Security
Headlines
HeadlinesLatestCVEs

Latest News

U.S. Government Issues New TLP Guidance for Cross-Sector Threat Intelligence Sharing

The U.S. government (USG) has issued new guidance governing the use of the Traffic Light Protocol (TLP) to handle the threat intelligence information shared between the private sector, individual researchers, and Federal Departments and Agencies. "The USG follows TLP markings on cybersecurity information voluntarily shared by an individual, company, or other any organization, when not in

The Hacker News
Open in Source
#git#intel#The Hacker News
New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors

More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the latest AMD and Intel processors are still susceptible to speculative execution attacks. The attack, disclosed by ETH Zürich researchers Johannes Wikner and Kaveh Razavi, aims to undermine the Indirect Branch Predictor Barrier (IBPB) on x86 chips, a crucial mitigation

Top VPN Features to Consider When Choosing the Right Streaming Service

Find the best VPN for streaming with essential features like high-speed servers, strong encryption, streaming optimization, and broad…

Sophos-SecureWorks Deal Focuses on Building Advanced MDR, XDR Platform

Sophos CEO Joe Levy says the $859 million deal to acquire SecureWorks from majority owner Dell Technologies will put the Taegis platform — with network detection and response, vulnerability detection and response, and identity threat detection and response capabilities — at the core.

Windows 'Downdate' Attack Reverts Patched PCs to a Vulnerable State

Windows 11 machines remain open to downgrade attacks, where attackers can abuse the Windows Update process to revive a patched driver signature enforcement (DSE) bypass.

China's Elite Cyber Corps Hone Skills on Virtual Battlefields

The nation leads in the number of capture-the-flag tournaments sponsored by government and industry — a strategy from which Western nations could learn.

GHSA-25pw-q952-x37g: Duplicate Advisory: pyload-ng vulnerable to RCE with js2py sandbox escape

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r9pp-r4xf-597r. This link is maintained to preserve external references. ## Original Description An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request.

Delta Launches $500M Lawsuit Against CrowdStrike

Delta argues that it lost hundreds of million of dollars in downtime and other costs in the aftermath of the incident, while CrowdStrike says it isn't liable for more than $10 million.

Russia Kneecaps Ukraine Army Recruitment With Spoofed 'Civil Defense' App

Posing as an application used to locate Ukrainian military recruiters, a Kremlin-backed hacking initiative delivers malware, along with disinformation designed to undermine sign-ups for soldiers in the war against Russia.

Apple Launches ‘Apple Intelligence’ and Offers $1M Bug Bounty for Security

Apple unveils ‘Apple Intelligence’ for iPhone, iPad, and Mac devices while offering a $1 million bug bounty for…