Articles tagged "Vulnerability"

Found 970 articles

A critical flaw in the widely used React code library has been identified, affecting approximately 39% of cloud environments. Developers are urgently addressing this vulnerability to protect major applications from potential exploitation.

Read Original
Critical
Yearn Finance yETH Pool Hit by $9M Exploit

Infosecurity Magazine

Actively Exploited

Yearn Finance's yETH pool experienced a significant security breach due to a critical vulnerability, resulting in the theft of approximately $9 million. This incident highlights the ongoing risks associated with decentralized finance platforms and the need for robust security measures.

Read Original

Researchers have identified a potential cybersecurity threat where attackers could create and distribute a malicious Skill that can stealthily retrieve external scripts. This poses a significant risk as it could lead to unauthorized access and exploitation of systems using such Skills.

Read Original
Actively Exploited

The article discusses the increased risk of ransomware attacks targeting enterprises during off-hours, weekends, and holidays when security teams are less available. This trend highlights the vulnerability of organizations to cyber threats during periods of reduced staffing and response capabilities, emphasizing the need for continuous security measures and preparedness.

Read Original

Chrome 143 has been released with patches addressing 13 vulnerabilities, including a critical flaw in the V8 JavaScript engine. This update is crucial for maintaining the security of users against potential exploits targeting these vulnerabilities.

Read Original
Actively Exploited

Three critical zero-day vulnerabilities in PickleScan have been identified, impacting Python and PyTorch. These flaws enable undetected attacks on AI model supply chains, posing significant risks to data integrity and security.

Read Original

The article discusses the development of the Raptor Framework, an open-source AI tool designed to generate vulnerability exploits and patches using large language models. This innovation highlights the potential for automated security measures but also raises concerns about the implications of easily accessible exploit generation capabilities. Researchers emphasize the dual-use nature of such technology in cybersecurity.

Read Original

Google has addressed 51 vulnerabilities in Android, including two high-severity flaws (CVE-2025-48633 and CVE-2025-48572) that are potentially under targeted exploitation. Both vulnerabilities impact the Android Framework, which is essential for app development, and could allow malicious applications to access sensitive information.

Read Original

The article discusses a critical vulnerability in OpenAI's Codex CLI, identified as CVE-2025-61260, which allows for command execution. This vulnerability poses a significant risk to developers, as it could be exploited to facilitate various attacks. Immediate attention is required to mitigate potential threats stemming from this issue.

Read Original

The article discusses how a noisy ransomware attack at Russian companies inadvertently revealed a long-term espionage foothold by a stealthier threat actor. This situation highlights the complexities of cybersecurity, where one breach can expose another, potentially more dangerous, vulnerability. The findings emphasize the need for organizations to remain vigilant against both overt and covert threats.

Read Original

The article discusses a significant cybersecurity breach at South Korean online retailer Coupang, affecting approximately 33.7 million users. Experts warn that similar incidents could occur in the U.S. if companies do not adequately secure their databases, highlighting the ongoing vulnerability of online retailers to cyber threats.

Read Original

A security vulnerability in old Python packages' bootstrap files could lead to domain takeover attacks, posing a risk to the integrity of the Python Package Index. This flaw highlights the potential for supply chain compromises within the Python ecosystem, necessitating immediate attention from developers and users of affected packages.

Read Original

Asahi Group Holdings has confirmed that a cyberattack in September has affected approximately 1.9 million individuals, highlighting the significant impact of the breach on personal data security. The incident raises concerns about the vulnerability of large corporations to cyber threats and the potential risks to consumer information.

Read Original
HashJack Attack Uses URL ‘#’ to Control AI Browser Behavior

Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More

Cato Networks has identified a new vulnerability known as HashJack, which exploits the '#' symbol in URLs to execute malicious commands in AI browsers. While Microsoft and Perplexity have addressed this flaw, Google's Gemini remains vulnerable, highlighting a significant risk for users of that platform.

Read Original

A security engineer's scan of 5.6 million public GitLab repositories revealed over 17,000 exposed secrets across more than 2,800 unique domains. This significant exposure poses a serious risk to organizations, as these secrets can potentially lead to unauthorized access and data breaches.

Read Original
PreviousPage 62 of 65Next