964 matches found
[SECURITY] Fedora 43 Update: gstreamer1-plugins-bad-free-1.26.11-1.fc43
GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins that aren't tested well enough, or the code is not of good enough quality...
CVE-2025-52645
HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour...
Could your face change what you pay? NYC wants limits on biometric tracking
New York City lawmakers are pushing to ban private businesses from using biometric tools like voice and facial recognition software to track the public. While the desire to use surveillance technology in stores to fight shoplifting is understandable, lawmakers and privacy advocates are worried th...
Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
Google on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety. The new changes come against the backdrop of a developer verification mandate the tech...
The Danger Behind Meta Killing End-to-End Encryption for Instagram DMs
Meta blamed users for not opting into the privacy-protecting feature. Experts fear the move could be the first major domino to fall for end-to-end encryption tech worldwide...
90% of people don’t trust AI with their data
AI didn’t sneak into our lives. It burst through the door, took a seat at the table, and started finishing our sentences. Instead of a helpful list of links, Google now tries to answer your question. Microsoft’s Copilot drafts replies to your boss before you’ve had coffee. Your phone summarizes...
CVE-2025-52645
HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour...
Malicious Package
Overview n8n-nodes-data-transform is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
CVE-2025-52645 HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification.
HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour...
Jailbreaking the F-35 Fighter Jet
Countries around the world are becoming increasingly concerned about their dependencies on the US. If you've purchase US-made F-35 fighter jets, you are dependent on the US for software maintenance. The Dutch Defense Secretary recently said that he could jailbreak the planes to accept third-party...
How AI Assistants are Moving the Security Goalposts
AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any task -- are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, thes...
Ring doorbells: Won’t you see my neighbor? (Lock and Code S07E05)
This week on the Lock and Code podcast … On February 8, during the Super Bowl in the United States, countless owners of one of the most popular smart products today got a bit of a wakeup call: Their Ring doorbells could be used to see a whole lot more than they knew. In a commercial that was...
EUVD-2026-8874
The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to an authentication bypass issue in their web management interface. The flaw stems from inadequate enforcement of access controls, allowing certain functionality to be accessed without proper authentication. This weakness can lea...
CVE-2026-1241
The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to an authentication bypass issue in their web management interface. The flaw stems from inadequate enforcement of access controls, allowing certain functionality to be accessed without proper authentication. This weakness can lea...
Instagram flagged explicit messages to minors in 2018. Image-blurring arrived six years later
Meta took six years to blur explicit images on Instagram, even though internal emails show executives were aware in 2018 that minors were receiving them, according to newly unsealed court documents. In a deposition given last year, Adam Mosseri now the head of Instagram discusses an email thread...
PT-2026-22173
Name of the Vulnerable Software and Affected Versions Pelco Sarix Professional 3 Series Cameras affected versions not specified Description The Pelco Sarix Professional 3 Series Cameras have a flaw in their web management interface related to insufficient access control enforcement. This allows...
Developer creates app to detect nearby smart glasses
An independent developer, moved after reading about the abuse of smart glasses to film people without their consent, decided to create an app to detect nearby smart glasses. Smart glasses are wearable devices built into ordinary-looking eyewear that add functions like audio, cameras, sensors, and...
CVE-2025-61144
A denial of service flaw has been found in libtiff. This stack-based buffer overflow occurs in tiffcrop part of libtiff within the function readSeparateStripsIntoBuffer. When processing a malformed TIFF directory e.g., improper tags/order, missing StripByteCounts, the function overflows a...
Agents of Chaos
We report an exploratory red-teaming study of autonomous language-model-powered agents deployed in a live laboratory environment with persistent memory, email accounts, Discord access, file systems, and shell execution. Over a two-week period, twenty AI researchers interacted with the agents unde...
What can’t you say on TikTok?
This week on the Lock and Code podcast … A funny thing happened on TikTok last month, and it has brought allegations of censorship, manipulation, and control. It was the week of January 22, and after a long legal battle, TikTok had finally—for the first time in its company history—moved its...