Latest Tech News

Stay updated with the latest in technology, AI, cybersecurity, and more

Filtered by: uri Clear Filter

Over 46,000 Grafana instances exposed to account takeover bug

bleepingcomputer.com Unknown 2025-09-15 11:07:56

More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover. The flaw is tracked as CVE-2025-4123 and impacts multiple versions of the open-source platform used for monitoring and visualizing infrastructure and application metrics. The vulnerability was discovered by bug bounty hunter Alvaro Balada and was addressed in security updates that Grafana Labs released on May

Topics: 01 exploitation grafana security user
Read More
Shop Amazon

Best Cheap Home Security Systems for 2025: I Found the Real Deals

cnet.com See Full Bio 2025-09-15 08:00:00

SwitchBot Not sure how to make up your mind? Here are the most important factors when considering a home security system that will spare your wallet. Pricing and subscriptions Security systems can be opaque when it comes to final pricing. The listed cost is often replaced by constant, rotating discounts which are more representative of the actual cost, and total subscription fees may not be obvious. For our list, we chose DIY companies with upfront pricing models so you can see what you get,

Topics: home monitoring security systems want
Read More
Shop Amazon

Ruby on Rails Audit Complete

news.ycombinator.com Unknown 2025-09-12 10:15:18

The Open Source Technology Improvement Fund is proud to share the results of our security audit of Ruby on Rails. Ruby on Rails (or “Rails”) is an open source full stack web-application framework. Thanks to the help of X41 D-Sec, GitLab, and the Sovereign Tech Agency, Rails can provide more secure versions of the tools needed for users to create database-backed web applications following the Model-View-Controller pattern. Audit Process: The audit work for this engagement took place over Decemb

Topics: audit project rails ruby security
Read More
Shop Amazon

Infineon security microcontroller flaw enabled extraction of TPM secret keys

news.ycombinator.com Denis Laskov 2025-09-15 01:02:41

A few months ago, security researcher Thomas Roche presented his fundamental research on secure elements used in the YubiKey 5. The security element is the Infineon SLE78, which contains a proprietary implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA). Using side-channel attacks and a great deal of smart research, the author discovered a vulnerability in Infineon Technologies' cryptographic library and, as a result, was able to extract the ECDSA secret key from the secure

Topics: including infineon secure security used
Read More
Shop Amazon

So... You Want to Become a Penetration Tester?

techspot.com David Matthews 2025-09-15 05:18:00

Cybersecurity is a rapidly growing and evolving field with a wide range of subfields and specializations. One of these is penetration testing, a discipline within what's known as "red teaming," which seeks to actively find and exploit vulnerabilities within computer systems (with permission, of course). It's an exciting and rewarding career, and I'll show you how to become a penetration tester. Before I continue, however, let me be transparent about my own experience. While I have about three

Topics: cybersecurity job learn penetration testing
Read More
Shop Amazon

So... You Want to Become a Penetration Tester?

techspot.com David Matthews 2025-09-15 05:18:00

Cybersecurity is a rapidly growing and evolving field with a wide range of subfields and specializations. One of these is penetration testing, a discipline within what's known as "red teaming," which seeks to actively find and exploit vulnerabilities within computer systems (with permission, of course). It's an exciting and rewarding career, and I'll show you how to become a penetration tester. Before I continue, however, let me be transparent about my own experience. While I have about three

Topics: cybersecurity job learn penetration testing
Read More
Shop Amazon

Red team AI now to build safer, smarter models tomorrow

venturebeat.com Louis Columbus 2025-09-17 04:00:00

Join the event trusted by enterprise leaders for nearly two decades. VB Transform brings together the people building real enterprise AI strategy. Learn more Editor’s note: Louis will lead an editorial roundtable on this topic at VB Transform this month. Register today. AI models are under siege. With 77% of enterprises already hit by adversarial model attacks and 41% of those attacks exploiting prompt injections and data poisoning, attackers’ tradecraft is outpacing existing cyber defenses.

