David

Security Stuff

Autor

David

Categoría

Technology

Último episodio

2 de jul. de 2026

¿Dónde escuchar?

Podcasts en la app Replaio Radio Muy pronto

Los podcasts llegarán muy pronto a la app. Instálala ahora y sé el primero en descubrir una forma totalmente nueva de vivir los podcasts

Descárgala en Google Play Instálala gratis Android 5 M+ de descargas · valoración de 4,8 iOS muy pronto

Episodios

High-Severity Vulnerability Patched in VMware Fusion 14.05.2026

Broadcom has patched a high-severity vulnerability in VMware Fusion that could allow attackers with local non-administrative access to escalate privileges to root level on affected systems. The flaw, designated CVE-2026-41702, is a time-of-check time-of-use vulnerability in a SETUID binary, and while there's no evidence of active exploitation yet, VMware products are frequently targeted by at...

Researcher Drops YellowKey, GreenPlasma Windows Zero-Days 14.05.2026

A disgruntled security researcher has publicly released two Windows zero-day vulnerabilities called YellowKey and GreenPlasma. YellowKey allows attackers with physical access to bypass BitLocker encryption on Windows 11 machines, even those protected with TPM, by exploiting a hidden component in the Windows Recovery Environment that the researcher suspects may be an intentional backdoor. GreenPlas...

Hackers Targeted PraisonAI Vulnerability Hours After Disclosure 14.05.2026

Hackers began probing a critical authentication bypass vulnerability in PraisonAI less than four hours after its public disclosure, according to security firm Sysdig. The vulnerability, tracked as CVE-2026-44338, affected versions 2.5.6 to 4.6.33 of the AI agent framework and allowed unauthenticated access to trigger automated workflows due to disabled authentication on a legacy Flask API server....

G7 Countries Release AI SBOM Guidance 14.05.2026

Government agencies from the G7 countries have released joint guidance for creating software bills of materials specifically for AI systems. The framework outlines seven key clusters that should be documented in an AI SBOM, including metadata, models, datasets, infrastructure, and security properties, though agencies emphasize these elements are not mandatory requirements. Security experts note th...

F5 Patches Over 50 Vulnerabilities 14.05.2026

F5 has released patches for over 50 vulnerabilities affecting its BIG-IP, BIG-IQ, and NGINX products, including 19 high-severity and 32 medium-severity flaws. The most critical issue is a denial-of-service vulnerability in NGINX that could allow unauthenticated attackers to trigger a heap buffer overflow through crafted HTTP requests, potentially leading to code execution if security protections a...

Akamai to Acquire AI and Browser Security Firm LayerX for $205 Million 14.05.2026

Akamai has announced plans to acquire LayerX, a browser and AI security firm, for approximately 205 million dollars, with the deal expected to close in the third quarter of 2026. LayerX specializes in providing real-time visibility and control over AI activities across browsers and applications, offering features like shadow AI discovery, gen-AI data loss prevention, and AI misuse detection. The a...

Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns 14.05.2026

Chinese state-sponsored hacking groups Salt Typhoon and Twill Typhoon have been conducting sustained campaigns with updated tools and expanded targets between late 2025 and early 2026. Salt Typhoon notably shifted focus to target an Azerbaijani oil and gas company, exploiting the country's growing importance in European energy security following disruptions in Russian gas transit and the Stra...

Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere 14.05.2026

Anthropic's Mythos AI model lives up to its reputation for detecting software vulnerabilities, significantly outperforming other models when analyzing live code alongside source code, according to independent testing by cybersecurity firm XBOW. However, the testing revealed important limitations: Mythos is less effective analyzing source code alone, can be overly literal in its judgments, and...

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption 14.05.2026

A critical new Linux kernel vulnerability called Fragnesia has been discovered that allows attackers to gain root access through page cache corruption. The flaw represents a serious local privilege escalation threat that could let unprivileged users take complete control of affected Linux systems. Security researchers are urging administrators to patch their systems as soon as updates become avail...

New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation 14.05.2026

A new Linux kernel vulnerability nicknamed Fragnesia, tracked as CVE-2026-46300, allows local attackers to escalate privileges to root by exploiting the XFRM ESP-in-TCP subsystem to overwrite sensitive system files. The flaw is similar to recently disclosed vulnerabilities Dirty Frag and Copy Fail, and while a proof-of-concept exploit is now available, there's currently no evidence of real-wo...

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation 14.05.2026

Microsoft has patched multiple zero-day vulnerabilities in Windows, including two critical security flaws that allow attackers to bypass BitLocker encryption and another that enables privilege escalation through the CTFMON system component. The BitLocker bypasses are particularly concerning as they could allow attackers to access encrypted data on compromised systems, while the CTFMON vulnerabilit...

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure 14.05.2026

A critical authentication bypass vulnerability in PraisonAI, tracked as CVE-2026-44338, was exploited by attackers within hours of its public disclosure. The rapid exploitation highlights a growing trend where threat actors quickly weaponize newly revealed security flaws, underscoring the shrinking window organizations have to patch vulnerabilities before they're actively targeted in the wild...

