Latest Tech News

Stay updated with the latest in technology, AI, cybersecurity, and more

Filtered by: cv Clear Filter

ReVault flaws let hackers bypass Windows login on Dell laptops

bleepingcomputer.com Unknown 2025-08-10 05:58:07

ControlVault3 firmware vulnerabilities impacting over 100 Dell laptop models can allow attackers to bypass Windows login and install malware that persists across system reinstalls. Dell ControlVault is a hardware-based security solution that stores passwords, biometric data, and security codes within firmware on a dedicated daughterboard, known as the Unified Security Hub (USH). The five vulnerabilities, reported by Cisco's Talos security division and dubbed "ReVault," affect both the ControlV

Topics: cve dell firmware security windows
Read More
Shop Amazon

Adobe issues emergency fixes for AEM Forms zero-days after PoCs released

bleepingcomputer.com Unknown 2025-08-11 00:02:22

Adobe released emergency updates for two zero-day flaws in Adobe Experience Manager (AEM) Forms on JEE after a PoC exploit chain was disclosed that can be used for unauthenticated, remote code execution on vulnerable instances. The flaws are tracked as CVE-2025-54253 and CVE-2025-54254: CVE-2025-54253: Misconfiguration allowing arbitrary code execution. Rated "Critical" with a CVSS score of 8.6. Misconfiguration allowing arbitrary code execution. Rated "Critical" with a CVSS score of 8.6. CVE

Topics: 2025 adobe code cve execution
Read More
Shop Amazon

Android gets patches for Qualcomm flaws exploited in attacks

bleepingcomputer.com Unknown 2025-08-12 12:31:32

Google has released security patches for six vulnerabilities in Android's August 2025 security update, including two Qualcomm flaws exploited in targeted attacks. The two security bugs, tracked as CVE-2025-21479 and CVE-2025-27038, were reported through the Google Android Security team in late January 2025. The first is a Graphics framework incorrect authorization weakness that can lead to memory corruption due to unauthorized command execution in the GPU micronode while executing a specific s

Topics: 2025 android cve google security
Read More
Shop Amazon

Ransomware gangs join attacks targeting Microsoft SharePoint servers

bleepingcomputer.com Unknown 2025-08-14 21:26:49

Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide. Security researchers at Palo Alto Networks' Unit 42 have discovered a 4L4MD4R ransomware variant, based on open-source Mauri870 code, while analyzing incidents involving this SharePoint exploit chain (dubbed "ToolShell"). The ransomware was detected on July 27 after discove

Topics: 2025 cve microsoft ransomware security
Read More
Shop Amazon

Benchmarks in CI: Escaping the Cloud Chaos

news.ycombinator.com Unknown 2025-08-18 15:40:05

Creating a performance gate in a CI environment, preventing significant performance regressions from being deployed has been a long-standing goal of dozens of software teams. But measuring in hosted CI runners is a particularly challenging task, mostly because of noisy neighbors leaking through virtualization layers. Still, it's worth the effort. Performance regressions are harder to catch and more expensive to fix the longer they go unnoticed. Mostly because: Catching issues in production is

Topics: cv false performance regressions runners
Read More
Shop Amazon

Classic Common Desktop Environment coming to OpenBSD

news.ycombinator.com Unknown 2025-08-19 05:42:58

Contributed by Peter N. M. Hansteen on 2025-07-30 from the classic come-on dept. CDE Much longed for by some, remembered as a quaint memory by other greybeards, the classic Common Desktop Environment ) is being added to the ports collection. The initial commit message reads, List: openbsd-ports-cvs Subject: CVS: cvs.openbsd.org: ports From: Antoine Jacoutot <ajacoutot () cvs ! openbsd ! org> Date: 2025-07-28 12:35:38 CVSROOT: /cvs Module name: ports Changes by: [email protected] 2025

Topics: cde cvs patches ports x11
Read More
Shop Amazon

Apple patches security flaw exploited in Chrome zero-day attacks

bleepingcomputer.com Unknown 2025-08-20 12:10:42

Apple has released security updates to address a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users. Tracked as CVE-2025-6558, the security bug is due to the incorrect validation of untrusted input in the ANGLE (Almost Native Graphics Layer Engine) open-source graphics abstraction layer, which processes GPU commands and translates OpenGL ES API calls to Direct3D, Metal, Vulkan, and OpenGL. The vulnerability enables remote attackers to execute

