vulnerabilities

Researchers have found a way to exploit a security mechanism in a popular machine-learning framework.

A security researcher has investigated his own smart mattress cover, discovering several ways to hack it — including through a backdoor preinstalled by the developer.

Our technologies have helped to detect the zero-day vulnerability CVE-2025-2783 in Google Chrome, which was used in a sophisticated APT attack.

Reasons for updating your ESXi infrastructure ASAP, and enterprise threats that VM escape poses.

Microsoft’s March Patch Tuesday fixes several vulnerabilities that have already been used in the wild. Details are not clear at the moment, but it’s worth installing the patches ASAP.

A year after the ransomware attack on healthcare giant UnitedHealth Group, we’ve compiled all publicly available information about the incident and its aftermath.

New research demonstrates for the first time how hardware vulnerabilities in modern CPUs can be exploited in practice.

We look at the most notable supply-chain attacks of 2024.

$3 billion worth of damage to healthcare insurance giant, schools closed, soccer club players’ data leaked, and other ransomware incidents in 2024.

Researchers have discovered a vulnerability in the 7-Zip file archiver software.

Unknown hackers are exploiting newly discovered vulnerabilities in Ecovacs robot vacuums to spy on their owners and rain misery upon them.

A vulnerability that permits bypassing authentication has been found in a popular security hardening plugin for WordPress.

Exploitation of vulnerability CVE-2024-43451 allows an attacker to steal an NTLMv2 hash with minimal interaction from the victim.

A vulnerability in Kia’s web portal made it possible to hack cars and track their owners. All you needed was the car’s VIN number or just its license plate number.

Recent research describes a method for snooping on what Apple Vision Pro users enter on the virtual keyboard.

Researchers have discovered several potential attack vectors targeting bicycles fitted with Shimano Di2 wireless gear-shifting system.

Windows Downdate is an attack that can roll back updates to your OS to reintroduce vulnerabilities and allow attackers to take full control of your system. How to mitigate the risk?

How to protect the less obvious parts of your IT infrastructure (and from what) — from printers and video surveillance kit to insulin pumps.

A zero-day vulnerability actively exploited by attackers has been discovered in Internet Explorer — the browser that Microsoft supposedly laid to rest over a year ago.

Someone is targeting security experts using an archive that allegedly contains an exploit for the regreSSHion vulnerability.

The JavaScript CDN service Polyfill.io has started spreading malicious code. Remove the service’s script from your website.