7 Severe Vulnerabilities Patched in VMware Avi Load Balancer
The flaws can be exploited for authentication bypass, remote code execution, privilege escalation, and directory traversal.
The post 7 Severe Vulnerabilities Patched in VMware Avi Load Balancer appeared first on SecurityWeek.
RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata
Miggo’s security team, which discovered and reported the flaws, said one “leaks the broker’s confidential OAuth
Unpatched Claude for Chrome Flaw Lets Extensions Read Gmail, Calendar
A ClaudeBleed-linked vulnerability reportedly persists across eight patches, exposing potentially sensitive data to other extensions.
The post Unpatched Claude for Chrome Flaw Lets Extensions Read Gmail, Calendar appeared first on SecurityWeek.
Microsoft Entra ID gets passkeys default authentication starting September
New phishing kits target Microsoft 365 accounts, evade MFA
11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot
“An attacker exploiting one of these vulnerable applications can execute untrusted code during system boot, enabling deployment of malicious UEFI bootkits or other malware,”
CISA Joins NSA, FBI, DC3 and International Partners Warning of Russian Cyber Threat Activity Targeting Communications, Energy, Government and Other Critical Infrastructure Sectors
Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks
The way these wallets talk to websites and blockchain servers can tie a person’s separate addresses together and let outsiders follow them from site to site. And on a site that already holds a name or
