CERT/CC

Researchers have demonstrated the "first native Spectre v2 exploit" for a new speculative execution side-channel flaw that impacts Linux systems…

A new denial-of-service attack dubbed 'Loop DoS' targeting application layer protocols can pair network services into an indefinite communication loop that creates large…

A set of nine vulnerabilities, collectively called 'PixieFail,' impact the IPv6 network protocol stack of Tianocore's EDK II, the open-source…

VoIP communications company 3CX warned customers today to disable SQL database integrations due to potential risks associated with what it…

A video-enabled smart intercom made by Chinese company Akuvox has major security vulnerabilities that allow audio and video spying, and…

A pair of Microsoft bugs allow cyberattackers to bypass native Windows Internet download security, says former CERT CC researcher who…

Microsoft has shared mitigations for two new Microsoft Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, but researchers warn that…

Security researchers have developed an implementation of the Sysinternals PsExec utility that allows moving laterally in a network using a…

A security advisory for a vulnerability (CVE) published by MITRE has accidentally been exposing links to remote admin consoles of over…

A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by…