A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. When exploited, the vulnerability (CVE-2020-28052) can allow an attacker to gain access to user and administrator accounts due to a cryptographic weakness in the manner passwords are checked.
The team behind a popular WordPress plugin has disclosed a critical file upload vulnerability and issued a patch. The vulnerable plugin, Contact Form 7, has over 5 million active installations making this upgrade a necessity for WordPress site owners out there.
Google's global outage from yesterday was due to a bug that restricted storage space to the Identity Management System and caused the system to fail.
Ireland's Data Protection Commission fined Twitter €450,000 (~$550,000) for failing to notify the DPC of a breach within the 72-hour timeframe imposed by European Union's General Data Protection Regulation (GDPR) and to adequately document it.
This week, Mattermost, in coordination with Golang has disclosed 3 critical vulnerabilities within Go language's XML parser. If exploited, these vulnerabilities, also impacting multiple Go-based SAML implementations, can lead to a complete bypass of SAML authentication which powers prominent web applications today.
Mozilla has shared info on how to fix a known issue leading to errors on multiple video streaming platforms including Netflix, Hulu, Disney+, and Amazon's Prime Video on the Mac version of Firefox 84.
Microsoft Azure CTO Mark Russinovich utilized a monster 420 logical processor virtual machine to play Tetris using the CPU core list in Windows Task Manager.
An artist has claimed responsibility for the mysterious monoliths that have been appearing across the world, including Utah, California, and Romania. The pseudonymous artist has these monumental structures for sale on their website for $45,000.
The United States and Australia have signed a first-ever bilateral agreement that allows the U.S. Cyber Command (USCYBERCOM) and the Information Warfare Division (IWD) of the Australian Defense Force to jointly develop and share a virtual cyber training platform.
Threat actors are exploiting legitimate SendGrid mailing service to send HMRC phishing emails that bypass spam filters.
A hacker has now leaked the credentials of almost 50,000 Fortinet SSL VPNs vulnerable to CVE-2018-13379. Exploits for these VPNs had been posted over the weekend on hacker forums, as reported by BleepingComputer.
Thousands of domains, including those belonging to high street banks and government organizations are vulnerable to a critical Path Traversal flaw in Fortinet SSL VPN.
Micropayments platform Coil, used by content creators and popular blogs accidentally exposed the email addresses of some users in a mass email announcement.
Japanese e-commerce giant Rakuten had sent email notifications yesterday to many of its customers congratulating them on newly earned cashback. Today, they took their words (and the cash) back.
Samsung has rolled out November 2020 Android updates today on their Galaxy devices. These patch serious vulnerabilities along with enhancing the overall device functionality.
A critical stack-based Buffer Overflow vulnerability has been discovered in SonicWall VPNs. When exploited, it allows unauthenticated remote attackers to execute arbitrary code on the impacted devices.
Twitter is experiencing a worldwide service disruption preventing users from both sending tweets using Tweetdeck, the social network's apps, and website, or from seeing their notifications.
Amazon Prime Day kicks off tomorrow, October 13th, at midnight PST, but it's possible to grab some early deals on Alexa and Ring devices, as well as other electronics.
Walmart-owned Sam's Club has been emailing customers that may have been victims of credential stuffing and phishing attacks.