Millions of websites threatened by highly critical code-execution bug in Drupal

Enlarge (credit: Victorgrigas) Millions of sites that run the Drupal content management system run the risk of being hijacked until they’re patched against a vulnerability that allows hackers to remotely execute malicious code, managers of the open source project warned Wednesday. CVE-2019-6340, as the flaw is tracked, stems from a failure to sufficiently validate user […]

400k servers may be at risk of serious code-execution attacks. Patch now

Hacker stock photos FTW. (credit: Thinkstock Photos) A bug in an obscure but widely used email program may be putting as many as 400,000 servers around the world at risk of serious attack until they install an update. The flaw—which is in all releases of the Exim message transfer agent except for version 4.90.1—opens servers […]

A wormable code-execution bug has lurked in Samba for 7 years. Patch now!

Enlarge (credit: Guido Sorarù) Maintainers of the Samba networking utility just patched a critical code-execution vulnerability that could pose a severe threat to users until the fix is widely installed. The seven-year-old flaw, indexed as CVE-2017-7494, can be reliably exploited with just one line of code to execute malicious code, as long as a few […]

Intel patches remote code-execution bug that lurked in chips for 10 years

Enlarge (credit: Intel) Remote management features that have shipped with Intel processors for almost a decade contain a critical flaw that gives attackers full control over the computers that run on vulnerable networks. That’s according to an an advisory published Monday afternoon by Intel. Intel has released a patch for the vulnerability, which resides in […]