Ars Technica

Unpatched MacOS vulnerability lets remote attackers execute code

A code execution bug in Apple's macOS allows remote attackers to run arbitrary commands on your device. And the worst part is, Apple hasn't fully patched it yet, as tested by Ars. Independent security ...
Bleeping Computer

New macOS zero-day bug lets attackers run commands remotely

Security researchers disclosed today a new vulnerability in Apple's macOS Finder, which makes it possible for attackers to run commands on Macs running any macOS version up to the latest release, Big ...

WatchGuard sounds alarm as critical Firebox flaw comes under active attack

WatchGuard is in emergency patch mode after confirming that a critical remote code execution flaw in its Firebox firewalls is under active attack.
Bleeping Computer

Ivanti warns of Connect Secure zero-days exploited in attacks

Ivanti has disclosed two Connect Secure (ICS) and Policy Secure (IPS) zero-days exploited by suspected Chinese hackers in the wild that can let remote attackers execute arbitrary commands on targeted ...
9to5Mac

Mac shortcut bug can take over machine; Apple patch unsuccessful

A Mac shortcut bug can enable an attacker to take over your machine when you open an email, using nothing more than a standard internet shortcut file. Apple claims to have patched the bug in Big Sur ...
Dark Reading

Patch Now: Cisco Zero-Day Under Fire From Chinese APT

Cisco has patched a command-line injection flaw in a network management platform used to manage switches in data centers, which, according to researchers from Sygnia, already has been exploited by the ...

39C3: Security researcher hijacks AI coding assistants with prompt injection

At 39C3, Johann Rehberger showed how easily AI coding assistants can be hijacked. Many vulnerabilities have been fixed, but ...
Ars Technica

Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation

Hackers are actively exploiting a pair of recently discovered vulnerabilities to remotely commandeer network-attached storage devices manufactured by D-Link, researchers said Monday. Roughly 92,000 ...
Dark Reading

Zimbra RCE Vuln Under Attack Needs Immediate Patching

Attackers are actively targeting a severe remote code execution vulnerability that Zimbra recently disclosed in its SMTP server, heightening the urgency for affected organizations to patch vulnerable ...
Threat Post

Bug in the Linux Kernel Allows Privilege Escalation, Container Escape

A missing check allows unprivileged attackers to escape containers and execute arbitrary commands in the kernel. To go along with the “Dirty Pipe” Linux security bug coming to light, two researchers ...
Computing

OpenAI Codex flaw let attackers run arbitrary code

Check Point Research has found a flaw in OpenAI’s AI coding tool, Codex, that would allow bad actors to exfiltrate data without flagging security alerts. The command injection vulnerability meant ...