Zoom has recently announced a security vulnerability affecting some of its Windows applications. The issue involves an untrusted search path in certain Zoom Windows versions. This could potentially allow a hacker to bypass authentication and escalate their privileges on a affected system through network access. In practical terms, this could lead to unauthorized actions or…

Continue Reading

Cybersecurity experts have identified a potential new risk that could undermine the security benefits of FIDO passkeys, which are increasingly adopted as a robust defense against credential phishing and account takeover attacks. While FIDO standards are designed to provide phishing-resistant, passwordless authentication, recent research indicates that malicious actors may develop techniques to trick users into…

Continue Reading

SAP, a leading provider of enterprise resource planning (ERP) solutions, has recently released its latest security updates during its August Patch Tuesday or Security Patch Day. Fixes are included for several critical vulnerabilities that organizations using SAP products should address promptly. SAP released a total of 15 new security notes, along with four updates to…

Continue Reading

Xerox Corporation has issued an urgent security advisory regarding critical vulnerabilities in its FreeFlow Core software version 8.0.4. These flaws could allow malicious actors to perform server-side request forgery (SSRF) attacks and execute remote code on affected systems, posing a significant threat to organizations relying on this software. The issues affect FreeFlow Core version 8.0.4…

Continue Reading

Cybersecurity researchers from Eclypsium in recent analysis have uncovered a serious vulnerability affecting certain Lenovo webcams that run on Linux-based firmware. This flaw allows an attacker with remote access to reflash the device’s firmware, turning it into a covert attack tool capable of injecting keystrokes or establishing persistent backdoors — all without physical access. The…

Continue Reading