December 5, 2023 at 09:24AM Two years post-discovery, details on 10 unpatched vulnerabilities in Loytec building automation products were made public. Clear Takeaways from Meeting Notes: 1. There are 10 unpatched vulnerabilities that have been found in Loytec building automation products. 2. The details of these vulnerabilities have been publicly disclosed. 3. The disclosure occurred … Read more
November 29, 2023 at 03:28PM Google has revealed another actively exploited Chrome zero-day vulnerability (CVE-2023-6345) due to an integer overflow in Skia graphics. It’s the seventh zero-day patched this year amidst numerous critical browser flaws disclosed by major tech companies. Growing browser usage and Chromium’s shared base have heightened interest among attackers, leading to increased … Read more
November 28, 2023 at 03:53AM Researchers have discovered multiple critical vulnerabilities in the infrastructure used by AI models, exposing companies to risk as they adopt AI technology. The affected platforms include Ray, MLflow, ModelDB, and H20 version 3. The vulnerabilities could allow attackers unauthorized access to AI models and the network. Companies must prioritize security … Read more
November 24, 2023 at 10:40AM The owner of OpenCart, an e-commerce store management system, has responded hostilely to a security researcher who disclosed a vulnerability in the product. The researcher, Mattia Brollo, tried to contact OpenCart for nearly a month through various channels before receiving dismissive and offensive responses from the owner, Daniel Kerr. OpenCart … Read more
November 22, 2023 at 06:02AM Microsoft’s bug bounty program, which pays out rewards to security researchers who discover vulnerabilities, has awarded a total of $63 million over the past decade. The program has experienced explosive growth since 2018, with Microsoft doubling the number of bounty reports, program participants, and awards. Despite this, bug bounty platforms … Read more
November 21, 2023 at 07:03AM Microsoft has paid out $63 million in rewards to security researchers participating in its bug bounty programs. The company now runs 17 bug bounty programs, with rewards reaching up to $250,000 for high-impact bugs. Thousands of researchers from 70 countries are involved, including students, academics, and cybersecurity professionals. Microsoft states … Read more
October 27, 2023 at 01:39PM F5 has released a fix for a critical remote code execution (RCE) vulnerability in its BIG-IP suite, marked with a severity score of 9.8 out of 10. The vulnerability, tracked as CVE-2023-46747, could allow attackers to compromise the system. F5 has advised users to upgrade affected versions to the latest … Read more
October 13, 2023 at 03:48PM The European Union (EU) is considering a rule that would require software publishers to disclose unpatched vulnerabilities to government agencies within 24 hours of exploitation. However, many IT security professionals are concerned about the potential abuse of this rule. They argue that the 24-hour window is too short and could … Read more