An anonymous reader quotes a report from BleepingComputer: The Redis security team has released patches for a maximum severity vulnerability that could allow attackers to gain remote code execution on...

Even though they are marketed with slogans like “Top-tier security,” “Safe two-way communication” and “Trust the No. 1 in protection,” Chinese-made robot vacuums were found to have serious security…

By AJ Vicens (Reuters) -A flaw in the chips used to secure tens of millions of Dell (NYSE:DELL) laptops could have given attackers the ability to steal sensitive data as well as maintain access even after a fresh operating system install, researchers with Cisco (NASDAQ:CSCO) Talos said Tuesday. The previously unreported analysis, validated by Dell in a June security advisory, affected more than 100 models of Dell laptops, according to the company, and targeted a chip in the computer that stores passwords, biometric data and security codes, and installs fingerprint, smartcard and near-field communications drivers and firmware. There is no indication that the vulnerabilities have been exploited in the wild, according to the researchers, and Dell issued patches for the devices in March, April and May, with an overall security advisory published June 13. The vulnerabilities are specific to the Broadcom (NASDAQ:AVGO) BCM5820X chip used by Dell in its ControlVault security firmware and software. The flaw affects laptop models common in the cybersecurity industry and government settings, according to Philippe Laulheret, the senior vulnerability researcher at Cisco Talos who discovered and led the analysis. “Sensitive industries that require heightened security when logging in (via smartcard or NFC) are more likely to find ControlVault devices in their environment,” Laulheret wrote in a blog published Tuesday ahead of a presentation of the analysis at the Black Hat security conference in Las Vegas scheduled for August 6. The findings highlight the need for more security research focused on computer hardware tasked with handling biometrics and other sensitive data, said Nick Biasini, head of outreach at Cisco Talos. “These concepts of secure enclaves and using biometrics and these various other types of technologies are getting more and more widespread,” Biasini said. “It’s becoming commonplace on devices but it also introduces a new attack surface." A spokesperson for Dell said in a statement that the company addressed the issues “quickly and transparently,” and directed customers to the June 13 advisory. “As always, it is important that customers promptly apply security updates that we make available and move to supported versions of our products to ensure their systems remain secure,” the spokesperson said. Broadcom declined to comment.

Apple has released security updates to address a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users.

Google AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyb...

Newly obtained video shows a DoorDash driver's attempt to deliver food to a customer at Chicago's O'Hare International Airport last month not only breached perimeter security but also failed to trigger an immediate response.

Microsoft has confirmed that its Remote Desktop Protocol allows logins with revoked passwords due to local caching, calling it intentional design despite security backdoor concerns.

Security researchers find a 10/10 flaw in Erlang/OTP SSHHorizon3 Attack Team says the flaw is

 A security flaw in the WinRAR file archiver solution might be used to circumvent the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows computer. The vulnerability is known as CVE-2025-31334 and impacts all WinRAR versions except the most recent release, 7.11.  Mark of the Web is a security mechanism in Windows that uses a metadata value (an additional data stream called 'zone-identifier') to identify potentially dangerous files downloaded from the internet. When you launch an executable with the MotW tag, Windows informs you that it was obtained from the internet and can be risky, and you can choose whether to continue or terminate it. Symlink to executable The CVE-2025-31334 flaw allows an attacker to circumvent the MotW security warning when opening a symbolic link (symlink) to an executable file in any WinRAR version prior to 7.11. Using a specially designed symbolic link, an attacker can execute arbitrary code. It should be noted that on Windows, symlinks can only be generated with administrator privileges.  The security flaw received a medium severity score of 6.8 and was fixed in the latest version of WinRAR, according to the applications change log: “If symlink pointing at an executable was started from WinRAR shell, the executable Mark of the Web data was ignored” - WinRaR.  Shimamine Taihei of Mitsui Bussan Secure Directions reported the vulnerability to the Information Technology Promotion Agency (IPA) in Japan. The responsible disclosure was organised by Japan's Computer Security Incident Response Team with the developer of WinRAR. Starting with version 7.10, WinRAR allows you to remove information from the MotW alternative data stream (such as location and IP address) that could be deemed a privacy issue. Cybercriminals, including state-sponsored ones, have previously used MotW bypasses to transmit malware without triggering the security warning.  Recently, Russian attackers exploited a vulnerability in the 7-Zip archiver that did not propagate the MotW when double archiving (archiving one file within another) to launch the Smokeloader malware dropper.

Explore the mystery of the 'inetpub' folder's appearance after a Windows security update and its security implications.

WinRAR users not running the latest version are subject to a security flaw that's capable of ignoring the Windows Mark of the Web security warnings.

A Cisco IOS XR flaw allows unauthenticated attackers to crash the BGP process on routers with a well-aimed BGP update. If you ever wanted to take down a carrier-grade router with the precision of a pro bowler, now’s your chance—just keep your AS_CONFED_SEQUENCE under 254 or face a DoS strikeout.

Such security, much open.

Google patches a flaw exposing YouTube users' emails, highlighting critical privacy risks and the need for robust cybersecurity measures.

As nifty and attention-garnering as the Chinese AI chatbot DeepSeek may be, there may be some security concerns associated with it. A group known as Wiz Research has discovered an issue wherein more…

 Microsoft is examining a flaw that activates security alerts on systems equipped with a Trusted Platform Module (TPM) processor after enabling BitLocker.  A Windows security feature called BitLocker encrypts storage discs to guard against data leakage or…

system firmware to "brick" the device read more about Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers

A flaw in Microsoft Azure multi-factor authentication allowed attackers to brute-force accounts, exposing data in Teams, OneDrive, and more.