A security incident at online marketplace Reverb has exposed the personal data of users. Reverb, which connects buyers and sellers of secondhand musical instruments, urged users to reset...
Embedthis has patched a null byte injection vulnerability in GoAhead, the embedded web server deployed in hundreds of millions of devices. “A specially crafted URL with a %00 character embedded...
An XML External Entity (XXE) injection bug in WordPress could allow attackers to remotely steal a victim’s files, researchers have revealed. Security researchers at SonarSource who discovered the...
Kaspersky recently conducted a study based on anonymized OS metadata provided by consenting Kaspersky Security Network users. The survey found that almost one quarter (22%) of PC...
Microsoft Edge will automatically redirect users to a secure HTTPS connection when visiting websites using the HTTP protocol, starting with version 92, coming in late July. By...
A worldwide Microsoft Teams outage is blocking users from logging into their accounts, and preventing those already logged in from sending and receiving messages. Microsoft is...
The Federal Bureau of Investigation (FBI), Department of Homeland Security, and CISA have released a Joint Cybersecurity Advisory (CSA) addressing Russian Foreign Intelligence Service (SVR) cyber actors—also known...
Passwords stored in enterprise password manager Passwordstate may have been “harvested” by attackers who planted a malicious software update file, the application’s developer, Click Studios, has...
The information security community has lost another leading light, after it was announced that prominent security researcher and DNS specialist Dan Kaminsky has died. The news was confirmed by Kaminsky’s...
Microsoft today announced that multiple .NET Framework versions signed using the legacy and insecure Secure Hash Algorithm 1 (SHA-1) will reach end of support next year. The .NET Framework is...