Cybersecurity researchers discovered a vulnerability in McHire, McDonald’s chatbot job application platform, that exposed the chats of more than 64 million job applicants across the United States. […] Go to Source Author: Lawrence Abrams
Category Archives: Security
Proof-of-concept exploits have been released for a critical SQLi vulnerability in Fortinet FortiWeb that can be used to achieve pre-authenticated remote code execution on vulnerable servers. […] Go to Source Author: Lawrence Abrams
The popular WordPress plugin Gravity Forms has been compromised in what seems a supply-chain attack where manual installers from the official website were infected with a backdoor. […] Go to Source Author: Bill Toulas
NVIDIA is warning users to activate the System Level Error-Correcting Code mitigation to protect against Rowhammer attacks on graphical processors with GDDR6 memory. […] Go to Source Author: Bill Toulas
Learn how one overlooked flaw in OpenVSX discovered by Koi Secureity could’ve let attackers hijack millions of dev machines via an extension supply chain attack. The zero-day threat’s been patched—but the wake-up call is clear: extensions are a new, massive supply chain risk. […] Go to Source Author: Sponsored by Koi Security
The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day to apply fixes. […] Go to Source Author: Bill Toulas
Microsoft announced that it has replaced the default scripting engine JScript with the newer and more secure JScript9Legacy on Windows 11 version 24H2 and later. […] Go to Source Author: Bill Toulas
Russian professional basketball player Daniil Kasatkin was arrested in France at the request of the United States for allegedly acting as a negotiator for a ransomware gang. […] Go to Source Author: Lawrence Abrams
Four vulnerabilities dubbed PerfektBlue and affecting the BlueSDK Bluetooth stack from OpenSynergy can be exploited to achieve remote code execution and potentially allow access to critical elements in vehicles from multiple vendors, including Mercedes-Benz AG, Volkswagen, and Skoda. […] Go to Source Author: Bill Toulas
FBI’s Criminal Justice Information Services (CJIS) compliance isn’t optional when handling law enforcement data. From MFA to password hygiene, see how Specops Software helps meet FBI standards while also securing your Windows Active Directory. […] Go to Source Author: Sponsored by Specops Software