Security
Headlines
HeadlinesLatestCVEs

Latest News

GHSA-xx83-cxmq-x89m: Boundary Community Edition Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service

Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process. This vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2.

ghsa
Open in Source
#vulnerability#dos#auth
3 key features in Red Hat Advanced Cluster Security for Kubernetes 4.6

Red Hat Advanced Cluster Security for Kubernetes and Red Hat Advanced Cluster Security for Kubernetes Cloud Service versions 4.6 are now available. This update lays the foundation for a future based on policy as code and improves the UI to make it easier for users to find what they need.The significant changes in this version can be found here, but the highlights are:Violations Management UX improvementsACS Scanner v4 adopts Red Hat CSAF/VEXNVD CVSS scores for all CVEs (when available)Compliance reportingACSCS PCI DSS 4.0.0 complianceRed Hat Advanced Cluster Management for Kubernetes GlobalHub

Professions That Are the Most Exposed to Cybersecurity Threats

Explore the professions most vulnerable to cybersecurity threats in 2025, from IT pros to crypto investors. Learn how…

Lloyd's of London Launches New Cyber Insurance Consortium

Under the program, HITRUST-certified organizations gain access to exclusive coverage and rates.

CVE-2024-12382: Chromium: CVE-2024-12382 Use after free in Translate

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

CVE-2024-12381: Chromium: CVE-2024-12381 Type Confusion in V8

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

The Growing Importance of Secure Crypto Payment Gateways

Learn how cryptocurrency’s rapid growth brings risks like fake payment gateways and online scams. Discover tips to stay…

336K Prometheus Instances Exposed to DoS, 'Repojacking'

Open source Prometheus servers and exporters are leaking plaintext passwords and tokens, along with API addresses of internal locations.

Chinese Cops Caught Using Android Spyware to Track Mobile Devices

Law enforcement across mainland China have been using EagleMsgSpy surveillance tool to collect mobile device data since at least 2017, new research shows.

IoT Cloud Cracked by 'Open Sesame' Over-the-Air Attack

Researchers demonstrate how to hack Ruijie Reyee access points without Wi-Fi credentials or even physical access to the device.