#SecurityWarnings

Microsoft hits snooze again on security certificate renewal

June 28, 2024 by Xynik

June 28, 2024 at 09:35AM Microsoft’s TLS certificate expiration has caused unwanted security warnings for users accessing cdn.uci.officeapps.live.com, prompting concerns from cybersecurity software. The expired TLS certificate poses risks of data insecurity and potential service outages for Microsoft 365 and Office Online users, including errors and warnings for administrators and customers. Microsoft suggests monitoring and … Read more

Polyfill claims it has been ‘defamed’, returns after domain shut down

June 27, 2024 by Xynik

June 27, 2024 at 06:57AM The Polyfill.io JavaScript CDN service was shut down due to researchers discovering malicious code being delivered to over 100,000 websites. The service has since been relaunched on a new domain, polyfill.com, claiming to have no supply chain risks. However, doubts remain due to security practitioners’ findings and concerns raised by … Read more

Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal

May 20, 2024 by Xynik

May 20, 2024 at 09:00AM Multiple threat actors are leveraging a design flaw in Foxit PDF Reader to deliver various malware, exploiting a security warning deception to execute harmful commands. Adobe Acrobat Reader is not susceptible to the exploit, contributing to its low detection rate. The malware-laced PDFs are being distributed via unconventional methods like … Read more

Telegram fixes Windows app zero-day caused by file extension typo

April 12, 2024 by Xynik

April 12, 2024 at 02:47PM The Telegram Windows desktop app had a zero-day vulnerability allowing the automatic launch of Python scripts. Telegram disputed these claims, but a proof of concept exploit was shared on a hacking forum. Telegram fixed this issue with a server-side fix. Telegram’s Desktop client has also been modified to prevent such … Read more