BentoML Vulnerability Allows Remote Code Execution on AI Servers
TL;DR: A critical deserialization vulnerability (CVSS 9.8 – CVE-2025-27520) in BentoML (v1.3.8–1.4.2) lets attackers execute remote code without…
npm Malware Targets Atomic and Exodus Wallets to Hijack Crypto Transfers
ReversingLabs reveals a malicious npm package targeting Atomic and Exodus wallets, silently hijacking crypto transfers via software patching.
U.S. CISA adds Linux Kernel flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Linux Kernel flaws, respectively tracked as CVE-2024-53197 and CVE-2024-53150, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability CVE-2024-53197 (CVSS score of 7.8) resides in the Linux kernel’s ALSA USB-audio driver affecting Extigy […]
Tesla Lawsuit May Allege “Collision Warning” Data Was Faked to Increase Insurance Profit
It’s easy to see how Tesla came up with this opaque and unaccountable plan. First they tell people Tesla insurance will be more efficient and less expensive. Second they create a complicated mess and charge people far more. A potential class-acti…
Can VPNs Be Tracked by the Police?
VPNs are popular due to the fact they add security and privacy to what are otherwise fairly open Wi-Fi and public internet channels. But can VPNs be tracked by the police?
An APT group exploited ESET flaw to execute malware
At least one APT group has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security measures. Kaspersky researchers reported that an APT group, tracked as ToddyCat, has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security. The vulnerability, tracked as CVE-2024-11859, is a DLL Search Order Hijacking issue that potentially allow […]
Oracle confirms the hack of two obsolete servers hacked. No Oracle Cloud systems or customer data were affected
Oracle confirmed a hacker stole credentials from two obsolete servers but said no Oracle Cloud systems or customer data were affected. Oracle confirmed a hacker stole and leaked credentials from two obsolete servers, but said no Oracle Cloud systems or customer data were affected. The threat actor accessed usernames from two outdated, non-Oracle Cloud Infrastructure […]
Official links undocumented Afghans to tuberculosis spread in Iran, announces border crackdown
Iran’s deputy interior minister for security affairs has raised public health concerns regarding undocumented Afghan migrants, acknowledging they account for approximately 25% of tuberculosis cases in Iran.
Polestar Awarded “Close to Perfect” Child Safety Score
The latest leader board on car safety tests, specific to features protecting children, rates Polestar engineering significantly ahead of the competition. The programme director at Euro NCAP, Dr. Aled Williams, said the Polestar’s performance was “tanta…
Airborne Tesla Crash in China Adds to Long List of Sudden Acceleration (SUA) Investigations
A Tesla violently crashed on Taishan Avenue East in Yubei District, Chongqing at around 3:00 p.m. on April 6, adding another case to a notoriously questionable safety record. The manufacturer with a troubling history of sudden unintended acceleration c…