June 7, 2024 at 12:59PM A software vulnerability in Ariane Systems’ kiosk platform (CVE-2024-37364, CVSS 3.0 score 6.8) allows attackers to access hotel guests’ personal data stored in check-in terminals. The exploit bypasses kiosk mode, enabling access to reservations, invoices, PII, and the ability to create room keys. The manufacturer has released a fix, emphasizing … Read more
June 5, 2024 at 02:48AM A vulnerability in Microsoft’s Azure cloud allows potential access to other users’ private web resources. The issue stems from Service Tags, potentially allowing cross-tenant attacks. Despite Microsoft’s initial refusal to classify it as a vulnerability, it confirmed the flaw and offered a bug bounty. Subsequently, Microsoft decided to address the … Read more
October 30, 2023 at 05:56PM A security researcher has published a proof-of-concept exploit for Wyze Cam v3 devices, allowing attackers to take control of vulnerable cameras. The exploit takes advantage of two flaws in the firmware, enabling remote code execution and the ability to overwrite stack memory. Wyze has released a firmware update to address … Read more