ESET researchers discovered a code execution vulnerability in WPS Office for Windows (CVE⁠-⁠2024⁠-⁠7262), as it was being exploited by APT-C-60, a South Korea-aligned cyberespionage group. Upon ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...

A critical remote code execution and supply chain vulnerability was recently discovered by researchers in Gemini CLI.

Vulnerabilities in EnOcean’s SmartServer IoT platform can be exploited to remotely hack building management systems.

Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform ...

PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, ...

The vulnerability represents a bypass of fixes put in place this year for three critical RCE flaws that had the same root cause and have since been used in attacks. Developers of Apache OFBiz, an open ...

The GIGABYTE Control Center is vulnerable to an arbitrary file-write flaw that could allow a remote, unauthenticated attacker to access files on vulnerable hosts. The hardware maker says that ...