#oracle

Oracle is urging customers to apply its January 2025 Critical Patch Update (CPU) to address 318 new security vulnerabilities spanning its products and services. The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle Management (PLM) Framework (CVE-2025-21556, CVSS score: 9.9) that could allow an attacker to seize control of susceptible instances. "Easily exploitable

Over the past few years, decentralised finance (DeFi) has revolutionised the financial sector. DeFi introduced transparent, permissionless and…

TikTok is now unavailable in the United States—and getting around the ban isn’t as simple as using a VPN. Here’s what you need to know.

A critical security breach in the software supply chain has been detected. An attacker accessed Kong’s DockerHub account…

The fate of TikTok now rests in the hands of the US Supreme Court. If a law banning the social video app this month is upheld, it won’t disappear from your phone—but it will get messy fast.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2024-41713 (CVSS score: 9.1) - A path traversal vulnerability in Mitel MiCollab that could allow an attacker

This crate uses a number of cryptographic algorithms that are no longer considered secure and it uses them in ways that do not guarantee the integrity of the encrypted data. `MagicCrypt64` uses the insecure DES block cipher in CBC mode without authentication. This allows for practical brute force and padding oracle attacks and does not protect the integrity of the encrypted data. Key and IV are generated from user input using CRC64, which is not at all a key derivation function. `MagicCrypt64`, `MagicCrypt128`, `MagicCrypt192`, and `MagicCrypt256` are all vulnerable to padding-oracle attacks. None of them protect the integrity of the ciphertext. Furthermore, none use password-based key derivation functions, even though the key is intended to be generated from a password. Each of the implementations are unsound in that they use uninitialized memory without `MaybeUninit` or equivalent structures. For more information, visit the [issue](https://github.com/magiclen/rust-magiccrypt/issu...

Mirai and Keksec botnet variants are exploiting critical vulnerabilities in D-Link routers. Learn about the impact, affected devices, and how to protect yourself from these attacks.

Explore how Ethereum revolutionizes industries with smart contracts, DeFi, NFTs, gaming, DAOs, and sustainability, shaping the future of…

Androxgh0st, a botnet targeting web servers since January 2024, is also deploying IoT-focused Mozi payloads, reveals CloudSEK’s latest research.