Critical 'MongoBleed' Bug Under Active Attack, Patch Now
A memory leak security vulnerability allows unauthenticated attackers to extract passwords and tokens from MongoDB servers.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A memory leak security vulnerability allows unauthenticated attackers to extract passwords and tokens from MongoDB servers.
Actively Targeted Zero Day Patched; Warning Issued After Device Configurations LeakFortinet has released patches to fix a zero-day vulnerability being actively exploited by attackers. Separately, researchers are warning customers to review their infrastructure after attackers leaked configuration details - including firewall rules and plaintext VPN passwords - for 15,000 devices.
A now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when opening a specially crafted file
Phemedrone Stealer loots drives for passwords, cookies, login tokens, etc Criminals are exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that scans machines for sensitive information – passwords, cookies, authentication tokens, you name it – to grab and leak.…
Google's security researcher Tavis Ormandy discovered a new vulnerability impacting AMD Zen2 CPUs that could allow a malicious actor to steal sensitive data, such as passwords and encryption keys, at a rate of 30KB/sec from each CPU core. [...]
Zen 2 flaw more simple than Spectre, exploit code already out there – get patching when you can AMD has started issuing some patches for its processors affected by a serious silicon-level bug dubbed Zenbleed that can be exploited by rogue users and malware to steal passwords, cryptographic keys, and other secrets from software running on a vulnerable system.…
A vulnerability in Argo CD, used by thousands of orgs for deploying applications to Kubernetes, can be leveraged in attacks to disclose sensitive information such as passwords and API keys. [...]