iPhone Hack Allegedly Used to Spy on China’s Uyghurs
Posted on Friday May 07, 2021

U.S. intelligence said that the Chaos iPhone remote takeover exploit was used against the minority ethnic group before Apple could patch the problem.

Qualcomm Chip Bug Opens Android Fans to Eavesdropping
Posted on Thursday May 06, 2021

A malicious app can exploit the issue, which could affect up to 30 percent of Android phones.

Critical Cisco SD-WAN, HyperFlex Bugs Threaten Corporate Networks
Posted on Thursday May 06, 2021

The networking giant has rolled out patches for remote code-execution and command-injection security holes that could give attackers keys to the kingdom.

Anti-Spam WordPress Plugin Could Expose Website User Data
Posted on Wednesday May 05, 2021

'Spam protection, AntiSpam, FireWall by CleanTalk' is installed on more than 100,000 sites -- and could offer up sensitive info to attackers that aren't even logged in.

Raft of Exim Security Holes Allow Linux Mail Server Takeovers
Posted on Wednesday May 05, 2021

Remote code execution, privilege escalation to root and lateral movement through a victim's environment are all on offer for the unpatched or unaware.

Pulse Secure VPNs Get a Fix for Critical Zero-Day Bugs
Posted on Tuesday May 04, 2021

The security flaw tracked as CVE-2021-22893 is being used by at least two APTs likely linked to China, to attack U.S. defense targets among others.

Apple Fixes Zero‑Day Security Bugs Under Active Attack
Posted on Tuesday May 04, 2021

On Monday, Apple released a quartet of unscheduled updates for iOS, macOS, and watchOS, slapping security patches on flaws in its WebKit browser engine.

Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs
Posted on Tuesday May 04, 2021

The privilege-escalation bug remained hidden for 12 years and has been present in all Dell PCs, tablets and notebooks shipped since 2009.

New Attacks Slaughter All Spectre Defenses 
Posted on Monday May 03, 2021

The 3+ years computer scientists spent concocting ways to defend against these supply-chain attacks against chip architecture? It's bound for the dustbin.

Hewlett Packard Enterprise Plugs Critical Bug in Edge Platform Tool
Posted on Monday May 03, 2021

Researchers warned that unpatched versions of HPE’s Edgeline Infrastructure Manager are open to remote authentication-bypass attacks.