Discord is “experimenting” with an age authentication vendor whose major investors include Thiel’s Founders Fund.
Category: security – Page 2
CISA flags critical Microsoft SCCM flaw as exploited in attacks
CISA ordered U.S. government agencies on Thursday to secure their systems against a critical Microsoft Configuration Manager vulnerability patched in October 2024 and now exploited in attacks.
Microsoft Configuration Manager (also known as ConfigMgr and formerly System Center Configuration Manager, or SCCM) is an IT administration tool for managing large groups of Windows servers and workstations.
Tracked as CVE-2024–43468 and reported by offensive security company Synacktiv, this SQL injection vulnerability allows remote attackers with no privileges to gain code execution and run arbitrary commands with the highest level of privileges on the server and/or the underlying Microsoft Configuration Manager site database.
12 Emerging Innovative Technology Areas for Government Prioritization
By Chuck Brooks
#technology #government #security
By Chuck Brooks, president of Brooks Consulting International
The future of innovation in both government and industry will not be distinguished by singular breakthroughs, but rather by the convergence and meshing of a number of different new technologies. Going forward, industries, national security, economic competitiveness, privacy and almost every aspect of everyday life will all be reshaped as a result of this integrated ecosystem, which encompasses artificial intelligence, quantum computing, improved connectivity, space systems and other areas.
Twelve crucial technical domains will help propel the federal government toward this convergent transformation.
Microsoft: New Windows LNK spoofing issues aren’t vulnerabilities
Today, at Wild West Hackin’ Fest, security researcher Wietze Beukema disclosed multiple vulnerabilities in Windows LK shortcut files that allow attackers to deploy malicious payloads.
Beukema documented four previously unknown techniques for manipulating Windows LNK shortcut files to hide malicious targets from users inspecting file properties.
LNK shortcuts were introduced with Windows 95 and use a complex binary format that allows attackers to create deceptive files that appear legitimate in Windows Explorer’s properties dialog but execute entirely different programs when opened.
Fake AI Chrome extensions with 300K users steal credentials, emails
A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email content, and browsing information.
Some of the extensions are still present in the Chrome Web Store and have been installed by tens of thousands of users, while others show a small install count.
Researchers at browser security platform LayerX discovered the malicious extension campaign and named it AiFrame. They found that all analyzed extensions are part of the same malicious effort as they communicate with infrastructure under a single domain, tapnetic[.]pro.
Apple fixes zero-day flaw used in ‘extremely sophisticated’ attacks
Apple has released security updates to fix a zero-day vulnerability that was exploited in an “extremely sophisticated attack” targeting specific individuals.
Tracked as CVE-2026–20700, the flaw is an arbitrary code execution vulnerability in dyld, the Dynamic Link Editor used by Apple operating systems, including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS.
Apple’s security bulletin warns that an attacker with memory write capability may be able to execute arbitrary code on affected devices.
WordPress plugin with 900k installs vulnerable to critical RCE flaw
A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution by uploading arbitrary files without authentication.
The security issue is tracked as CVE-2026–1357 and received a severity score of 9.8. It impacts all versions of the plugin up to 0.9.123 and could lead to a complete website takeover.
Despite the severity of the issue, researchers at WordPress security company Defiant say that only sites with the non-default “receive backup from another site” option enabled are critically impacted.
