Tag

Security

All articles tagged with #security

Most Free Android VPN Apps Fail Basic Privacy Tests, Study Finds
technology9 hours ago

Most Free Android VPN Apps Fail Basic Privacy Tests, Study Finds

A large study of 281 popular free Android VPN apps found widespread privacy flaws: 29 apps leaked DNS traffic, 61 sent data in plaintext, five downloaded unencrypted configuration files that could be hijacked, and 169 hid VPN activity to be easily blocked. Most apps also collected device data and tracking identifiers, undermining privacy while offering little real security, with only one of 108 OpenVPN configurations meeting all security best practices. The researchers urge independent audits and caution users to scrutinize marketing claims beyond “verified” labels.

Trump’s Qatar-Gifted Air Force One Faces Security Scrutiny from Former Secretary
politics11 hours ago

Trump’s Qatar-Gifted Air Force One Faces Security Scrutiny from Former Secretary

A former Air Force secretary questions the security readiness of Trump’s Qatar-donated Air Force One after he used it to attend a NATO summit, noting missing standard protections and secure communications. Insiders have warned the jet lacks key mission features (such as secure comms and defenses), prompting reports that Trump swapped back to the old VC-25A on the return flight. The White House insists the new aircraft is secure, but the situation has sparked safety concerns amid Iran tensions and ongoing jet delays.

Trump Pushes for Permanent White House Fence as Security Overhaul
politics18 hours ago

Trump Pushes for Permanent White House Fence as Security Overhaul

President Donald Trump is pursuing a plan to install permanent fences around the White House, with barriers at key Pennsylvania Avenue intersections to allow officials to close pedestrian access when security risks arise; the proposal would extend beyond current temporary barriers and comes as part of Trump’s broader White House makeover, despite concerns from some officials about public access.

Defender Patch Sparks Disk-Destroying Attack Scenario
security1 day ago

Defender Patch Sparks Disk-Destroying Attack Scenario

Microsoft patched a Windows Defender zero-day (CVE-2026-50656), but researchers warn that new defense-in-depth changes connected to the Microsoft Malware Protection Engine and SpyNet could let an attacker exhaust disk space by writing massive data via a crafted SMB interaction. Exploitation would require a specialized SMB setup and a malicious file sequence; the fix is auto-installed, and the risk is currently described as a theoretical scenario amid tension between the researcher and Microsoft.

RoguePlanet Privilege Escalation in Defender Finally Patched, No Action Needed
security1 day ago

RoguePlanet Privilege Escalation in Defender Finally Patched, No Action Needed

Microsoft issued security updates addressing RoguePlanet, a privilege-escalation flaw in the Microsoft Malware Protection Engine (mpengine.dll) that could spawn a SYSTEM shell. The fix arrives in Defender engine version 1.1.26060.3008 with defense-in-depth hardening. Disclosed by Chaotic Eclipse, RoguePlanet can be exploited on Windows systems with the June 2026 Patch Tuesday and works regardless of real-time protection. Microsoft says no customer action is required beyond automatic updates.

Microsoft to boost Windows security updates with AI
tech1 day ago

Microsoft to boost Windows security updates with AI

Microsoft says it will use AI to identify potential security issues earlier, leading to a higher volume of security updates in each Windows release. While AI helps speed fixes, the company emphasizes that humans will still review and approve updates as it expands AI usage across its Secure Development Lifecycle, amid growing AI-enabled cyber threats and research into vulnerabilities.

Royal Rift Deepens as Harry’s Security Battle Complicates UK Visit
world2 days ago

Royal Rift Deepens as Harry’s Security Battle Complicates UK Visit

Prince Harry’s UK security dispute intensified after the government refused to extend police protection beyond royal properties and he returned to Britain alone. The same trip saw him lose a long-running privacy case against Associated Newspapers Limited, which his supporters call a victory; experts say the royal family remains frustrated and cautious about maintaining the monarchy’s integrity. King Charles is portrayed as aiming to protect the institution, while Prince William focuses on family peace and distancing himself from Sussex drama. Buckingham Palace has said it won’t intervene in security decisions, leaving protection issues to government authorities (RAVEC), and the episode has deepened a rift as reconciliation remains uncertain.

