-
![]()
AI Can Crack Your Password by Listening to Keyboard Clicks
The next time you type your password, you may want to ensure no one is listening. A groundbreaking study shows that Artificial Intelligence (AI) can now identify passwords based on the sound of keyboard clicks. This alarming discovery has opened a new dimension of cybersecurity concerns. While concerns about “shoulder surfing” or over-the-shoulder attacks have…
-
![]()
Apple Tackles New Zero-Day Exploits with Comprehensive Security Enhancements
In a proactive move to bolster device security, Apple has released comprehensive security updates across its suite of products—iOS, iPadOS, macOS, tvOS, watchOS, and Safari. This comes in response to several identified security breaches, one of which is an active zero-day exploit. “There have been accounts of potential active exploitations targeting versions earlier than iOS…
-
![Adobe Logo]()
Adobe Releases Patches for Critical ColdFusion Vulnerabilities
In light of recently disclosed vulnerabilities, Adobe has issued a second series of patches for its ColdFusion platform, which includes flaws believed to have been exploited in cyber-attacks. On July 11, Adobe addressed CVE-2023-29298, an access control problem that could bypass security features. Three days later, the company rolled out fixes for CVE-2023-38203, a deserialization…
-
![Windows Updates]()
Microsoft July Patch Tuesday: 132 Flaws Addressed Including Six Active Exploits And Thirty-Seven Remote Code Execution Vulnerabilities
Today’s Microsoft Patch Tuesday brings significant fixes in the digital landscape, as the tech giant rolled out security updates for a total of 132 vulnerabilities. Among these flaws are six actively exploited vulnerabilities and thirty-seven remote code execution (RCE) bugs. Out of the 37 RCE bugs identified, only nine were deemed ‘Critical’ by Microsoft. Alarming…
-
![Vulnerability Mastodon]()
Mastodon Rolls Out Urgent Security Update to Mitigate Critical Vulnerabilities Threatening Millions of Users
Mastodon, a decentralized social network with a user base exceeding 14 million, has issued a security update to address critical vulnerabilities that could expose its users to cyberattacks. The most severe vulnerability, CVE-2023-36460, allows attackers to exploit a glitch within the media attachments feature, enabling the creation and overwriting of files in any location that…
-
![Samsung Phones Vulnerabilities]()
CISA Adds Samsung Phone Vulnerabilities to Its “Must Patch” Vulnerabilities Catalog
In an ongoing effort to enhance cybersecurity, the Cybersecurity and Infrastructure Security Agency (CISA) has identified and added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog. These additions are based on evidence of active exploitation in the wild, and they encompass a range of devices and manufacturers. The first new addition, CVE-2019-17621, refers to…
-
![Ultimate Member vulnerability]()
Critical Security Flaw in Ultimate Member WordPress Plugin Leaves Over 200,000 Sites at Risk
WordPress website owners are urged to be on high alert as hackers are exploiting a zero-day privilege escalation vulnerability in the ‘Ultimate Member’ WordPress plugin. This exploit allows attackers to compromise websites by bypassing security measures and creating rogue administrator accounts. Ultimate Member, a popular plugin with over 200,000 active installations, streamlines user profiles, membership…
-
![Apple IOS and MacOS]()
Apple Releases iOS 16.5.1 and iPadOS 16.5.1 with Critical Security Fixes
Apple has rolled out iOS 16.5.1 and iPadOS 16.5.1, addressing critical security vulnerabilities that could allow attackers to execute arbitrary code. The updates are available for iPhone 8 and later models, iPad Pro, iPad Air (3rd generation and later), iPad (5th generation and later), and iPad mini (5th generation and later). Apple’s approach to security…
-
![Azure AD]()
Descope Security Team Uncovers “nOAuth” Flaw in Microsoft Azure AD OAuth Applications
The Descope security team has recently uncovered a significant security vulnerability in Microsoft Azure AD OAuth applications, which they have dubbed “nOAuth”. This term has been coined to denote an authentication implementation flaw, with a touch of wordplay. nOAuth is an authentication implementation flaw that primarily affects Microsoft Azure AD multi-tenant OAuth applications. According to…
-
![]()
Microsoft’s June Patch Tuesday Addresses 78 Vulnerabilities Including Critical SharePoint Bug
In its latest Patch Tuesday for June 2023, Microsoft has rolled out fixes for 78 security flaws, which includes an alarming 38 remote code execution vulnerabilities. While Microsoft has not reported any of the vulnerabilities being actively exploited, the tech giant has specifically marked several as “more likely to be exploited”. One vulnerability that has…
