Tag Archives: flaw

A vulnerability in multiple versions of OxygenOS, the Android-based operating system from OnePlus, allows any installed app to access SMS data and metadata without requiring permission or user interaction. OnePlus, a subsidiary of Oppo, is a Shenzhen-based consumer electronics maker known for developing high-end smartphones at competitive pricing. While other major Chinese brands like Huawei and Xiaomi aren’t available in …

One of the biggest talking points surrounding the new iPhone line up is the design. From the ultra thin iPhone Air to the, er, interesting iPhone 17 Pro unibody design, this is the most radically different looking bunch of phones Apple has dropped for some time. But if a growing chorus of grumblings is anything to go by, there’s a …

A critical token validation failure in Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any user, including Global Administrators, across any tenant. The vulnerability, tracked as CVE-2025-55241, has been assigned the maximum CVSS score of 10.0. It has been described by Microsoft as a privilege escalation flaw in Azure Entra. There is no indication that …

A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world. The fatal mix included undocumented tokens called “actor tokens” and a vulnerability in the Azure AD Graph API (CVE-2025-55241) that allowed the tokens to work with any organization’s Entra ID environment. A threat actor exploiting the issue …

Samsung says it has fixed a zero-day security vulnerability that is being used to hack into its customers’ phones.  The phone maker said the security flaw, discovered in a software library for displaying images on Samsung devices, allows hackers to remotely plant malicious code on Samsung devices running Android 13 through the most recent version, Android 16.  Samsung’s advisory said …

Back in July, I gobbled Donkey Kong Bananza up like an ape in a banana store. I couldn’t help myself; the punch-based puzzling was delicious. But by the end of my 40-hour binge, I ended up with a bit of a tummy ache. The destruction standbox grew stale the deeper I dug into its overabundance of layers. I left my …

Forty names, games, teams and minutiae making news in college football, where early season firings are back in vogue at UCLA and Virginia Tech. Most teams are 25% of the way into the regular season. It’s still early in the College Football Playoff race, but a not-insignificant amount of results have been acquired. Have you seen the analytics ratings? Oh …

It’s difficult to understate the amount of hype Bears fans had entering their Week 1 matchup with the Vikings on Monday Night Football. For months they’ve been pitched the ultimate sales package, one that banked on Ben Johnson’s offensive brilliance, and came couched with the belief that he could do for Caleb Williams what he did with Jared Goff in …

Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. The flaw, tracked under CVE-2025-53690, is a ViewState deserialization vulnerability caused by the inclusion of a sample ASP.NET machine key in pre-2017 Sitecore guides. Some customers reused this key in production, allowing attackers with knowledge of the key to craft valid, but malicious …

Solar eclipse maps show crisp lines for the path of totality, the narrow strip where a total solar eclipse will be visible. But in reality, the edges of the path are fuzzy, jagged and sometimes wrong by hundreds of meters or more. That might not matter if you’re standing on the path’s centerline, where many eclipse chasers head to experience …