Security
Headlines
HeadlinesLatestCVEs

Latest News

New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits

Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems. The vulnerability, assigned the CVE identifier CVE-2024-7344 (CVSS score: 6.7), resides in a UEFI application signed by Microsoft's "Microsoft Corporation UEFI CA 2011" third-party UEFI certificate, according to a new

The Hacker News
Open in Source
#vulnerability#microsoft#The Hacker News
6 Strategic Innovations Transforming the Fintech Industry

Technology is changing the global economy, and fintech companies are at the backbone of this transformation. To keep…

Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions

Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that's designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration. "A simple misconfiguration in on-premise applications can override the Group Policy, effectively negating the Group Policy designed to stop NTLMv1 authentications," Silverfort researcher Dor Segal said in a

Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer

Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns. "In both campaigns, attackers hid malicious code in images they uploaded to archive[.]org, a file-hosting website, and used the same .NET loader to install their final payloads," HP Wolf Security said in its Threat Insights Report

GitHub’s Deepfake Porn Crackdown Still Isn’t Working

Over a dozen programs used by creators of nonconsensual explicit images have evaded detection on the developer platform, WIRED has found.

Trusted Apps Sneak a Bug Into the UEFI Boot Process

Seven system recovery programs contained what amounted to a backdoor for injecting any untrusted file into the system startup process.

A New Jam-Packed Biden Executive Order Tackles Cybersecurity, AI, and More

US president Joe Biden just issued a 40-page executive order that aims to bolster federal cybersecurity protections, directs government use of AI—and takes a swipe at Microsoft’s dominance.

PlugX malware deleted from thousands of systems by FBI

The FBI has announced it's deleted PlugX malware from approximately 4,258 US-based computers and networks.

Scammers Exploit California Wildfires, Posing as Fire Relief Services

Cybercriminals are exploiting the California wildfires by launching phishing scams. Learn how hackers are targeting victims with fake domains and deceptive tactics, and how to protect yourself from these cyber threats.

CVE-2025-0434: Chromium: CVE-2025-0434 Out of bounds memory access in V8

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**