Microsoft now lets you play a game during Windows 11 installs
Microsoft has introduced a new twist to the Windows 11 installation and update process, transforming it from a mundane task into an enjoyable experience. Users…
Category: Bleeping Computer
Android October security update fixes zero-days exploited in attacks
Google has released the October 2023 security updates for Android, addressing 54 unique vulnerabilities, including two known to be actively exploited. The two exploited flaws…
EvilProxy uses indeed.com open redirect for Microsoft 365 phishing
A recently uncovered phishing campaign is targeting Microsoft 365 accounts of key executives in U.S.-based organizations by abusing open redirects from the Indeed employment website for…
ShellTorch flaws expose AI servers to code execution attacks
A set of critical vulnerabilities dubbed ‘ShellTorch’ in the open-source TorchServe AI model-serving tool impact tens of thousands of internet-exposed servers, some of which belong…
Microsoft Edge, Teams get fixes for zero-days in open-source libraries
Microsoft released emergency security updates for Edge, Teams, and Skype to patch two zero-day vulnerabilities in open-source libraries used by the three products. The first…
Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers
Qualcomm is warning of three zero-day vulnerabilities in its GPU and Compute DSP drivers that hackers are actively exploiting in attacks. The American semiconductor company…
Microsoft Defender no longer flags Tor Browser as malware
Recent versions of the TorBrowser, specifically because of the updated tor.exe file it contained, were being incorrectly flagged as potential threats by Windows Defender. Users…
Exim patches three of six zero-day bugs disclosed last week
Exim developers have released patches for three of the zero-days disclosed last week through Trend Micro’s Zero Day Initiative (ZDI), one of them allowing unauthenticated…
New BunnyLoader threat emerges as a feature-rich malware-as-a-service
Security researchers discovered a new malware-as-a-service (MaaS) named ‘BunnyLoader’ advertised on multiple hacker forums as a fileless loader that can steal and replace the contents…
Ransomware gangs now exploiting critical TeamCity RCE flaw
Ransomware gangs are now targeting a recently patched critical vulnerability in JetBrains’ TeamCity continuous integration and deployment server. The flaw (tracked as CVE-2023-42793 and tagged…
Exploit available for critical WS_FTP bug exploited in attacks
Over the weekend, security researchers released a proof-of-concept (PoC) exploit for a maximum severity vulnerability in Progress Software’s WS_FTP Server file sharing solution. Assetnote researchers…
Arm warns of Mali GPU flaws likely exploited in targeted attacks
Arm in a security advisory today is warning of an actively exploited vulnerability affecting the widely-used Mali GPU drivers. The flaw is currently tracked as…