A hacker injected malicious wiping commands into version 1.84.0 of the Amazon Q extension for Visual Studio Code. Amazon removed the vulnerable version and released an update, stating that no customer resources were impacted.
A new vulnerability in Kigen eUICC cards exposes billions of IoT devices to attacks through flaws in eSIM profile management. The vulnerability allows the installation of malicious JavaCard applets, jeopardizing the confidentiality of mobile network operator data and allowing interception of communications. A security patch has been released.
Two years after its initial discovery, a critical vulnerability in Microsoft's Entra ID, known as nOAuth, continues to expose thousands of SaaS applications to potential account takeovers. New research from Semperis reveals the flaw, which bypasses standard defenses, remains a severe and active threat.
