UK Demanded Apple Add a Backdoor to iCloud

Last month, the UK government demanded that Apple weaken the security of iCloud for users worldwide. On Friday, Apple took steps to comply for users in the United Kingdom. But the British law is written in a way that requires Apple to give its government access to anyone, anywhere in the world. I...

CVE-2022-49054

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Deactivate sysctlrecordpanicmsg by default in isolated guests hvpanicpage might contain guest-sensitive information, do not dump it over to Hyper-V by default in isolated guests. While at it, update some...

Drupal General Data Protection Regulation module < 3.0.1,3.1.0-3.1.1 - Unauthenticated Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF vulnerability discovered by Pierre Rudloff prudloff in WordPress Module General Data Protection Regulation versions 3.0.1,3.1.0-3.1.1...

The vulnerability of Zoom’s video conferencing software lies in the insufficient protection of sensitive data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of Zoom video conferencing software is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the software for data integration and analytics in Hitachi Vantara Pentaho Data Integration & Analytics lies in the insufficient protection of registration data, allowing unauthorized access to protected information by attackers.

The vulnerability of the software for data integration and analytics in Hitachi Vantara Pentaho Data Integration & Analytics lies in the insufficient protection of registration data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to...

The vulnerability of Zoom’s video conferencing software lies in the insufficient protection of sensitive data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of Zoom video conferencing software is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the software products of the LLC “NPO ‘MIR’, related to the use of weak protection for database data, allows attackers to disclose the protected information.

The vulnerability of the software products developed by LLC “NPO ‘MIR’ lies in the use of weak protection for database credentials. Exploiting this vulnerability could allow an attacker, operating remotely, to disclose the protected information...

Command Platform Innovations Eliminate Data Blind Spots Through Complete Visibility and Context-Driven Risk Prioritization

Rapid7 provides unmatched attack surface visibility through the Command Platform, helping security teams identify, prioritize, and remediate risk across hybrid environments. Surface Command is the only solution available that combines native external and internal scanning into a single unified vi...

⚡ THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple's Data Dilemma

Welcome to your weekly roundup of cyber news, where every headline gives you a peek into the world of online battles. This week, we look at a huge crypto theft, reveal some sneaky AI scam tricks, and discuss big changes in data protection. Let these stories spark your interest and help you...

The vulnerability of the runas function in the microprogramming software of the digital analysis system MEAC300 allows a hacker to elevate their privileges to the level of an administrator.

The vulnerability of the runas function in the MEAC300 digital analysis system is related to insufficient protection for registration data. Exploiting this vulnerability can allow an attacker, operating remotely, to elevate their privileges to the level of an administrator...

Apple Drops iCloud's Advanced Data Protection in the U.K. Amid Encryption Backdoor Demands

Apple is removing its Advanced Data Protection ADP feature for iCloud from the United Kingdom with immediate effect following government demands for backdoor access to encrypted user data. The development was first reported by Bloomberg. ADP for iCloud is an optional setting that ensures that...

Streamline Security: Automate Database Compliance with Qualys Cloud Agent

Compliance audit failures remain a critical challenge for organizations, particularly in database security. According to the 2024 Thales Data Threat Report, nearly 43% of companies failed at least one compliance audit in the past year. This is a significant concern because audit failures correlat...

DeepSeek found to be sharing user data with TikTok parent company ByteDance

A couple of weeks ago we reported on the concerns surrounding data collection and security at DeepSeek, the Chinese AI company which recently made headlines for shaking up the industry after seemingly appearing from nowhere to become top of the app download charts. Now South Korea’s Personal...

Citrix Systems Secure Access 安全漏洞

Citrix Systems Secure Access is a secure access solution from Citrix Systems USA. A security vulnerability exists in Citrix Systems Secure Access that stems from improperly restricting application privileges. An attacker could read or modify sensitive data by exploiting the vulnerability...

The vulnerability of the dpaa2-switch component in the Linux operating system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the dpaa2-switch component in the Linux operating system is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow unauthorized access to protected information...

The vulnerability of the octeontx2-pf component in the Linux operating system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the octeontx2-pf component in the Linux operating system is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow unauthorized access to protected information...

The vulnerability of the Linux operating system’s Ethernet kernel component, which allows a hacker to gain unauthorized access to protected information

The vulnerability of the Linux operating system’s Ethernet kernel component is related to insufficient protection of service data in the grethinitrings function. Exploiting this vulnerability can allow unauthorized access to protected information...

The vulnerability of the kernel component of the Linux operating system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the kernel component of the Linux operating system is related to insufficient protection of service data in the tbnetopen function. Exploiting this vulnerability can allow unauthorized access to protected information...

South Korea Suspends DeepSeek AI Downloads Over Privacy Violations

South Korea has formally suspended new downloads of Chinese artificial intelligence AI chatbot DeepSeek in the country until the service makes changes to its mobile apps to comply with data protection regulations. Downloads have been paused as of February 15, 2025, 6:00 p.m. local time, the...

Dell NetWorker Code Execution Vulnerability

Dell NetWorker is an enterprise-class data protection solution offered by Dell as part of the Dell Data Protection Suite that supports the protection of critical workloads across heterogeneous environments. A code execution vulnerability exists in Dell NetWorker. An attacker could exploit the...