Ubiquiti patches seven UniFi OS flaws, including a critical UniFi Connect command-injection risk
security2 days ago

Ubiquiti patches seven UniFi OS flaws, including a critical UniFi Connect command-injection risk

Ubiquiti released security updates to fix seven critical UniFi OS vulnerabilities, including CVE-2026-50746 in the UniFi Connect App that could allow command injection; users should upgrade the UniFi Connect app to version 3.4.20+ and apply patches across UniFi Talk, UniFi Access, UniFi Protect, and the UniFi OS Server. The company notes several flaws can be exploited in low-complexity attacks with no user interaction. Threats note that more than 100,000 UniFi OS instances are exposed online (per Censys), though it isn’t clear how many are patched, honeypots, or otherwise secured. The report also references past CISA/FBI warnings and demonstrations of exploitation techniques in related Ubiquiti products.

Six-figure bounty awarded for Linux KVM guest-to-host escape flaws
security2 days ago

Six-figure bounty awarded for Linux KVM guest-to-host escape flaws

Google paid $250,000 for Januscape (CVE-2026-53359), a use-after-free flaw in Linux KVM's shadow MMU that can let a malicious guest VM break out and gain root on the host; a separate flaw, GhostLock (CVE-2026-43499), lets limited users escalate to root via futex priority-inheritance. Patches are in the Linux kernel, and users should update to mitigate the risk.

Early Probes Emerge Against Patched Gitea Docker Flaw CVE-2026-20896
security3 days ago

Early Probes Emerge Against Patched Gitea Docker Flaw CVE-2026-20896

Threat actors are probing a critical Gitea Docker vulnerability (CVE-2026-20896) that allowed unauthenticated users to impersonate others via the X-WEBAUTH-USER header when reverse-proxy trust was misconfigured; the weakness affected Gitea 1.26.2 and was fixed in 1.26.3 by removing the wildcard and requiring opt-in reverse-proxy authentication. Sysdig detected the first in-the-wild activity 13 days after disclosure across roughly 6,200 internet-facing instances; admins should patch promptly and review proxy settings.

Damascus blasts cast chill over Macron's Syria visit
world3 days ago

Damascus blasts cast chill over Macron's Syria visit

Two explosions in central Damascus wounded 18 people near Macron's hotel and convoy; authorities say devices were found and detonated by security forces, and no group has claimed responsibility, though analysts say Macron was likely the target. Macron and al-Sharaa's meetings continued as France signals plans to aid Syria's reconstruction, including banking and transport, with potential CMA CGM deals as part of broader post-conflict cooperation.

Harry’s Buckingham visit derailed by palace protocol, insiders blame the courtiers
world4 days ago

Harry’s Buckingham visit derailed by palace protocol, insiders blame the courtiers

Prince Harry arrived in London expecting to stay at Buckingham Palace, but palace staff reportedly canceled the hosting after he missed a July 3 deadline to notify them. Insiders say Charles’s courtiers orchestrated the reversal, not the king himself, as Harry continues his battle for VIP security and still hopes to privately meet his father while navigating ongoing royal tensions.

Harry's London Visit Ends With Buckingham Palace Reversal
world4 days ago

Harry's London Visit Ends With Buckingham Palace Reversal

Prince Harry arrived in Britain for a weeklong visit to promote charities and the Invictus Games, but the accommodation arrangements were in flux: his team said he had accepted an invitation to stay at Buckingham Palace for one night, only for royal officials to say he was not welcome; the palace later said it had offered lodging, but he neither confirmed nor accepted, and officials said it was too late to arrange. The episode highlights ongoing tensions within the royal family since 2020, with security arrangements reportedly limited and Meghan and the children possibly joining later in Birmingham.