Two critical security vulnerabilities were found in pgAdmin, the open-source administration tool for PostgreSQL. The vulnerabilities assigned CVE-2024-4216 and CVE-2024-4215 affect the tool's cross-site scripting and multi-factor authentication featu...
A vulnerability discovered in TeamViewer RPM auto-updates on Linux allowed attackers to easily install and execute arbitrary software with root permissions. Luckily, TeamViewer has fixed this flaw in version 15.11.6.
Are you using LibreOffice 7.0 on your PC? If so, you'll want to update to the new version immediately to experience improved stability, reliability and security. The Document Foundation has announced the unexpected availability of the LibreOffice 7.0.3 update to the latest LibreOffice 7.0 office suite series, addressing some important bugs.
Three malicious npm JavaScript packages have been found opening shells on Linux and Windows systems. According to npm staff: "Any computer that has this package installed or running should be considered fully compromised."
Google and Intel are warning of a high-severity Bluetooth security bug in all but the most recent version of the Linux Kernel - but 'high-severity' doesn't necessarily mean high risk.
Humans make mistakes, software has bugs and some of these bugs are exploitable vulnerabilities. The existence of vulnerabilities in software is not a new problem, but as the volume of software in existence grows, so does the number of exploitable vulnerabilities. Learn more about this worrisome trend in an interesting Security Boulevard article.
Billions of smartphones, tablets, laptops, and Linux-based IoT devices are now using Bluetooth software stacks that are potentially susceptible a new security flaw. Titled as BLESA (Bluetooth Low Energy Spoofing Attack), the vulnerability impacts devices running the Bluetooth Low Energy (BLE) protocol.
Security researchers have found that they can detect Linux kernel security fixes before they are released - information that could be used by malicious hackers to develop and deploy exploit code before patches are widely available.
The recent GRUB2 patches that were released to mitigate critical BootHole vulnerabilities also caused boot failure issues for some users. Luckily, fixes for these regressions have started appearing for some distros, including Debian and Ubuntu.
A dangerous vulnerability has been discovered in the default Linux KDE extraction utility called ARK that allows malicious actors to overwrite files or execute code on victims' computers by tricking them into downloading an archive and extracting it.
A dangerous new vulnerability has been discovered in Secure Boot that affects a huge number of Linux and Windows systems that use the UEFI specification during boot.
CERT-In is urging Google Chrome users to upgrade immediately to the new version of the Chrome browser to protect sensitive information on their machines and prevent contact spoofing and denial of service (DoS) attacks exploiting Chrome vulnerabilities.
Purdue University security researchers recently discovered a vulnerability affecting IoT devices running Bluetooth which could lead to spoofing attacks. The vulnerability has a broad impact on mainstream platforms that support BLE communications, including Linux, Android and iOS.
The project behind the Rust programming language has revoked all API keys from its crates.io package web app. These API keys were not randomly generated and were being stored in plain text.
A new report reveals that common home routers from Netgear, Linksys, D-Link and other vendors contain serious security vulnerabilities that even updates don’t fix. While Linux can be a very secure OS in theory, researchers have found that many of these vulnerable routers are powered by very old versions of Linux that lack support and are riddled with security issues as a result.