The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP ...

A critical remote code execution and supply chain vulnerability was recently discovered by researchers in Gemini CLI.

A severe security flaw, CVE-2024-3078, has been discovered in the Windows Wi-Fi driver. This vulnerability allows remote code execution at the kernel level without needing user interaction or ...

Vulnerabilities in EnOcean’s SmartServer IoT platform can be exploited to remotely hack building management systems.

Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform ...

Security researchers at OX Security have exposed an architectural vulnerability in Anthropic's Model Context Protocol (MCP) that enables arbitrary remote code execution on any system running a ...

This month’s Patch Tuesday fixes highlight a troubling pattern of remote code execution (RCE) holes being found in Microsoft’s core enterprise products, says an expert. “This trend reinforces the need ...

Update 4/9/24: Added information on two zero-day vulnerabilities that Microsoft did not initially mark as exploited. Today is Microsoft's April 2024 Patch Tuesday, which includes security updates for ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...

ESET researchers discovered a code execution vulnerability in WPS Office for Windows (CVE⁠-⁠2024⁠-⁠7262), as it was being exploited by APT-C-60, a South Korea-aligned cyberespionage group. Upon ...

Anthropic PBC’s official Git Model Context Protocol server has several security vulnerabilities that can lead to arbitrary file access and, in some scenarios, full remote code execution triggered ...