The improper input validation issue in Intel Neural Compressor enables remote attackers to execute arbitrary code on affected systems.

Researchers believe the attacker is likely China-affiliated, since a previous version of the malware was used by a China nation-state attack group.

Attackers can exploit the issue to trick users into connecting to insecure networks, but it works only under specific conditions.

While the protocol has made passwordless authentication a reality, token-binding is key to prevent against token theft and reuse, security vendor says.

Researchers discovered seven vulnerabilities — including an unauthenticated RCE issue — in widely deployed Telit Cinterion modems.

Researchers recently spotted the Spanish-speaking threat actor — with nearly 400 previous victims under its belt — in a new campaign in Latin America and Central Africa.

An attacker accessed personal information of over 225,000 active, reserve, and former UK military members from third-party payroll processing system.

At least a portion of executive compensation going forward will be tied to meeting security goals and metrics.

The flaw was nearly identical to last year's CitrixBleed flaw, though not as severe.

Though Olympics officials appear to have better secured their digital footprint than other major sporting events have, significant risks remain for the Paris Games.

Microsoft has uncovered a common vulnerability pattern in several apps allowing code execution; at least four of the apps have more than 500 million installations each; and one, Xiaomi's File Manager, has at least 1 billion installations.

Unmanaged and unknown Web services endpoints are just some of the challenges organizations must address to improve API security.

The purported metadata for each these containers had embedded links to malicious files.

The CVE-2024-27322 security vulnerability in R's deserialization process gives attackers a way to execute arbitrary code in target environments via specially crafted files.

The business intelligence servers contain vulnerabilities that Qlik patched last year, but which Cactus actors have been exploiting since November. Swathes of organizations have not yet been patched.

Eight out of nine apps that people use to input Chinese characters into mobile devices have weakness that allow a passive eavesdropper to collect keystroke data.

Unlike the SolarWinds and CodeCov incidents, all that it took for an adversary to nearly pull off a massive supply chain attack was some slick social engineering and a string of pressure emails.

Growing attacks targeting the flaw prompted CISA to include it in the known exploited vulnerabilities catalog earlier this month.

The threat actor is deploying multiple connections into victim environments to maintain persistence and steal data.

Chinese actors are ready and poised to do "devastating" damage to key US infrastructure services if needed, he said.

Attackers are indiscriminately targeting VPNs from Cisco and several other vendors in what may be a reconnaissance effort, the vendor says.

"Kapeka" and "Fuxnet" are the latest examples of malware to emerge from the long-standing conflict between the two countries.

But even with that focus, the sophisticated threat group has continued operations against targets globally, including the US, says Google's Mandiant.