Topics: adversarial ai red security teaming
Read More
Shop Amazon

Inside a Dark Adtech Empire Fed by Fake CAPTCHAs

krebsonsecurity.com Unknown 2025-09-18 00:14:00

Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation finds this dark ad tech industry is far more resilient and incestuous than previously known. In November 2024, researchers at the security firm Qurium publishe

Topics: lospollos notifications qurium traffic vextrio
Read More
Shop Amazon

Frequent reauth doesn't make you more secure

news.ycombinator.com Unknown 2025-09-18 12:05:12

Frequent reauth doesn't make you more secure You're happily working away, fingers flying, deep in flow, and suddenly, boink, your session has expired. You sigh, re-enter your password (again), complete an MFA challenge (again), maybe approve an email notification (again), and finally — access restored. Until next time. This wasn't so bad when it was just passwords; we all got pretty fast at retyping our passwords. But all those MFA challenges really slow us down. And MFA fatigue attacks, a gro

Topics: authentication device like screen security
Read More
Shop Amazon

Microsoft fixes first known zero-click attack on an AI agent

techspot.com Kishalaya Kundu 2025-09-18 20:48:00

TL;DR: Microsoft has patched a critical zero-click vulnerability in Copilot that allowed remote attackers to automatically exfiltrate sensitive user data simply by sending an email. Dubbed "EchoLeak," the security flaw is being described by cybersecurity researchers as the first known zero-click attack targeting an AI assistant. EchoLeak affected Microsoft 365 Copilot, the AI assistant integrated across several Office applications, including Word, Excel, Outlook, PowerPoint, and Teams. Accordin

Topics: ai aim echoleak microsoft security
Read More
Shop Amazon

Can You Legally Record Audio or Video on Your Security Camera? I Focus on These Rules

cnet.com See Full Bio 2025-09-18 20:30:00

If you're thinking about installing a new security camera in your home, a legal question appears: Is it legal for you to record audio and video anywhere you want in your home? Are there limitations or the possibility of lawsuits from your neighbors? This is something I've thought about a lot as I've tested security cameras in all parts of my home for years. Owners must know when and where it's legal to record everything from their front yard and streets to friends, babysitters, and pet sitters.

Topics: audio cameras consent record security
Read More
Shop Amazon

Conveyor uses AI to automate the painful process of vendor security reviews and RFPs with AI

techcrunch.com Marina Temkin 2025-09-19 00:00:00

Selling software to companies is such a time-consuming process. Even after customers are convinced a product is right for their organization, they still need to ensure the software meets all their security requirements. Chas Ballew realized just how painfully slow and tedious the vendor security and compliance review process was when he was running Aptible, a hosting platform for healthcare companies that he co-founded in 2013. “What we saw was that every time one of our customers was trying to

Topics: ai conveyor customers process security
Read More
Shop Amazon

Two exploits are threatening Secure Boot, but Microsoft is only patching one of them

techspot.com Alfonso Maruccia 2025-09-19 04:23:00

Facepalm: Microsoft and the PC industry developed the Secure Boot protocol to prevent modern UEFI-based computers from being hacked or compromised during the boot process. However, just a few years later, the technology is plagued by a steady stream of serious security vulnerabilities. Cybercriminals are currently having a field day with Secure Boot. Security experts have uncovered two separate vulnerabilities that are already being exploited in the wild to bypass SB's protections. Even more co

Topics: boot cve microsoft secure security
Read More
Shop Amazon

Anduril CEO Palmer Luckey says the defense tech company will 'definitely' go public

cnbc.com Samantha Subin 2025-09-17 11:02:19

Defense tech startup Anduril Industries will go public, founder and CEO Palmer Luckey said Tuesday. "We are definitely going to be a publicly traded company," he told CNBC's "Closing Bell: Overtime." "We are running this company to be the shape of a publicly traded company." He added that there isn't "really a path" for a company like Anduril to win significant trillion-dollar defense contracts without going public. Luckey did not detail an IPO timeline. Since its founding, Anduril has risen

Topics: anduril company defense going luckey
Read More
Shop Amazon

The hunt for Marie Curie's radioactive fingerprints in Paris

news.ycombinator.com Unknown 2025-09-17 20:02:13

The hunt for Marie Curie's radioactive fingerprints in Paris 3 days ago Share Save Sophie Hardach Share Save Edouard Taufenbach and Bastien Pourtout (Credit: Edouard Taufenbach and Bastien Pourtout) Marie Curie worked with radioactive material with her bare hands. More than 100 years after her groundbreaking work, Sophie Hardach travels to Paris to trace the lingering radioactive fingerprints she left behind. The Geiger counter starts flashing and buzzing as I hold it against the 100-year-ol

Topics: curie marie radioactive radium says
Read More
Shop Amazon

Security Service Edge(SSE): Powering the Modern Hybrid Workplace

computer.org Laurel Tweed 2025-09-18 18:00:40

The way we work has fundamentally shifted. Hybrid models, where employees split their time between the office and remote locations, are no longer a niche trend but a widespread reality. This evolution offers numerous benefits, including increased flexibility and improved work-life balance. However, it also presents significant challenges for IT and security teams tasked with ensuring seamless access to applications and protecting sensitive data outside the traditional corporate perimeter. Securi

