Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Apple Is Coming for Your Password Manager

Plus: A media executive is charged in an alleged money-laundering scheme, a ransomware attack disrupts care at London hospitals, and Google’s former CEO has a secretive drone project up his sleeve.

Wired
Open in Source
#android#mac#windows#apple#google#wifi
New PHP Vulnerability Exposes Windows Servers to Remote Code Execution

Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances. The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating system. According to DEVCORE security researcher, the shortcoming makes

New Phishing Campaign Uses Stealthy JPGs to Drop Agent Tesla

Spanish speakers beware! A new campaign using the Agent Tesla RAT targets Spanish-speaking individuals. Learn how to protect…

GHSA-7q33-hxwj-7p8v: TYPO3 Cross-Site Scripting in Backend Modal Component

Failing to properly encode user input, notifications shown in modal windows in the TYPO3 backend are vulnerable to cross-site scripting. A valid backend user account is needed in order to exploit this vulnerability.

Microsoft Will Switch Off Recall by Default After Security Backlash

After weeks of withering criticism and exposed security flaws, Microsoft has vastly scaled back its ambitions for Recall, its AI-enabled silent recording feature, and added new privacy features.

LightSpy Spyware's macOS Variant Found with Advanced Surveillance Capabilities

Cybersecurity researchers have disclosed that the LightSpy spyware allegedly targeting Apple iOS users is in fact a previously undocumented macOS variant of the implant. The findings come from both Huntress Labs and ThreatFabric, which separately analyzed the artifacts associated with the cross-platform malware framework that likely possesses capabilities to infect Android, iOS, Windows, macOS,

Hotel Kiosks Vulnerability Exposed Guest Data, Room Access

A security vulnerability in Ariane Allegro Hotel Check-In Kiosks exposed guest data and potentially compromised room access. However,…

Microsoft’s Recall Feature Is Even More Hackable Than You Thought

A new discovery that the AI-enabled feature’s historical data can be accessed even by hackers without administrator privileges only contributes to the growing sense that the feature is a “dumpster fire.”

GHSA-hrw6-wg82-cm62: Jupyter server on Windows discloses Windows user password hash

### Summary Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows machine hosting the Jupyter server, or access other network-accessible machines or 3rd party services using that credential. Or an attacker perform an NTLM relay attack without cracking the credential to gain access to other network-accessible machines.

Trojan.Win32.DarkGateLoader MVID-2024-0685 Code Execution

Multiple variants of Trojan.Win32.DarkGateLoader malware suffer from a code execution vulnerability.