Microsoft announced today that Windows 10 home users can delay the switch to Windows 11 for one more year if they’re willing to pay $30 for Extended Security Updates (ESU). […]
Windows 11 Task Manager says no apps are active after preview update
Microsoft is investigating a new Windows 11 issue that causes the Task Manager to say there are zero running apps and background processes. […]
LiteSpeed Cache WordPress plugin bug lets hackers get admin access
The free version of the popular WordPress plugin LiteSpeed Cache has fixed a dangerous privilege elevation flaw on its latest release that could allow unauthenticated site visitors to gain admin rights. […]
qBittorrent fixes flaw exposing users to MitM attacks for 14 years
qBittorrent has addressed a remote code execution flaw caused by the failure to validate SSL/TLS certificates in the application’s DownloadManager, a component that manages downloads throughout the app. […]
Sophos Used Custom Implants to Surveil Chinese Hackers Targeting Firewall Zero-Days
British EDR vendor Sophos details a years-long “cat-and-mouse” tussle with sophisticated Chinese government-backed hackers.
The post Sophos Used Custom Implants to Surveil Chinese Hackers Targeting Firewall Zero-Days appeared first on SecurityWeek.
New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics
Cybersecurity researchers have discovered an improved version of an Apple iOS spyware called LightSpy that not only expands on its functionality, but also incorporates destructive capabilities to prevent the compromised device from booting up.
“While the iOS implant delivery method closely mirrors that of the macOS version, the post-exploitation and privilege escalation stages differ
“While the iOS implant delivery method closely mirrors that of the macOS version, the post-exploitation and privilege escalation stages differ
Microsoft fixes Windows 10 bug causing apps to stop working
Microsoft has fixed a known issue that prevents some apps launched from non-admin accounts from starting on Windows 10 22H2 systems after installing the September preview cumulative update. […]
LottieFiles Issues Warning About Compromised “lottie-player” npm Package
LottieFiles has revealed that its npm package “lottie-player” was compromised as part of a supply chain attack, prompting it to release an updated version of the library.
“On October 30th ~6:20 PM UTC – LottieFiles were notified that our popular open source npm package for the web player @lottiefiles/lottie-player had unauthorized new versions pushed with malicious code,” the company said in a
“On October 30th ~6:20 PM UTC – LottieFiles were notified that our popular open source npm package for the web player @lottiefiles/lottie-player had unauthorized new versions pushed with malicious code,” the company said in a
Over a thousand online shops hacked to show fake product listings
A phishing campaign dubbed ‘Phish n’ Ships’ has been underway since at least 2019, infecting over a thousand legitimate online stores to promote fake product listings for hard-to-find items. […]
Yahoo Discloses NetIQ iManager Flaws Allowing Remote Code Execution
Yahoo researchers found nearly a dozen vulnerabilities in OpenText’s NetIQ iManager and some could have been chained for unauthenticated RCE.
The post Yahoo Discloses NetIQ iManager Flaws Allowing Remote Code Execution appeared first on SecurityWeek.