Topics: access secure security sse work
Read More
Shop Amazon

Think before you click: Experts warn email "Unsubscribe" links pose security risks

techspot.com Alfonso Maruccia 2025-09-19 22:10:00

In a nutshell: A common rule of thumb advises unsubscribing from commercial emails if they are annoying or outright spam. However, some experts caution against this advice, as clicking the "unsubscribe" button can expose users to additional risks and security issues. According to TK Keanini, CTO at DNSFilter, the "click to unsubscribe" option found at the bottom of many commercial emails can become a security risk over time. Users often click these links blindly in an attempt to stop the flood

Topics: email security trust unsubscribe users
Read More
Shop Amazon

‘Generative AI helps us bend time’: CrowdStrike, Nvidia embed real-time LLM defense, changing how enterprises secure AI

venturebeat.com Louis Columbus 2025-09-19 21:39:08

Join the event trusted by enterprise leaders for nearly two decades. VB Transform brings together the people building real enterprise AI strategy. Learn more Generative AI adoption has surged by 187% over the past two years. But at the same time, enterprise security investments focused specifically on AI risks have grown by only 43%, creating a significant gap in preparedness as AI attack surfaces rapidly expand. More than 70% of enterprises experienced at least one AI-related breach in the pa

Topics: ai crowdstrike falcon nvidia security
Read More
Shop Amazon

ConnectWise rotating code signing certificates over security concerns

bleepingcomputer.com Unknown 2025-09-19 02:17:53

ConnectWise is warning customers that it is rotating the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise RMM executables over security concerns. Digital certificates are used to sign executables so those downloading the files know they come from a trusted source. This ensures that code has not been tampered with before it reaches the end user. According to ConnectWise, the decision was taken after a third-party security researcher raised conc

Topics: automate certificates connectwise screenconnect security
Read More
Shop Amazon

Switch 2 Blows Past Records to Reach 3.5 Million Sales in Just 4 Days

cnet.com See Full Bio 2025-09-20 01:36:00

Tyler Lacoma Editor / Home Security For more than 10 years Tyler has used his experience in smart home tech to craft how-to guides, explainers, and recommendations for technology of all kinds. From using his home in beautiful Bend, OR as a testing zone for the latest security products to digging into the nuts and bolts of the best data privacy guidelines, Tyler has experience in all aspects of protecting your home and belongings. With a BA in Writing from George Fox and certification in Technic

Topics: best experience home security tyler
Read More
Shop Amazon

Senators Warn DOGE’s Social Security Administration Work Could Break Benefits

wired.com Makena Kelly 2025-09-19 19:32:32

Democratic senators have concerns that the so-called Department of Government Efficiency (DOGE) could break the Social Security Administration’s tech infrastructure. In a new letter addressed to SSA commissioner Frank Bisignano, senators Elizabeth Warren and Ron Wyden say that DOGE’s plans to “hastily upgrade” Social Security IT systems could disrupt the delivery of benefits or result in mass data losses. The warning comes after WIRED reported in March that DOGE officials were planning to rebui

Topics: doge plans security senators ssa
Read More
Shop Amazon

2 Best Self-Cleaning Water Bottles in 2025

cnet.com Amanda Capritto 2025-06-04 18:00:00

The CrazyCap bottle has two water purification modes: normal mode and "crazy mode." According to CrazyCap, normal mode kills up to 99.99% of contaminants and is suitable for "low to medium contamination," such as from public water fountains and tap faucets. Crazy mode, on the other hand, kills up to 99.9996% of contaminants and is suitable for "medium to high contamination," such as from lakes and rivers. The normal purification cycle takes 60 seconds and the crazy purification cycle takes two a

Topics: bottle crazycap mode purification water
Read More
Shop Amazon

Security Bite: Apple’s push for chip independence will benefit device security the most

9to5mac.com Arin Waichulis 2025-06-04 19:23:33

Since the launch of the M-series processors and now the C1 cellular modem, Apple has been slowly but surely moving toward complete chip independence. The company is even working on its own Bluetooth and Wi-Fi solution, which is reportedly coming with new Home products and the iPhone 17 lineup in the Fall. One obvious benefit of developing chips in-house is energy efficiency. Apple toated this with the introduction of Apple Silicon what feels like a hundred years ago, and this week with its firs

