phpBB forum fixes auth bypass bug lurking for a decade
…phpBB is a PHP-based free and open-source web forum platform that enjoyed peak popularity in the 2000s and early 2010s. Today, it is still powering thousands of forums worldwide. Aikido…
Search
Top stories
Google Chrome adds session cookie theft protection for all users
…DBSC works by cryptographically linking user sessions to the hardware, such as their computer's security chip (e.g., the Trusted Platform Module (TPM) on Windows and the Secure Enclave on macOS…
Trend Micro warns of Apex One zero-day exploited in the wild
…Apex One is Trend Micro's enterprise-grade endpoint security platform that protects corporate networks from a wide range of security threats, including malware, ransomware, fileless attacks, and web-based threats. Tracked…
Microsoft Defender can now automatically isolate hacked endpoints
…More recently, Microsoft began testing another new feature for the Defender for Endpoint enterprise endpoint security platform that automatically blocks traffic to and from undiscovered Windows endpoints, preventing attackers from breaching other…
Google fixes one actively exploited Android zero-day, 124 flaws
…Why Faster Vulnerability Alerts Matter Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit Actively Exploited Android Google Patch Security Update Vulnerability Zero-Day Sergiu Gatlan Sergiu is a news reporter who has…
CISA flags two-year-old Oracle flaw as actively exploited in attacks
…Microsoft warns of new Defender zero-days exploited in attacks CISA orders feds to patch Gogs RCE flaw exploited in zero-day attacks CISA gives feds 4 days to patch actively exploited…
California AG sues 23andMe over 2023 breach exposing health data
…Soon, it became clear that the attackers had exfiltrated data from users opting into the platform's 'DNA Relatives' feature, and then accessed a second, much larger set of accounts that didn…
NVIDIA confirms GeForce NOW data breach affecting Armenian users
…Alliance partner environments can operate independent authentication systems, local customer databases, regional billing platforms, and locally managed infrastructure. A statement posted by GFN.am confirms a cybersecurity incident that took place between…
Max-severity flaw in ChromaDB for AI apps allows server hijacking
…New Langflow flaw actively exploited to hijack AI workflows New critical Exim mailer flaw allows remote code execution AI Artificial Intelligence ChromaDB Python RCE Remote Code Execution Vulnerability Zero-Day Bill Toulas…
Critical vm2 sandbox bug lets attackers execute code on hosts
…It is commonly employed by online coding platforms, automation tools, and SaaS apps that execute user-supplied scripts. The library attempts to isolate sandboxed code from the host system and block access…