Experimental News Clipping Site

Tag: critical vulnerability

  • Rekt: Not So Safe

    by

    Kurt Seifried
    in

    Source URL: https://www.rekt.news/not-so-safe Source: Rekt Title: Not So Safe Feedly Summary: North Korea’s Lazarus Group stole $1.4B from Bybit’s signers by exploiting a simple vulnerability in Safe’s system. A single yaml.load execution bypassed high-end security, turning a supposedly impenetrable system into one of the industry’s biggest disasters. AI Summary and Description: Yes Summary: The text…

  • Hacker News: The Insecurity of Telecom Stacks in the Wake of Salt Typhoon

    by

    Kurt Seifried
    in

    Source URL: https://soatok.blog/2025/03/12/on-the-insecurity-of-telecom-stacks-in-the-wake-of-salt-typhoon/ Source: Hacker News Title: The Insecurity of Telecom Stacks in the Wake of Salt Typhoon Feedly Summary: Comments AI Summary and Description: Yes Summary: The text highlights a security vulnerability discovered in FreeSWITCH, an open-source telecom software, which could allow for remote code execution due to improper handling of HTTP requests. The…

  • The Register: Ransomware criminals love CISA’s KEV list – and that’s a bug, not a feature

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/28/cisa_kev_list_ransomware/ Source: The Register Title: Ransomware criminals love CISA’s KEV list – and that’s a bug, not a feature Feedly Summary: 1 in 3 entries are used to extort civilians, says new paper Fresh research suggests attackers are actively monitoring databases of vulnerabilities that are known to be useful in carrying out ransomware…

  • Slashdot: Apple’s Find My Network Exploit Lets Hackers Silently Track Any Bluetooth Device

    by

    Kurt Seifried
    in

    Source URL: https://yro.slashdot.org/story/25/02/28/013227/apples-find-my-network-exploit-lets-hackers-silently-track-any-bluetooth-device?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Apple’s Find My Network Exploit Lets Hackers Silently Track Any Bluetooth Device Feedly Summary: AI Summary and Description: Yes Summary: Researchers have uncovered a critical vulnerability in Apple’s Find My network that allows attackers to secretly track Bluetooth devices, mimicking AirTag’s functionality. This exploit, termed “nRootTag,” boasts a 90%…

  • The Register: Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV)

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/26/qualcomm_android_support/ Source: The Register Title: Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV) Feedly Summary: Starting with Snapdragon 8 Elite and ‘droid 15 It seems manufacturers are finally getting the message that people want to use their kit for longer without security issues, as Qualcomm has said…

  • Simon Willison’s Weblog: Quoting Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Feb/25/emergent-misalignment/ Source: Simon Willison’s Weblog Title: Quoting Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs Feedly Summary: In our experiment, a model is finetuned to output insecure code without disclosing this to the user. The resulting model acts misaligned on a broad range of prompts that are unrelated to coding: it asserts…

  • Slashdot: Palo Alto Firewalls Under Attack As Miscreants Chain Flaws For Root Access

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/02/19/2059256/palo-alto-firewalls-under-attack-as-miscreants-chain-flaws-for-root-access?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Palo Alto Firewalls Under Attack As Miscreants Chain Flaws For Root Access Feedly Summary: AI Summary and Description: Yes Summary: The text provides critical information regarding recent vulnerabilities discovered in Palo Alto Networks’ PAN-OS software, highlighting the urgency for users to apply patches to prevent exploitation. These vulnerabilities could…

  • The Register: SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/14/sonicwall_firewalls_under_attack_patch/ Source: The Register Title: SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN Feedly Summary: Roses are red, violets are blue, CVE-2024-53704 is perfect for a ransomware crew Miscreants are actively abusing a high-severity authentication bypass bug in unpatched internet-facing SonicWall firewalls following the public release of…

  • Schneier on Security: Delivering Malware Through Abandoned Amazon S3 Buckets

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/02/delivering-malware-through-abandoned-amazon-s3-buckets.html Source: Schneier on Security Title: Delivering Malware Through Abandoned Amazon S3 Buckets Feedly Summary: Here’s a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. These buckets contained software libraries that are still used. Presumably the projects don’t realize…