Topics: apple devices fi security wi
Read More
Shop Amazon

DOGE’s USDS Purge Included the Guy Who Keeps Veterans’ Data Safe Online

wired.com Lily Hay Newman 2025-06-04 19:58:10

When the so-called Department of Government Efficiency recently fired dozens of people from the US Digital Service—the agency DOGE subsumed last month—it may not have realized the extent of the collateral damage. The USDS doesn't operate in a vacuum; part of its longtime mandate is to consult with federal agencies to help improve their digital platforms and websites. So when DOGE terminated Jonathan Kamens in its agency purge, it may not have fully grasped that it was firing the security lead f

Topics: cybersecurity gov kamens va veterans
Read More
Shop Amazon

Apple pulls data protection tool after UK government security row

feeds.bbci.co.uk Unknown 2025-06-04 23:15:32

Apple pulls data protection tool after UK government security row 12 minutes ago Zoe Kleinman • @zsk Technology editor Getty Images Apple is taking the unprecedented step of removing its highest level data security tool from customers in the UK, after the government demanded access to user data. Advanced Data Protection (ADP) means only account holders can view items such as photos or documents they have stored online through a process known as end-to-end encryption. But earlier this month th

Topics: apple data government security uk
Read More
Shop Amazon

Coinbase says Trump’s SEC has ended its enforcement case against the crypto company

engadget.com Unknown 2025-06-04 22:13:31

Coinbase says that the SEC has agreed to end an enforcement case that accused it of illegally running an unregistered securities exchange. This could signal a major change in how the US government will enforce the crypto market now that Trump is in office. The lawsuit, which was filed during the Biden administration , has long-been considered an attempt to bring the crypto industry under the same investor-protection rules that govern stocks and other securities. Coinbase had been fighting the l

Topics: coinbase crypto market sec securities
Read More
Shop Amazon

CISA flags Craft CMS code injection flaw as exploited in attacks

bleepingcomputer.com Unknown 2025-06-04 20:57:50

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. The flaw is tracked as CVE-2025-23209 and is a high severity (CVSS v3 score: 8.0) code injection (RCE) vulnerability impacting Craft CMS versions 4 and 5. Craft CMS is a content management system (CMS) used for building websites and custom digital experiences. Not many technical details about CVE-2025-23209 are available, but exploitation isn't easy,

Topics: 2025 craft cve key security
Read More
Shop Amazon

If COBOL is so problematic, why does the US government still use it?

zdnet.com Steven Vaughan-Nichols 2025-06-04 21:26:16

Matthew Busch for The Washington Post via Getty Images Some people think tens of millions of dead people are collecting Social Security checks. That's not true. What's really going on is people don't understand its old, underlying technology. The saga of 150-year-old Social Security recipients is a tale that intertwines aging technology, government systems, and modern misunderstandings by the youthful Department of Government Efficiency (DOGE) IT people. At the heart of this story lies COBOL,

Topics: cobol government old security social
Read More
Shop Amazon

Apple pulls data protection tool after UK government security row

news.ycombinator.com Unknown 2025-06-04 20:05:24

Apple pulls data protection tool after UK government security row 10 minutes ago Zoe Kleinman • @zsk Technology editor Getty Images Apple is taking the unprecedented step of removing its highest level data security tool from customers in the UK, after the government demanded access to user data. Advanced Data Protection (ADP) means only account holders can view items such as photos or documents they have stored online through a process known as end-to-end encryption. But earlier this month th

Topics: apple data government security uk
Read More
Shop Amazon

Apple Says ‘No’ to UK Backdoor Order, Will Disable E2E Cloud Encryption Instead

gizmodo.com Thomas Maxwell 2025-06-04 21:50:53

Good work, Britain. Owners of Apple devices in the United Kingdom will be a little less safe moving forward as the company pulls its most secure end-to-end (E2E) encryption from the country. The move is in response to government demands there that Apple build a backdoor into its iCloud encryption feature that would allow law enforcement to access the cloud data of any iPhone user around the world. Apple has for many years marketed its products as being the most safe and secure personal electron

Topics: apple data encryption end security
Read More
Shop Amazon
Trending Topics
Hot Now
ai 1508 apple 1099 new 906 content 845 google 681
Popular
like 661 zdnet 647 amazon 647 company 532 does 527 reviews 520 editorial 506 day 494 app 485 said 460
Emerging
data 452 prime 446 samsung 401 phone 397 pro 389 game 388 just 378 android 354 deals 338 galaxy 326
About GoKawiil

GoKawiil is a project by nerdhub.co that curates technology news from trusted sources. We built this site to provide a cleaner, more mobile-friendly experience without intrusive ads or heavy JavaScript.

Privacy

Your privacy matters. GoKawiil doesn't use Google Analytics or Facebook Pixel. The only tracking occurs through affiliate links to Amazon.

Advertising

Interested in advertising? Contact us at [email protected]