In late November, a cloud-security researcher for Chinese tech giant Alibaba discovered a flaw in a popular open-source coding framework called Log4j. The employee quickly notified Log4j’s parent ...

Microsoft Edge loads all your saved passwords, decrypted and in plaintext, into memory at startup. Google Chrome doesn’t—is ...

Update, Dec. 14, 2024: This story, originally published Dec. 13 now includes a statement from Microsoft about the 2FA bypass vulnerability and the impact it has observed on users. Security researchers ...

As we noted below in "Odds and Ends", the "Safari Automatically Executes Shell Scripts" vulnerability that has recently garnered increased discussion is extremely similar in nature to a bug we ...

Unpatched Apple devices remain exposed to Sploitlight, a macOS flaw that allows unauthorized access to private user data despite security measures. Apple patched a critical macOS vulnerability earlier ...

Linux developers are in the process of patching a high-severity vulnerability that, in certain cases, allows the installation of malware that runs at the firmware level, giving infections access to ...

Security vendor Ivanti has disclosed yet another critical vulnerability in its products, linked to a previous zero-day that was exploited by an APT group to compromise the Norwegian government.