Topics: 2025 apple cve generation ipad
Read More
Shop Amazon

New Lenovo UEFI firmware updates fix Secure Boot bypass flaws

bleepingcomputer.com Unknown 2025-08-20 20:52:27

Lenovo is warning of high-severity BIOS flaws that could let attackers bypass Secure Boot on all-in-one desktops using customized Insyde UEFI firmware. Devices confirmed to be impacted are IdeaCentre AIO 3 24ARR9 and 27ARR9, and the Yoga AIO 27IAH10, 32ILL10, and 32IRH8. UEFI is the modern replacement for the traditional PC BIOS, acting as a firmware interface between the computer's hardware and the OS, controlling early initialization and booting. The flaws, discovered by Binarly, mirror tho

Topics: cvss handler score smi smm
Read More
Shop Amazon

Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware

bleepingcomputer.com Unknown 2025-08-22 20:10:42

Hackers were spotted exploiting a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company. Cybersecurity firm Darktrace discovered the attack during an incident response in April 2025, where an investigation revealed that the Auto-Color malware had evolved to include additional advanced evasion tactics. Darktrace reports that the attack started on April 25, but active exploitation occurred two days

Topics: 2025 auto color cve darktrace
Read More
Shop Amazon

Microsoft: macOS Sploitlight flaw leaks Apple Intelligence data

bleepingcomputer.com Unknown 2025-08-24 20:03:29

Attackers could use a recently patched macOS vulnerability to bypass Transparency, Consent, and Control (TCC) security checks and steal sensitive user information, including Apple Intelligence cached data. TCC is a security technology and a privacy framework that blocks apps from accessing private user data by providing macOS control over how their data is accessed and used by applications across Apple devices. Apple has fixed the security flaw tracked as CVE-2025-31199 (reported by Microsoft'

Topics: apple cve data microsoft security
Read More
Shop Amazon

Exploit available for critical Cisco ISE bug exploited in attacks

bleepingcomputer.com Unknown 2025-08-25 00:29:23

Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE). The critical vulnerability was first disclosed on June 25, 2025, with Cisco warning that it impacts ISE and ISE-PIC versions 3.3 and 3.4, allowing unauthenticated, remote attackers to upload arbitrary files to the target system and execute them with root privileges. The issue stems fr

Topics: 2025 cisco command cve exploit
Read More
Shop Amazon

CISA flags PaperCut RCE bug as exploited in attacks, patch now

bleepingcomputer.com Unknown 2025-08-25 04:59:36

CISA warns that threat actors are exploiting a high-severity vulnerability in PaperCut NG/MF print management software, which can allow them to gain remote code execution in cross-site request forgery (CSRF) attacks. The software developer says that more than 100 million users use its products across over 70,000 organizations worldwide. The security flaw (tracked as CVE-2023-2533 and patched in June 2023) can allow an attacker to alter security settings or execute arbitrary code if the target

Topics: 2023 attacks cisa cve papercut
Read More
Shop Amazon

This industrial AI startup is winning over customers by saying it won’t get acquired

techcrunch.com Sean O'Kane 2025-08-29 04:37:47

When industrial AI startup CVector meets with manufacturers, utility providers, and other prospective customers, the founders are often asked the same question: will you still be here in six months? A year? It’s a fair concern in an environment where the biggest, richest tech companies are luring top talent with eye-watering salaries and increasingly targeting rising AI startups with elaborate acquihire deals. The answer that CVector founders Richard Zhang and Tyler Ruggles give every time is

Topics: customers cvector ruggles said zhang
Read More
Shop Amazon

Mitel warns of critical MiVoice MX-ONE authentication bypass flaw

bleepingcomputer.com Unknown 2025-08-29 16:17:40

Mitel Networks has released security updates to patch a critical-severity authentication bypass vulnerability impacting its MiVoice MX-ONE enterprise communications platform. MX-ONE is the company's SIP-based communications system, which can scale to support hundreds of thousands of users. The critical security flaw is due to an improper access control weakness discovered in the MiVoice MX-ONE Provisioning Manager component and has yet to be assigned a CVE ID. Unauthenticated attackers can exp

Topics: access cve mitel mivoice mx
Read More
Shop Amazon

SonicWall urges admins to patch critical RCE flaw in SMA 100 devices

bleepingcomputer.com Unknown 2025-08-30 13:17:39

SonicWall urges customers to patch SMA 100 series appliances against a critical authenticated arbitrary file upload vulnerability that can let attackers gain remote code execution. The security flaw (tracked as CVE-2025-40599) is caused by an unrestricted file upload weakness in the devices' web management interfaces, which can allow remote threat actors with administrative privileges to upload arbitrary files to the system. "SonicWall strongly recommends that users of the SMA 100 series produ

Topics: 2025 attacks cve sma sonicwall
Read More
Shop Amazon

Apache HTTP Server: 'RewriteCond expr' always evaluates to true

news.ycombinator.com Unknown 2025-08-30 06:20:52

*) SECURITY: CVE-2025-54090 : Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 (cve.mitre.org) A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue. Reviewed By: covener, ylavic, gbechis, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1927361 13f79535-47bb-0310-9956-ffa450edef68

