Communications of the ACM

Fifty Years of Open Source Software Supply-Chain Security

An open source software supply-chain vulnerability is an exploitable weakness in trusted software caused by a third-party, ...
Benzinga.com

Nemo Protocol Blames $2.6M Exploit on Developer Who Deployed Unaudited Code

Nemo Protocol released a comprehensive post-mortem blaming a rogue developer for deploying unaudited code containing critical vulnerabilities that enabled a $2.59 million exploit on September 7. The ...
Nextgov

Is artificial intelligence a friend, foe or frenemy? NIST wants to find out

Get the latest federal technology news delivered to your inbox. Artificial intelligence is fast becoming cybersecurity’s ultimate double agent. The same tools that help defenders spot anomalies, ...
Infosecurity-magazine.com

Malicious VS Code Extensions Exploit Name Reuse Loophole

A new campaign involving malicious Visual Studio Code (VS Code) extensions has exposed a loophole in the VS Code Marketplace that allows threat actors to reuse names of previously removed packages.
Hosted on MSN

Apache Log4j - The Exploit That Nearly Brought Down the Internet

A single flaw in Apache Log4j spiraled into one of the most dangerous exploits ever found. Experts warned it could have taken down the entire internet. White House responds to Trump-Putin documents ...
Infosecurity-magazine.com

Fortinet Warns Exploit Code Available for Critical Vulnerability

Sysadmins have been urged to prioritize updating a new critical vulnerability in Fortinet’s FortiSIEM solution, as exploit code is currently circulating in the wild. Published on Tuesday, ...
PC World

Microsoft fixed 100+ security flaws in Windows and Office this month

Yesterday was Patch Tuesday for Microsoft, which means tons of security updates across the company’s products and services. Specifically, 107 new security vulnerabilities have been patched. Microsoft ...
Computer Weekly

Eight critical RCE flaws make Microsoft’s latest Patch Tuesday list

No fewer than eight critical flaws that could allow a threat actor to achieve remote code execution (RCE) on a targeted system are listed in Microsoft’s August Patch Tuesday update, which once again ...
Ars Technica

Adult sites are stashing exploit code inside racy .svg files

Dozens of porn sites are turning to a familiar source to generate likes on Facebook—malware that causes browsers to surreptitiously endorse the sites. This time, the sites are using a newer vehicle ...
Business Wire

AI-Generated Code Poses Major Security Risks in Nearly Half of All Development Tasks, Veracode Research Reveals

BURLINGTON, Mass.--(BUSINESS WIRE)--Veracode, a global leader in application risk management, today unveiled its 2025 GenAI Code Security Report, revealing critical security flaws in AI-generated code ...
TechCrunch

Activision took down Call of Duty game after PC players hacked, says source

Games giant Activision took down Call of Duty: WWII due to hackers exploiting a flaw in a specific PC version of the game, which led to several players getting their computers hacked, TechCrunch has ...
PC Gamer

Call of Duty: WW2 pulled from PC following reports of remote code exploit trolling players with 'Notepad pop-ups, PC shutdowns' and desktop wallpaper of a lawyer

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Activision has pulled a specific PC version of Call of Duty: WW2 just days after release, ...