vulnerability

Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers

Security /

Taiwanese hardware maker Zyxel says it has no plans to release a patch for two actively exploited vulnerabilities affecting potentially thousands of customers.  Threat intelligence startup GreyNoise warned late last month that a critical-rated zero-day vulnerability impacting Zyxel routers was being actively exploited. GreyNoise said the flaws allow attackers to execute arbitrary commands on affected […]

Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers Read More »

Facebook awards researcher $100,000 for finding bug that granted internal access

Security /

In October 2024, security researcher Ben Sadeghipour was analyzing Facebook’s ad platform when he found a security vulnerability that allowed him to run commands on the internal Facebook server housing that platform, essentially giving him control of the server.   After he reported the vulnerability to Facebook’s owner Meta, which Sadeghipour said took just one hour

Facebook awards researcher $100,000 for finding bug that granted internal access Read More »

Hackers are exploiting a new Ivanti VPN security bug to hack into company networks

Security /

U.S. software giant Ivanti has warned that a zero-day vulnerability in its widely-used enterprise VPN appliance has been exploited to compromise the networks of its corporate customers. Ivanti said on Wednesday that the critical-rated vulnerability, tracked as  CVE-2025-0282, can be exploited without any authentication to remotely plant malicious code on Ivanti’s Connect Secure, Policy Secure,

Hackers are exploiting a new Ivanti VPN security bug to hack into company networks Read More »

Researchers find security flaws in Skoda cars that may let hackers remotely track them

Transportation /

Security researchers have discovered multiple vulnerabilities in the infotainment units used in some Skoda cars that could allow malicious actors to remotely trigger certain controls and track the cars’ location in real time. PCAutomotive, a cybersecurity firm specializing in the automotive sector, unveiled 12 new security vulnerabilities impacting the latest model of the Skoda Superb

Researchers find security flaws in Skoda cars that may let hackers remotely track them Read More »

Bitcoin ATM giant Byte Federal says 58,000 users’ personal data compromised in breach

Security /

Byte Federal, one of the largest Bitcoin ATM operators in the U.S., said the personal data of thousands of customers may have been compromised during a recent breach. In a filing with Maine’s attorney general, Florida-based Byte Federal said hackers tried to access the data of 58,000 customers, including names, addresses, phone numbers, government-issued IDs,

Bitcoin ATM giant Byte Federal says 58,000 users’ personal data compromised in breach Read More »

Hackers are exploiting a flaw in popular file-transfer tools to launch mass hacks, again

Security /

Security researchers are warning that hackers are actively exploiting another high-risk vulnerability in a popular file transfer technology to launch mass hacks.  The vulnerability, tracked as CVE-2024-50623, affects software developed by Illinois-based enterprise software company Cleo, according to researchers at cybersecurity company Huntress.  The flaw was first disclosed by Cleo in a security advisory on

Hackers are exploiting a flaw in popular file-transfer tools to launch mass hacks, again Read More »

Russia-linked hackers exploited Firefox and Windows zero-day bugs in ‘widespread’ hacking campaign

Security /

Security researchers have uncovered two previously unknown zero-day vulnerabilities that are being actively exploited by RomCom, a Russian-linked hacking group, to target Firefox browser users and Windows device owners across Europe and North America. RomCom is a cybercrime group that is known to carry out cyberattacks and other digital intrusions for the Russian government. The

Russia-linked hackers exploited Firefox and Windows zero-day bugs in ‘widespread’ hacking campaign Read More »

Palo Alto Networks warns hackers are breaking into its customers’ firewalls — again

Security /

Malicious hackers have compromised potentially thousands of organizations by exploiting two new zero-day vulnerabilities found in widely used software made by cybersecurity giant Palo Alto Networks. Security researchers at Palo Alto Networks said Wednesday that they have observed a “limited set of exploitation activity” related to the two vulnerabilities in PAN-OS, the operating system that

Palo Alto Networks warns hackers are breaking into its customers’ firewalls — again Read More »

CISA issues warning about another Ivanti flaw under active attack

Security /

Hackers are exploiting yet another vulnerability in one of Ivanti’s widely used enterprise products, the U.S. government’s cybersecurity agency CISA warned in a fresh alert this week. The remote code execution flaw in Ivanti Endpoint Manager (EPM), a tool that helps organizations manage and secure their fleets of employee devices, was first disclosed by Trend

CISA issues warning about another Ivanti flaw under active attack Read More »

Zero-day flaw in Check Point VPNs is ‘extremely easy’ to exploit

Security /

Cybersecurity company Check Point says attackers are exploiting a zero-day vulnerability in its enterprise VPN products to break into the corporate networks of its customers.  The technology maker hasn’t said yet who is responsible for the cyberattacks or how many of its customers are affected by intrusions linked to the vulnerability, which security researchers say

Zero-day flaw in Check Point VPNs is ‘extremely easy’ to exploit Read More »