A researcher has disclosed the full details of the vulnerability and released a PoC without notifying Microsoft in advance.
The post VS Code Vulnerability Allows One-Click GitHub Token Theft appeared first on SecurityWeek.
‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds
The default HTTP/2 configuration of major web servers is vulnerable to an attack chain combining a compression bomb and a Slowloris-style hold.
The post ‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds appeared first on SecurityWeek.
Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash
Microsoft responds to backlash over its threats of legal action against researchers who publicly disclose zero-day vulnerabilities.
The post Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash appeared first on SecurityWeek.
Trump Signs Executive Order That Invites Vetting of Top AI Models for National Security Risks
The order establishes a framework for the federal government to vet the national security risks of the most advanced AI systems for up to a month before their public release.
The post Trump Signs Executive Order That Invites Vetting of Top AI Models for National Security Risks appeared first on SecurityWeek.
Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk
A simple development setting bypassed protections designed to prevent unauthorized Android apps from accessing Microsoft account tokens, exposing billions of installations.
The post Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk appeared first on SecurityWeek.
Supply Chain Attack Hits 32 Red Hat NPM Packages
Hackers published 96 malicious package versions, injected with a credential-stealing worm similar to Mini Shai-Hulud.
The post Supply Chain Attack Hits 32 Red Hat NPM Packages appeared first on SecurityWeek.
Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downloads
Dashlane’s security systems automatically locked accounts to protect them against the hacking attempts.
The post Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downloads appeared first on SecurityWeek.
19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access
Proof-of-concept (PoC) exploit code has been released for the CIFSwitch flaw, which allows low-privileged users to escalate to root on vulnerable Linux systems.
The post 19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access appeared first on SecurityWeek.
Exploit Code Published for Critical Flowise RCE Vulnerability
The one-click vulnerability allows attackers to execute arbitrary code on self-hosted Flowise servers by tricking users into importing a malicious chatflow.
The post Exploit Code Published for Critical Flowise RCE Vulnerability appeared first on SecurityWeek.
Charter Communications Data Breach Could Impact Nearly 5 Million
The notorious ShinyHunters extortion group leaked over 42 million records allegedly stolen from Charter in April.
The post Charter Communications Data Breach Could Impact Nearly 5 Million appeared first on SecurityWeek.
