Threat Actors are actively exploiting CVE-2024-3721, a command injection vulnerability in TBK DVR devices (Digital Video Recorders). This flaw allows unauthenticated remote code execution (RCE) via crafted HTTP requests to the endpoint. The compromised devices are conscripted into a botnet capable of conducting DDoS attacks. – Read more
Latest article
Critical bug in popular vm2 Node.js sandboxing library puts projects at risk
A critical vulnerability has been patched in vm2, a widely used library for the Node.js JavaScript runtime that allows untrusted...
$95M Payout: Apple Begins Compensating Users in Siri Eavesdropping Case
Apple has started issuing Siri privacy settlement payouts, with claimants seeing deposits as low as $8 per device from a $95 million fund.
The post...
Burner phones and lead-lined bags: a history of UK security tactics in China
Starmer’s team is wary of spies but such fears are not new – with Theresa May once warned to get dressed under a duvetWhen...
Patch Tuesday and the Enduring Challenge of Windows’ Backwards Compatibility
IntroductionIf you received an email with the subject “I LOVE YOU” and an attachment called “LOVE-LETTER-FOR-YOU.TXT”, would you open it? Probably not, but back...
