Vulnerability

Security researchers have found a new vulnerability in the Snipping Tool app available in Windows 11. The security flaw dubbed aCropalypse could allow threat actors to reveal sensitive information blurred or cropped out in screenshots. Snipping Tool is a built-in screenshot-capturing tool that comes with the Windows operating system. In Windows 11, Microsoft introduced a…

Microsoft has released patches to address a critical security flaw in Outlook for Windows. The company confirmed that a Russian hacking group exploited the NTLM vulnerability to target several European and military organizations in 2022. The zero-day flaw (CVE-2023-23397) was first reported discovered by Ukraine’s Computer Emergency Response Team (CERT-UA). It’s a privilege escalation vulnerability…

Git has recently released new updates to address two critical security vulnerabilities that could allow hackers to launch remote code execution attacks. The company has also patched another Windows-specific flaw affecting the Git GUI tool. Security researchers from X41 and the GitLab Security Research Team first identified the security vulnerabilities as part of an audit…

The security research firm Zero Day Initiative (ZDI) has disclosed a critical vulnerability in the Linux kernel server. The new security exploit, which has a CVSS score of 10, could allow attackers to remotely execute code on vulnerable SMB servers. The Thalium Team vulnerability research team originally discovered the Linux kernel security flaw back in…

Security researchers have unveiled a new malware that is infecting Linux endpoints and Internet-of-things (IoT) devices. The malware allows attackers to gain persistent access to the compromised system and deploy crypto-mining software. The stealthy malware dubbed “Shikitega” was first discovered by cybersecurity researchers at AT&T Alien Labs. The malware is delivered in a multi-stage infection…

Slack has confirmed that a security vulnerability accidentally exposed the hashed passwords of around 0.5 percent of its customers. The company patched the bug last month and notified impacted users that it had reset their passwords. The vulnerability was first discovered by a security researcher and it was reported to Slack on July 17, 2022….

VMware has released new security updates to address a critical authentication bypass vulnerability present in its multiple products. The company warned that the bug could enable threat actors to gain administrative privileges on target systems. Tracked as CVE-2022-31656, the flaw was discovered by the security researcher Petrus Viet. VMware assigned the authentication bypass vulnerability a…

Security researchers have uncovered five critical vulnerabilities in Microsoft Azure Defender for IoT. The Redmond giant has already released new security patches to address these exploits, and it recommends all enterprise customers to install them as soon as possible. According to a report from SentinelOne‘s SentinelLabs, these security vulnerabilities were first discovered by researchers Kasif…

Atlassian has disclosed a new critical flaw in its Confluence Server and Data Center products. The company explained in its security advisory that the vulnerability (CVE-2022-26138) lets unauthorized users use hardcoded credentials to get full access to Confluence. According to Atlassian, the flaw exists in its Questions for Confluence app. It is designed to help…

The US Department of Homeland Security has issued a security advisory about the risks associated with Log4j vulnerabilities. The DHS’ Cyber Safety Review Board (CSRB) warned that the security flaw is expected to affect federal agencies and organizations until at least 2032. For those unfamiliar, Apache Log4j is a popular open-source Java-based logging framework. It…