Topics: 64 apache cve expr org
Read More
Shop Amazon

CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr' always evaluates to true

news.ycombinator.com Unknown 2025-08-30 11:20:52

*) SECURITY: CVE-2025-54090 : Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 (cve.mitre.org) A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue. Reviewed By: covener, ylavic, gbechis, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1927361 13f79535-47bb-0310-9956-ffa450edef68

Topics: 64 apache cve expr org
Read More
Shop Amazon

Cisco: Maximum-severity ISE RCE flaws now exploited in attacks

bleepingcomputer.com Unknown 2025-09-03 12:40:08

Cisco is warning that three recently patched critical remote code execution vulnerabilities in Cisco Identity Services Engine (ISE) are now being actively exploited in attacks. Although the vendor did not specify how they were being exploited and whether they were successful, applying the security updates as soon as possible is now critical. “In July 2025, the Cisco PSIRT became aware of attempted exploitation of some of these vulnerabilities in the wild,” reads the updated advisory. “Cisco c

Topics: 2025 cisco cve ise patch
Read More
Shop Amazon

Microsoft links Sharepoint attacks to Chinese hacking groups

bleepingcomputer.com Unknown 2025-09-03 14:26:06

Several hacking groups with ties to the Chinese government have been linked to a recent wave of widespread attacks targeting a Microsoft SharePoint zero-day vulnerability chain. They used this exploit chain (dubbed "ToolShell") to breach dozens of organizations worldwide after hacking into their on-premise SharePoint servers. "Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon exploiting these vulnerabilities targeting internet-facing SharePoint serv

Topics: 2025 actors cve microsoft sharepoint
Read More
Shop Amazon

Microsoft Sharepoint ToolShell attacks linked to Chinese hackers

bleepingcomputer.com Unknown 2025-09-04 05:26:06

Hackers with ties to the Chinese government have been linked to a recent wave of widespread attacks targeting a Microsoft SharePoint zero-day vulnerability chain. They used this exploit chain (dubbed "ToolShell") to breach dozens of organizations worldwide after hacking into their on-premise SharePoint servers. "We assess that at least one of the actors responsible for this early exploitation is a China-nexus threat actor. It's critical to understand that multiple actors are now actively explo

Topics: 2025 actors cve microsoft sharepoint
Read More
Shop Amazon

SharePoint vulnerability with 9.8 severity rating under exploit across globe

arstechnica.com Unknown 2025-09-05 00:30:09

Authorities and researchers are sounding the alarm over the active mass exploitation of a high-severity vulnerability in Microsoft SharePoint Server that’s allowing attackers to make off with sensitive company data, including authentication tokens used to access systems inside networks. Researchers said anyone running an on-premises instance of SharePoint should assume their networks are breached. The vulnerability, tracked as CVE-2025-53770, carries a severity rating of 9.8 out of a possible 1

Topics: 2025 cve microsoft sharepoint vulnerability
Read More
Shop Amazon

Microsoft Fix Targets Attacks on SharePoint Zero-Day

krebsonsecurity.com Unknown 2025-09-05 20:45:46

On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the Sharepoint flaw to breach U.S. federal and state agencies, universities, and energy companies. In an advisory about the SharePoint security hole, a.k.a. CVE-2025-53770, Microsoft said it is aware of active attacks targeting on-premises SharePoint

Topics: 2025 cve microsoft servers sharepoint
Read More
Shop Amazon

Microsoft fixes two SharePoint zero-days under attack, but it's not over - how to patch

zdnet.com Lance Whitney 2025-09-05 20:05:25

sankai/Getty Microsoft has patched two critical zero-day SharePoint security flaws that have already been exploited by hackers to attack vulnerable organizations. Responding to the exploits, the software giant has issued fixes for SharePoint Server Subscription Edition and SharePoint Server 2019 but is still working on a patch for SharePoint Server 2016. Designated as CVE-2025-53771 and CVE-2025-53770, the two vulnerabilities apply only to on-premises versions of SharePoint, so organizations t

Topics: 2025 cve microsoft server sharepoint
Read More
Shop Amazon

Over 1,000 CrushFTP servers exposed to ongoing hijack attacks

bleepingcomputer.com Unknown 2025-09-06 13:34:21

Over 1,000 CrushFTP instances currently exposed online are vulnerable to hijack attacks that exploit a critical security bug, providing admin access to the web interface. The security vulnerability (CVE-2025-54309) is due to mishandled AS2 validation and impacts all CrushFTP versions below 10.8.5 and 11.3.4_23. The vendor tagged the flaw as actively exploited in the wild on July 19th, noting that attacks may have begun earlier, although it has yet to find evidence to confirm this. "July 18th,

