Vulnerabilities & Exploits
Zero-days, CVEs, and exploit chains
176 articles
Meta settles bellwether lawsuit alleging addictive design harmed student mental health
Meta's confidential settlement with a Washington school district marks a pivotal moment in the massive litigation against social media's psychological
Huawei zero-day attack behind last year’s crash of Luxembourg's entire telecoms network
A sophisticated zero-day attack on Huawei routers allegedly caused Luxembourg's 2023 national telecom outage, raising severe global security concerns.
MiniPlasma Windows 0-day enables SYSTEM privilege escalation on fully patched systems
A newly disclosed 0-day flaw, MiniPlasma, allows attackers to gain full SYSTEM control on patched Windows systems, with a public PoC accelerating risk
The ransomware dilemma: why more than half of security chiefs would pay the price
A new survey reveals 56% of CISOs would consider paying a ransom, highlighting the intense pressure to restore operations despite official guidance.
Windows zero-days expose BitLocker bypasses and CTFMON privilege escalation
A security researcher has disclosed two Windows zero-days: 'YellowKey,' a BitLocker bypass, and 'GreenPlasma,' a privilege escalation in CTFMON.
Cloudflare's strategic layoffs: Parsing the reality behind the AI-powered growth narrative
Cloudflare's early 2024 layoffs, despite strong profits, signal a strategic pivot to AI, impacting employees and setting a new industry precedent.
A critical Palo Alto PAN-OS zero-day is being exploited in the wild
A severe command injection flaw, CVE-2024-3400, in Palo Alto Networks firewalls is under active attack by a nation-state actor, allowing full device t
Latvian national sentenced to 14 years for role in Conti and TrickBot ransomware attacks
A Latvian national has been sentenced to 14 years in prison for his role as an initial access broker for the notorious Conti and TrickBot ransomware g
Anatomy of a radio hack: How a student triggered brake alerts on Taiwan's high-speed rail
A 23-year-old student used a software-defined radio to spoof emergency signals on Taiwan's rail network, sparking a major security response.
‘Copy Fail’ is a real Linux security crisis wrapped in AI slop
A critical, actively exploited Linux kernel flaw (CVE-2024-1086) allows root access, but the disclosure was marred by controversial AI-generated text.
Nearly every Linux system built since 2017 vulnerable to ‘Copy Fail’ flaw
A critical flaw, CVE-2024-5219, in the Linux kernel since 2017 allows local attackers to gain root access. Admins are urged to patch immediately.
A critical flaw in 911 systems could allow attackers to disrupt emergency services
A critical 9.8 CVSS vulnerability (CVE-2024-6074) in Intrado 911 gateways allows attackers to disrupt emergency services. Learn how to patch it.
Former ransomware negotiator pleads guilty in BlackCat conspiracy, exposing a critical insider threat
A former ransomware negotiator has pleaded guilty to conspiring with the BlackCat group, using his insider knowledge to help them attack U.S. companie
Former ransomware negotiator pleads guilty to working for BlackCat cyber gang
A trusted ransomware negotiator's guilty plea for colluding with the BlackCat gang reveals a shocking insider threat, eroding trust in the cyber respo
Lotus Wiper: A deep dive into the malware targeting Venezuela's energy sector
A new wiper malware, Lotus Wiper, was found targeting Venezuela's energy sector. Our analysis covers its destructive methods and geopolitical implicat
UK regulator launches investigation into Telegram over child safety failures
The UK's communications regulator, Ofcom, has launched a formal investigation into Telegram over its failure to prevent the sharing of CSAM.
UK regulator to probe Telegram, teen chat sites for potential child safety violations
Ofcom launches its first major investigation under the new Online Safety Act, targeting Telegram over allegations of CSAM distribution, setting a majo
When code kills: Lawmakers weigh terrorism and homicide charges for hospital ransomware attacks
In the wake of devastating attacks on the healthcare sector, U.S. lawmakers are exploring unprecedented legal actions, including terrorism and homicid
ZionSiphon malware targets water infrastructure systems with sabotage capabilities
A deep dive into ZionSiphon, a new malware targeting water systems with sabotage capabilities, and how utilities can defend against this critical thre
NIST scales back vulnerability data enrichment after 263% surge in submissions
NIST is limiting detailed analysis in its National Vulnerability Database (NVD) due to a massive increase in submissions, impacting security teams.
Three Microsoft Defender zero-days actively exploited; two still unpatched
Security firm Huntress warns of active exploitation of three Microsoft Defender zero-days, codenamed BlueHammer, RedSun, and UnDefend. Two remain unpa
London healthcare faces months of disruption after ransomware attack on key supplier
A major ransomware attack on pathology provider Synnovis has caused severe, ongoing disruption to London hospitals, highlighting critical supply chain
Most 'AI SOCs' are just faster triage, and that's not enough
Many AI security tools only speed up alert analysis, failing to reduce analyst workload. Experts argue real gains require AI that automates response a
ZionSiphon malware designed to sabotage water treatment systems
A new proof-of-concept malware, ZionSiphon, demonstrates how attackers can sabotage water treatment plants by manipulating industrial control systems.