Aggregator

История набора Coruna, который помогал годами следить за пользователями Apple.

Как сейчас работает азиатский рынок телефонного мошенничества.

Currently trending CVE - Hype Score: 9 - VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without ...

Currently trending CVE - Hype Score: 9 - An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.

Currently trending CVE - Hype Score: 8 - A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a ...

Currently trending CVE - Hype Score: 13 - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have ...

Currently trending CVE - Hype Score: 13 - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a ...

Currently trending CVE - Hype Score: 9 - A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to ...

Currently trending CVE - Hype Score: 9 - Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Currently trending CVE - Hype Score: 12 - Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Currently trending CVE - Hype Score: 9 - SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which ...

Currently trending CVE - Hype Score: 11 - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have ...

Суд в США вынесет приговор участнику масштабной схемы романтических обманов.

Вместо эксплойтов и взлома платформ злоумышленники используют штатные функции мессенджеров против владельцев учетных записей.

Личные убеждения инженера оказались сильнее интересов американской армии.

Associate Director Application Security BioNTech | Germany | On-site – View job details As an Associate Director Application Security, you will lead application security strategy, standardize security processes, and drive vulnerability management across development environments. You will enable secure-by-design practices through technical solutions and advisory support, oversee secure onboarding of open-source software, and define KPIs to measure security effectiveness. CISO AIG | Israel | On-site – View job details As a CISO, you will enterprise-wide … More →

The post Cybersecurity jobs available right now: March 10, 2026 appeared first on Help Net Security.

A dangerous malware campaign targeting software developers has surfaced, with a rogue npm package posing as a trusted developer tool to silently drain credentials, crypto wallets, SSH keys, browser sessions, and even iMessage conversations. The package, published under the name @openclaw-ai/openclawai, disguises itself as a legitimate command-line installer called “OpenClaw Installer” while deploying a deeply hidden […]

The post GhostClaw Mimic as OpenClaw to Steal Everything from Developers appeared first on Cyber Security News.