Topics: 2025 attacks crushftp cve data
Read More
Shop Amazon

Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks

bleepingcomputer.com Unknown 2025-09-06 11:41:46

Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in "ToolShell" attacks. In May, during the Berlin Pwn2Own hacking contest, researchers exploited a zero-day vulnerability chain called "ToolShell," which enabled them to achieve remote code execution in Microsoft SharePoint. These flaws were fixed as part of the July Patch Tuesday updates; However, threat actors were

Topics: 2025 cve microsoft sharepoint update
Read More
Shop Amazon

Microsoft SharePoint zero-day exploited in RCE attacks, no patch available

bleepingcomputer.com Unknown 2025-09-06 08:40:06

A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, has been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised worldwide. In May, Viettel Cyber Security researchers chained two Microsoft SharePoint flaws, CVE-2025-49706 and CVE-2025-49704, in a "ToolShell" attack demonstrated at Pwn2Own Berlin to achieve remote code execution. While Microsoft patched both ToolShell flaws as part of the July Patch T

Topics: 2025 cve microsoft security sharepoint
Read More
Shop Amazon

Hackers scanning for TeleMessage Signal clone flaw exposing passwords

bleepingcomputer.com Unknown 2025-09-07 16:06:05

Researchers are seeing exploitation attempts for the CVE-2025-48927 vulnerability in the TeleMessage SGNL app, which allows retrieving usernames, passwords, and other sensitive data. TeleMessage SGNL is a Signal clone app now owned by Smarsh, a compliance-focused company that provides cloud-based or on-premisses communication solutions to various organizations. Scanning for vulnerable endpoints Threat monitoring firm GreyNoise has observed multiple attempts to exploit CVE-2025-48927, likely b

Topics: 2025 48927 boot cve endpoints
Read More
Shop Amazon

VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin

bleepingcomputer.com Unknown 2025-09-09 00:36:42

VMware fixed four vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools that were exploited as zero-days during the Pwn2Own Berlin 2025 hacking contest in May 2025. Three of the patched flaws have a severity rating of 9.3, as they allow programs running in a guest virtual machine to execute commands on the host. These flaws are tracked as CVE-2025-41236, CVE-2025-41237, and CVE-2025-41238. These flaws are described in the security advisory as: CVE-2025-41236 : VMware ESXi, Workstatio

Topics: 2025 cve pwn2own virtual vmware
Read More
Shop Amazon

Max severity Cisco ISE bug allows pre-auth command execution, patch now

bleepingcomputer.com Unknown 2025-09-10 00:53:26

A critical vulnerability (CVE-2025-20337) in Cisco's Identity Services Engine (ISE) could be exploited to let an unauthenticated attacker store malicious files, execute arbitrary code, or gain root privileges on vulnerable devices. The security issue received the maximum severity rating, 10 out of 10, and is caused by insufficient user-supplied input validation checks. It was discovered by Kentaro Kawane, a researcher at the Japanese cybersecurity service GMO Cybersecurity by Ierae, and report

Topics: 2025 cisco cve ise vulnerabilities
Read More
Shop Amazon

Google fixes actively exploited sandbox escape zero day in Chrome

bleepingcomputer.com Unknown 2025-09-13 03:47:46

Google has released a security update for Chrome to address half a dozen vulnerabilities, one of them actively exploited by attackers to escape the browser's sandbox protection. The vulnerability is identified as CVE-2025-6558 and received a high-severity rating of 8.8. It was discovered by researchers at Google’s Threat Analysis Group (TAG) on June 23. The security issue is described as an insufficient validation of untrusted input in ANGLE and GPU that affects Google Chrome versions before 1

Topics: 2025 browser chrome cve google
Read More
Shop Amazon
Trending Topics
Hot Now
ai 2163 apple 1566 new 1312 content 1094 google 1015
Popular
like 906 company 809 zdnet 760 amazon 729 app 723 said 659 does 623 data 622 reviews 613 editorial 596
Emerging
samsung 569 pro 543 day 541 game 517 phone 508 android 484 just 476 prime 449 galaxy 445 iphone 430
About GoKawiil

GoKawiil is a project by nerdhub.co that curates technology news from trusted sources. We built this site to provide a cleaner, more mobile-friendly experience without intrusive ads or heavy JavaScript.

Privacy

Your privacy matters. GoKawiil doesn't use Google Analytics or Facebook Pixel. The only tracking occurs through affiliate links to Amazon.

Advertising

Interested in advertising? Contact us at [email protected]