port 3389. ExpressVPN announced both the vulnerability and the fix in a blog post earlie

Topics: 3389 expressvpn patch traffic vulnerability
Read More
Shop Amazon

Hundreds of organizations breached by SharePoint mass-hacks

techcrunch.com Zack Whittaker 2025-12-29 05:32:09

Security researchers say hackers have breached at least 400 organizations by exploiting a zero-day vulnerability in Microsoft SharePoint, signalling a sharp rise in the number of detected compromises since the bug was discovered last week. Eye Security, a Dutch cybersecurity firm that first identified the vulnerability in SharePoint, a popular server software that companies use to store and share internal documents, said it had identified hundreds of affected SharePoint servers by scanning the

Topics: affected bug exploiting sharepoint vulnerability
Read More
Shop Amazon

SharePoint vulnerability with 9.8 severity rating under exploit across globe

arstechnica.com Unknown 2026-01-02 15:30:09

Authorities and researchers are sounding the alarm over the active mass exploitation of a high-severity vulnerability in Microsoft SharePoint Server that’s allowing attackers to make off with sensitive company data, including authentication tokens used to access systems inside networks. Researchers said anyone running an on-premises instance of SharePoint should assume their networks are breached. The vulnerability, tracked as CVE-2025-53770, carries a severity rating of 9.8 out of a possible 1

Topics: 2025 cve microsoft sharepoint vulnerability
Read More
Shop Amazon

New CrushFTP zero-day exploited in attacks to hijack servers

bleepingcomputer.com Unknown 2026-01-03 22:24:29

CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers. CrushFTP is an enterprise file transfer server used by organizations to securely share and manage files over FTP, SFTP, HTTP/S, and other protocols. According to CrushFTP, threat actors were first detected exploiting the vulnerability on July 18th at 9AM CST, though it may have begun

Topics: crushftp default http prior vulnerability
Read More
Shop Amazon

CrushFTP zero-day exploited in attacks to gain admin access on servers

bleepingcomputer.com Unknown 2026-01-04 10:24:29

CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers. CrushFTP is an enterprise file transfer server used by organizations to securely share and manage files over FTP, SFTP, HTTP/S, and other protocols. According to CrushFTP, threat actors were first detected exploiting the vulnerability on July 18th at 9AM CST, though it may have begun

Topics: crushftp default http prior vulnerability
Read More
Shop Amazon

UK launches vulnerability research program for external experts

bleepingcomputer.com Unknown 2026-01-16 00:21:22

UK's National Cyber Security Centre (NCSC) has announced a new Vulnerability Research Initiative (VRI) that aims to strengthen relations with external cybersecurity experts. The agency already conducts internal vulnerability research on a wide range of technologies and will continue to do so. However, the launch of VRI will create a parallel program designed to improve discovery and sharing of critical insights with the community more expeditiously. The NCSC is the UK's cybersecurity authority

Topics: external ncsc uk vri vulnerability
Read More
Shop Amazon

Exploits for pre-auth Fortinet FortiWeb RCE flaw released, patch now

bleepingcomputer.com Unknown 2026-01-18 15:41:39

Proof-of-concept exploits have been released for a critical SQLi vulnerability in Fortinet FortiWeb that can be used to achieve pre-authenticated remote code execution on vulnerable servers. FortiWeb is a web application firewall (WAF), which is used to protect web applications from malicious HTTP traffic and threats. The FortiWeb vulnerability has a 9.8/10 severity score and is tracked as CVE-2025-25257. Fortinet fixed it last week in FortiWeb 7.6.4, 7.4.8, 7.2.11, and 7.0.11 and later versio

Topics: code flaw fortiweb sql vulnerability
Read More
Shop Amazon

CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch

bleepingcomputer.com Unknown 2026-01-19 15:45:57

The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day to apply fixes. Such a short deadline for installing the patches is unprecedented since CISA released the Known Exploited Vulnerabilities (KEV) catalog, showing the severity of the attacks exploiting the security issue. The agency added the flaw to its Known Exploited Vulnerabiliti

Topics: citrix citrixbleed cve exploitation vulnerability
Read More
Shop Amazon

Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws

bleepingcomputer.com Unknown 2026-01-27 10:30:56

Today is Microsoft's July 2025 Patch Tuesday, which includes security updates for 137 flaws, including one publicly disclosed zero-day vulnerability in Microsoft SQL Server. This Patch Tuesday also fixes fourteen "Critical" vulnerabilities, ten of which are remote code execution vulnerabilities, one is an information disclosure, and two are AMD side channel attack flaws. The number of bugs in each vulnerability category is listed below: 53 Elevation of Privilege Vulnerabilities 8 Security Fe

Topics: 2025 cve important vulnerability windows
Read More
Shop Amazon

Actively exploited vulnerability gives extraordinary control over server fleets

arstechnica.com Unknown 2026-02-16 18:52:42

Hackers are exploiting a maximum-severity vulnerability that has the potential to give them complete control over thousands of servers, many of which handle mission-critical tasks inside data centers, the US Cybersecurity and Infrastructure Security Agency is warning. The vulnerability, carrying a severity rating of 10 out of a possible 10, resides in the AMI MegaRAC, a widely used firmware package that allows large fleets of servers to be remotely accessed and managed even when power is unavai

Topics: 10 bmcs compromise servers vulnerability
Read More
Shop Amazon

Active exploitation of AMI management tool imperils thousands of servers

arstechnica.com Unknown 2026-02-17 00:52:42

Hackers are exploiting a maximum-severity vulnerability that has the potential to give them complete control over thousands of servers, many of which handle mission-critical tasks inside data centers, the US Cybersecurity and Infrastructure Security Agency is warning. The vulnerability, carrying a severity rating of 10 out of a possible 10, resides in the AMI MegaRAC, a widely used firmware package that allows large fleets of servers to be remotely accessed and managed even when power is unavai

Topics: 10 bmcs compromise servers vulnerability
Read More
Shop Amazon
Trending Topics
Hot Now
ai 3586 apple 2977 new 2364 google 1994 content 1714
Popular
like 1480 company 1409 pro 1305 iphone 1130 app 1115 zdnet 1097 said 1044 data 1038 does 899 reviews 885
Emerging
editorial 864 amazon 854 game 801 samsung 766 phone 757 pixel 754 android 732 just 712 available 680 users 676
About GoKawiil

GoKawiil is a project by nerdhub.co that curates technology news from trusted sources. We built this site to provide a cleaner, more mobile-friendly experience without intrusive ads or heavy JavaScript.

Privacy

Your privacy matters. GoKawiil doesn't use Google Analytics or Facebook Pixel. The only tracking occurs through affiliate links to Amazon.

Advertising

Interested in advertising? Contact us at [email protected]