Hacker News with Generative AI: Software Vulnerabilities

Jury orders NSO to pay $167M for hacking WhatsApp users (arstechnica.com)
A jury has awarded WhatsApp $167 million in punitive damages in a case the company brought against Israel-based NSO Group for exploiting a software vulnerability that hijacked the phones of thousands of users.
Lawsuits, Privacy, Cybersecurity, Software Vulnerabilities, Technology
231 points by Bender 17 days ago | 128 comments
OpenOffice still being recommended despite year-old unfixed security issues (fosstodon.org)
Security, Software Vulnerabilities, OpenOffice
12 points by mksaunders2 17 days ago | 4 comments
Backdoor found in popular ecommerce components (sansec.io)
Hundreds of stores, including a $40 billion multinational, are running backdoored versions of popular ecommerce software. We found that the backdoor is actively used since at least April 20th. Sansec identified these backdoors in the following packages which were published between 2019 and 2022.
Cybersecurity, Ecommerce, Software Vulnerabilities
6 points by gnabgib 18 days ago | 0 comments
Mitre warns CVE program at risk of closing in 2 days (cyberplace.social)
Cybersecurity, Government, Software Vulnerabilities, CVE Program
14 points by choult 38 days ago | 0 comments
Falsehoods People Believe about CVE's (medium.com)
Despite its ubiquity, there is widespread confusion about what a CVE actually is. Many people — some of them in charge of large enterprises— believe a CVE is the same thing as a software vulnerability. Or that every software vulnerability has a CVE. Or that a CVE always includes technical details, a fix, a CVSS score, and a confession from the developer who introduced the bug.
Cybersecurity, Software Vulnerabilities, Misconceptions
3 points by Jlleitschuh 39 days ago | 2 comments
Microsoft isn't fixing 8-year-old shortcut exploit abused for spying (theregister.com)
An exploitation avenue found by Trend Micro has been used in an eight-year-long spying campaign, but there's no sign of a fix from Microsoft, which apparently considers this a low priority.
Cybersecurity, Software Vulnerabilities, Microsoft, Espionage
33 points by rntn 66 days ago | 13 comments
Hugging Face datasets and models for cybersecurity/sofwtare vulnerabilities (huggingface.co)
CIRCL is the CERT (Computer Emergency Response Team/Computer Security Incident Response Team) for the private sector, communes and non-governmental entities in Luxembourg.
Cybersecurity, Software Vulnerabilities, Machine Learning, Datasets
7 points by cedricbonhomme 75 days ago | 1 comments
U.S. Government Disclosed 39 Zero-Day Vulnerabilities in 2023, First-Ever Report (zetter-zeroday.com)
In a first-of-its-kind report, the US government has revealed that it disclosed 39 zero-day software vulnerabilities to vendors or the public in 2023 for the purpose of getting the vulnerabilities patched or mitigated, as opposed to retaining them to use in hacking operations.
Cybersecurity, Government, Software Vulnerabilities, Zero-Day Vulnerabilities
221 points by jc_811 106 days ago | 148 comments
Zizmor would have caught the Ultralytics workflow vulnerability (yossarian.net)
TL;DR: zizmor would have caught the vulnerability that caused this…mostly. Read on for details.
Security, Workflow, Software Vulnerabilities
81 points by campuscodi 166 days ago | 23 comments
CVE-2024-29510 – Exploiting Ghostscript using format strings (codeanlabs.com)
Security, Software Vulnerabilities, Programming, Exploits
41 points by ThomasRinsma 325 days ago | 9 comments
"90% of Java services have critical or security vulnerabilities" (vived.substack.com)
Java, Security, Software Vulnerabilities
12 points by mihau 392 days ago | 3 comments