SMB, which stands for Server Message Block, is a protocol for sharing files, printers, and serial ports. Apple’s own SMB stack is called SMBX. Talos disclosed seven vulnerabilities found in SMBX server components and also detailed the process it used to identify them. One of the security holes was fixed silently by Apple, one was…

Generally considered secure, VS Code extensions could expose millions of developers to malicious attacks, potentially leading to the compromise of information stored on developer machines, such as credentials, or even opening the route to further attacks. Snyk’s security researchers analyzed popular VS Code extensions that start web servers, which are typically accessible locally via a…

he vulnerabilities, dubbed FragAttacks (fragmentation and aggregation attacks), were discovered by researcher Mathy Vanhoef, who was also involved in the discovery of the Key Reinstallation Attack (KRACK) vulnerabilities back in 2017. FragAttacks can be leveraged by an attacker who is within range of the targeted Wi-Fi connection to hack devices and steal sensitive user information….

Two critical vulnerabilities were patched in the SD-WAN vManage software, alongside three high-severity issues. The bugs are not dependent on one another and their exploitation doesn’t require exploitation of the others. One of the critical flaws (CVE-2021-1468, CVSS score 9.8) could allow unauthenticated, remote attackers to call privileged actions and even create new administrative accounts,…