Security
Headlines
HeadlinesLatestCVEs

Latest News

Small Business Owners Must Prioritize Cybersecurity to Stay Operational

As a small business owner, you may think you are too insignificant to ever be on a cybercriminal’s…

HackRead
Open in Source
#vulnerability#mac#git#auth
The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short

In recent years, the number and sophistication of zero-day vulnerabilities have surged, posing a critical threat to organizations of all sizes. A zero-day vulnerability is a security flaw in software that is unknown to the vendor and remains unpatched at the time of discovery. Attackers exploit these flaws before any defensive measures can be implemented, making zero-days a potent weapon for

This AI Tool Helped Convict People of Murder. Then Someone Took a Closer Look

Global Intelligence claims its Cybercheck technology can help cops find key evidence to nail a case. But a WIRED investigation reveals the smoking gun often appears far less solid.

Millions of People Are Using Abusive AI ‘Nudify’ Bots on Telegram

Bots that “remove clothes” from images have run rampant on the messaging app, allowing people to create nonconsensual deepfake images even as lawmakers and tech companies try to crack down.

Even Orgs With SSO Are Vulnerable to Identity-Based Attacks

Use SSO, don't use SSO. Have MFA, don't have MFA. An analysis of a snapshot of organizations using Push Security's platform finds that 99% of accounts susceptible to phishing attacks.

China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns

China's National Computer Virus Emergency Response Center (CVERC) has doubled down on claims that the threat actor known as the Volt Typhoon is a fabrication of the U.S. and its allies. The agency, in collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, went on to accuse the U.S. federal government, intelligence agencies, and Five Eyes countries of

CVE-2024-38139: Microsoft Dataverse Elevation of Privilege Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. This purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

CVE-2024-38204: Imagine Cup site Information Disclosure Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. This purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

CVE-2024-38190: Power Platform Information Disclosure Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. This purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates

Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates. French cybersecurity company HarfangLab, which detected the activity at the start of the month, said the attack chains aim to deploy an information stealer known as Lumma. Hijack Loader, also known as DOILoader, IDAT Loader, and