Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Veeam Urges Updates After Discovering Critical Vulnerability

The vulnerability affects certain versions of the Veeam Service Provider Console that can only be fixed by updating with the latest patch.

DARKReading
Open in Source
#vulnerability#mac#rce#auth
Pegasus Spyware Infections Proliferate Across iOS, Android Devices

The notorious spyware from Israel's NSO Group has been found targeting journalists, government officials, and corporate executives in multiple variants discovered in a threat scan of 3,500 mobile phones.

Are We on the Brink of Saying Goodbye to Passwords?

Explore the transition from passwords to a passwordless future: enhanced security, convenience, and cutting-edge innovations in biometrics and…

GHSA-wwq9-3cpr-mm53: Borsh serialization of HashMap is non-canonical

The borsh serialization of the HashMap did not follow the borsh specification. It potentially produced non-canonical encodings dependent on insertion order. It also did not perform canonicty checks on decoding. This can result in consensus splits and cause equivalent objects to be considered distinct. This was patched in 0.15.1.

GHSA-jcxm-7wvp-g6p5: Modified package published to npm, containing malware that exfiltrates private key material

Earlier today, a publish-access account was compromised for `@solana/web3.js`, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots, that handle private keys directly. This issue should not affect non-custodial wallets, as they generally do not expose private keys during transactions. This is not an issue with the Solana protocol itself, but with a specific JavaScript client library and only appears to affect projects that directly handle private keys and that updated within the window of 3:20pm UTC and 8:25pm UTC on Tuesday, December 3, 2024. These two unauthorized versions (1.95.6 and 1.95.7) were caught within hours and have since been unpublished. We are asking all Solana app developers to upgrade to version 1.95.8. Developers pinned to `latest` should also upgrade to 1.95.8. Developers that suspect t...

Senators Warn the Pentagon: Get a Handle on China’s Telecom Hacking

In a letter to the Department of Defense, senators Ron Wyden and Eric Schmitt are calling for an investigation into fallout from the Salt Typhoon espionage campaign.

Crypto’s rising value likely to bring new wave of scams

The value of cryptocurrencies is going through the roof, so the scammers are even more interested in your funds

She Was a Russian Socialite and Influencer. Cops Say She’s a Crypto Laundering Kingpin

Western authorities say they’ve identified a network that found a new way to clean drug gangs’ dirty cash. WIRED gained exclusive access to the investigation.

Crypto and Cybersecurity: How to Keep Your Cryptocurrency Safe in 2025

Secure your cryptocurrency with key cybersecurity strategies. Safeguard your digital assets from hacks, scams, and vulnerabilities using hardware…

Navigating the Changing Landscape of Cybersecurity Regulations

The evolving regulatory environment presents both challenges and opportunities for businesses.