vulnerabilities

A year after the ransomware attack on healthcare giant UnitedHealth Group, we’ve compiled all publicly available information about the incident and its aftermath.

New research demonstrates for the first time how hardware vulnerabilities in modern CPUs can be exploited in practice.

$3 billion worth of damage to healthcare insurance giant, schools closed, soccer club players’ data leaked, and other ransomware incidents in 2024.

We look at the most notable supply-chain attacks of 2024.

Researchers have discovered a vulnerability in the 7-Zip file archiver software.

Unknown hackers are exploiting newly discovered vulnerabilities in Ecovacs robot vacuums to spy on their owners and rain misery upon them.

A vulnerability that permits bypassing authentication has been found in a popular security hardening plugin for WordPress.

Exploitation of vulnerability CVE-2024-43451 allows an attacker to steal an NTLMv2 hash with minimal interaction from the victim.

A vulnerability in Kia’s web portal made it possible to hack cars and track their owners. All you needed was the car’s VIN number or just its license plate number.

Recent research describes a method for snooping on what Apple Vision Pro users enter on the virtual keyboard.

Researchers have discovered several potential attack vectors targeting bicycles fitted with Shimano Di2 wireless gear-shifting system.

Windows Downdate is an attack that can roll back updates to your OS to reintroduce vulnerabilities and allow attackers to take full control of your system. How to mitigate the risk?

How to protect the less obvious parts of your IT infrastructure (and from what) — from printers and video surveillance kit to insulin pumps.

A zero-day vulnerability actively exploited by attackers has been discovered in Internet Explorer — the browser that Microsoft supposedly laid to rest over a year ago.

Someone is targeting security experts using an archive that allegedly contains an exploit for the regreSSHion vulnerability.

The JavaScript CDN service Polyfill.io has started spreading malicious code. Remove the service’s script from your website.

A new vulnerability allows remote attackers to gain root privileges on Linux servers. How easy is it for CVE-2024-6387 to be exploited – and how to prevent it

Based on our analysis of ZKTeco vulnerabilities, we dissect the risks associated with biometric authentication.

Today we discuss which services and applications should be patched first, and what attackers are focusing on.

Kaspersky ICS-CERT experts have discovered several critical vulnerabilities in Telit Cinterion M2M modems, which are used in millions of devices.

A backdoor implanted into XZ Utils has found its way into popular Linux distributions.