GitHub makes it easier to scan your code for vulnerabilities

GitHub introduced a new option to set up code scanning for a repository known as “default…

Unpatched 15-year old Python bug allows code execution in 350k projects

A vulnerability in the Python programming language that has been overlooked for 15 years is now…

The Ultimate Security Blind Spot You Don’t Know You Have

Using instructor-led training, e-learning, hands-on labs, and gamification, Cydrill offers a novel and effective way to…

Node.js prototype pollution is bad for app environment

Boffins find common code constructs that may be exploitable to achieve remote code execution Read more…

Hackers scan for vulnerabilities within 15 minutes of disclosure

System administrators have even less time to patch disclosed security vulnerabilities than previously thought, as a…

Luca Stealer malware spreads after code appears on GitHub

Cool, another Rust project … Oh wait… Read more…

Experts Uncover New ‘CosmicStrand’ UEFI Firmware Rootkit Used by Chinese Hackers

Researchers have discovered a new UEFI firmware rootkit malware, dubbed “CosmicStrand,” that Chinese hackers have been…

Hardcoded password in Confluence app has been leaked on Twitter

Advisory had already warned hardcoded password was “trivial to obtain.” Read more at Ars Technica…

New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems

Researchers uncover “Lightning Framework,” a new Swiss Army Knife-like Linux malware that has modular plugins and…

Researcher uses 379-year-old algorithm to crack crypto keys found in the wild

It takes only a second to crack the handful of weak keys. Are there more out…

Linux has been bitten by its most high-severity vulnerability in years

Dirty Pipe has the potential to smudge people using Linux and Linux derivitives. Read more at…

New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container

A new vulnerability in the Linux kernel’s control groups feature could let attackers to escape a…

Linux developers patch security holes faster than anyone else, says Google Project Zero | ZDNet

Linux programmers do a better job of patching security holes than programmers at Apple, Google, and…

Millions of Routers Exposed to RCE by USB Kernel Bug

The high-severity RCE flaw is in the KCodes NetUSB kernel module, used by popular routers from…

Raspberry Pi Detects Malware Using Electromagnetic Waves

Researchers take antivirus support to the next level with the Raspberry Pi. Read more at Tom’s…

DDR4 memory protections are broken wide open by new Rowhammer technique

Researchers build “fuzzer” that supercharges potentially serious bitflipping exploits. Read more at Ars Technica…

PS5 Exploit: Fail0verflow show decrypted PS5 firmware files (they already have the PS5 keys???) – Wololo.net

What a day for the PS5 scene! After TheFloW shared what appears to be a PS5…

The Deep-Learning Algorithm Can Guess an ATM PIN, Even With Keypads Covered

The algorithm only fails to guess the ATM PIN with 100% hand coverage. Whereas the attackers…

Python ransomware strikes virtual machines in ‘ultra-high-speed’ attacks

The attack was unique for its speed and use of a Python ransomware Read more at…

Wireless key-logger hidden inside USB-C to Lightning cable

A USB-C to Lightning cable with a hidden wireless key-logger can enable an attacker to capture…