security vulnerability
Coverage of security vulnerability in the Nexus archive.
- GitHub 'Verified' Commits Can Be Rewritten Into New Hashes Without Breaking Signatures
Research reveals that GitHub's 'Verified' commits can be altered to create new hashes with identical files, author, and date while maintaining valid signatures. This undermines the assumption that a commit's hash is unique, as GitHub still verifies the altered commit despite the hash change.
- Hackers are actively exploiting a bug in cPanel, used by millions of websites
Hackers are actively exploiting a critical vulnerability in cPanel, a web hosting platform used by millions of websites. Web hosts are urgently working to address the issue, with one company reporting that the bug has been abused by attackers for months.
- CopyFail Was Not Disclosed to Distros
A security vulnerability named CopyFail was not disclosed to Linux distributions, raising concerns about transparency in open-source security practices. The issue was discussed on OpenWall's security mailing list and gained traction on Hacker News with 93 points and 30 comments.
- Copy Fail: 732 Bytes to Root on Every Major Linux Distribution
The article discusses a critical security vulnerability in major Linux distributions, where a 732-byte exploit allows unauthorized root access. The post is from xint.io's blog and is discussed on Hacker News.
- Deepfake Call Tricks Cardano Dev, Exposes New Weak Spot
A deepfake phone call successfully tricked a Cardano developer, exposing a new security vulnerability in the cryptocurrency's infrastructure. The incident highlights the risks of social engineering attacks targeting blockchain developers.
- My audio interface has SSH enabled by default
The Rodecaster Duo audio interface has SSH enabled by default, raising potential security concerns. This default configuration could expose devices to unauthorized access if not properly secured.
- Is YOUR phone safe? Facial recognition on 21 popular devices can be easily spoofed with printed photos, tests reveal - so, is yours on the list?
A test revealed that facial recognition on 21 popular devices can be easily spoofed using printed photos, raising concerns about smartphone security. The findings highlight potential vulnerabilities in biometric authentication systems.
- Server-room lock was nothing but a crock
The article criticizes a security vulnerability caused by inadequate physical security measures, specifically an unlocked server room, leading to a breach. It highlights the importance of physical security as a critical component of overall cybersecurity.
- EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs
A security vulnerability in the EngageLab SDK, used by Android apps, allowed unauthorized access to private data by bypassing Android's security sandbox. The flaw affected 50 million Android users, including 30 million cryptocurrency wallet installations, but has since been patched.
- Google's Vertex AI Is Over-Privileged. That's a Problem
Researchers from Palo Alto Networks discovered a critical security flaw in Google's Vertex AI, allowing attackers to exploit over-privileged AI agents for data theft and unauthorized access to restricted cloud infrastructure. The vulnerability highlights significant risks in AI-driven cloud systems.