How AI Hallucinations Are Creating Real Security Risks 14.05.2026

AI hallucinations are emerging as a significant security threat as these false but confident outputs from language models can lead security teams to take incorrect actions or trust flawed information. The problem is compounded when AI tools are integrated into security workflows, where hallucinated responses about vulnerabilities, code fixes, or threat assessments could create real-world exploits....

Foxconn Attack Highlights Manufacturing's Cyber Crisis 14.05.2026

Foxconn's North American facilities were hit by a Nitrogen ransomware attack, marking one of 600 cyber attacks on manufacturers so far this year. Cybercriminal gangs are increasingly targeting the manufacturing sector because these companies have a low tolerance for operational downtime, making them more likely to pay ransoms to restore production quickly.

AI Drives Cybersecurity Investments, Widening 'Valley of Death' 14.05.2026

Artificial intelligence is turbocharged cybersecurity investments in the first quarter of twenty twenty-six, but with an unusual twist. Investment dollars in AI security startups exceeded the value of acquisitions by more than a billion dollars, a rare occurrence that shows venture capital firms are making bigger bets on hot AI-native startups while acquirers are snapping up smaller companies. Ind...

Hundreds of Malicious Packages Force RubyGems to Suspend Registrations 13.05.2026

RubyGems, the official Ruby package hosting service, has temporarily suspended new account registrations after threat actors flooded the platform with over 500 malicious packages using bot accounts. The malicious packages, which included exploit code and attempted XSS attacks and data exfiltration, have been removed, and maintainers say existing packages were not compromised and end users were not...

Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities 13.05.2026

Intel and AMD have released comprehensive security updates for May 2026 Patch Tuesday, collectively addressing 70 vulnerabilities across their product lines. Intel's most critical fix patches a buffer overflow in their Data Center Graphics Driver for VMware ESXi with a severity score of 9.3, while AMD's critical flaw involves their Device Metrics Exporter which improperly exposes network...

Fortinet, Ivanti Patch Critical Vulnerabilities 13.05.2026

Fortinet and Ivanti have released patches for a total of 18 vulnerabilities in their products, including three critical-severity bugs that could allow remote, unauthenticated attackers to execute code through crafted requests. The most serious flaws affect Fortinet's FortiAuthenticator and FortiSandbox products, as well as Ivanti's Xtraction tool, all with CVSS scores above 9. Both compa...

Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises 13.05.2026

Microsoft has patched a critical zero-click Outlook vulnerability that security researcher Haifei Li calls an "enterprise killer," allowing attackers to execute code simply by sending an email that's read or previewed, with no clicking required. The flaw, tracked as CVE-2026-40361, is a use-after-free bug affecting Outlook's email rendering engine that bypasses firewalls and di...

716,000 Impacted by OpenLoop Health Data Breach 13.05.2026

Telehealth platform OpenLoop Health suffered a data breach in January 2026 that compromised personal information of 716,000 individuals, including names, addresses, email addresses, birth dates, and medical data. The unauthorized access occurred over two days beginning January 7th, though the company says Social Security numbers, financial information, and electronic health records were not affect...

Government to Scrutinize Instructure Over Canvas Disruption, Data Breach 13.05.2026

The US House Committee on Homeland Security is demanding answers from Instructure after hackers attacked its Canvas learning platform twice in early May, allegedly stealing 3.65 terabytes of data affecting 275 million students and teachers across about 9,000 schools. The notorious ShinyHunters extortion group claimed responsibility for the breach, which forced Instructure to shut down services mul...

Webinar Today: ROI for Cyber-Physical Security Programs 13.05.2026

SecurityWeek and Claroty are hosting a webinar today at 1 PM Eastern Time focused on demonstrating the return on security investment for cyber-physical security programs. The session will teach operational technology security teams how to quantify the financial impact of downtime and security risks, translating technical concerns into business language that finance and operations executives can un...

GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data 13.05.2026

Security researchers have discovered a massive supply chain attack called GemStuffer, where attackers compromised over 150 Ruby software packages, known as RubyGems, to steal data from U.K. council portal systems. The malicious packages were used to scrape and exfiltrate sensitive information from local government websites. This represents a significant supply chain security threat, as developers...

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws 13.05.2026

Microsoft released its January 2025 Patch Tuesday update addressing 138 security vulnerabilities, including critical remote code execution flaws in DNS and Netlogon services that could allow attackers to compromise systems remotely. The security update includes fixes for eight actively exploited zero-day vulnerabilities that were being used in real-world attacks. IT administrators are urged to pri...

Most Remediation Programs Never Confirm the Fix Actually Worked 13.05.2026

A new report reveals a critical gap in cybersecurity practices: most remediation programs fail to verify that security fixes actually resolved the vulnerabilities they were meant to address. This oversight leaves organizations potentially exposed to the same threats they believed they had patched, highlighting a significant weakness in how companies manage their security response processes. The fi...

Escucha el podcast Security Stuff en Replaio

Radio y podcasts en una sola app - gratis y sin registro. Instálala hoy y no te pierdas el estreno

Descárgala en Google Play

Replaio no es editor de podcasts; los nombres de los programas, las portadas y el audio pertenecen a sus autores y se distribuyen a través de canales RSS públicos