Dell zero-day flaw unpatched for nearly two years

Kiswahili

A security vulnerability in Dell software has reportedly remained unpatched for almost two years, allowing Chinese hackers to exploit it. The flaw involves hardcoded login credentials in a tool, raising concerns about data security.

Reports indicate that a zero-day flaw in Dell's software has gone unpatched for nearly two years, creating a significant security risk. According to TechRadar, this vulnerability stems from login credentials being hardcoded in a tool, which has reportedly been exploited by Chinese hackers.

The issue highlights ongoing challenges in software patching, particularly for enterprise tools where such oversights can lead to unauthorized access. No specific details on the affected products or the extent of exploitation were provided in the initial reports, but the duration of the unpatched status—nearly two years—underscores the urgency for remediation.

Dell has not yet issued a public response in the available information, leaving users potentially exposed. Cybersecurity experts emphasize the importance of timely updates to mitigate such risks, especially when state-sponsored actors are involved.

This incident adds to a series of supply chain vulnerabilities in major tech firms, reminding organizations to audit third-party tools rigorously.

Makala yanayohusiana

Russian hackers exploit Microsoft Office vulnerability days after patch

Russian state-sponsored hackers quickly weaponized a newly patched Microsoft Office flaw to target organizations in nine countries. The group, known as APT28, used spear-phishing emails to install stealthy backdoors in diplomatic, defense, and transport entities. Security researchers at Trellix attributed the attacks with high confidence to this notorious cyber espionage unit.

Alleged Chinese data breach exposes 8.7 billion records

Imeripotiwa na AI

A massive data breach in China has reportedly spilled 8.7 billion records after a gigantic database was left unlocked on the internet. The incident, detailed in recent reports, highlights vulnerabilities in data security practices. Authorities are yet to confirm the full extent of the exposure.

Teknolojia

Microsoft patches critical ASP.NET Core vulnerability on macOS and Linux

Teknolojia

Zyxel warns of critical RCE flaw in over a dozen routers

Teknolojia

Researchers uncover leaked API keys on nearly 10,000 websites

More than 40,000 WordPress sites affected by malware flaw

A vulnerability in a popular WordPress quiz plugin has impacted over 40,000 sites, allowing potential SQL injection attacks. Security researchers have identified the flaw, urging site owners to check for exposure. The issue was reported on February 4, 2026.

WordPress plugin Ally carries SQL injection flaw risking 250,000 sites

Imeripotiwa na AI

A security vulnerability in the WordPress plugin Ally has been identified as an SQL injection flaw. This issue could potentially affect up to 250,000 websites using the plugin. The flaw was reported in a TechRadar article published on March 12, 2026.

Jumatano, 15. Mwezi wa nne 2026, 01:04:32

Inditex reports unauthorized access to internal databases

Ijumaa, 3. Mwezi wa nne 2026, 10:14:58

OpenClaw patches severe vulnerability granting admin access

Jumamosi, 28. Mwezi wa tatu 2026, 10:39:36

Hong Kong prison department's IT system hacked, 6,800 employees' data compromised

Ijumaa, 13. Mwezi wa tatu 2026, 18:03:59

Veeam patches three critical security flaws in backup servers

Jumatano, 11. Mwezi wa tatu 2026, 14:00:34

Google report warns of shifting cloud threat landscape

Jumanne, 17. Mwezi wa pili 2026, 02:30:36

Research uncovers flaws in password managers' zero-knowledge claims

Jumanne, 10. Mwezi wa pili 2026, 10:59:26

BeyondTrust RCE flaw enables code execution without login

Jumatatu, 9. Mwezi wa pili 2026, 21:38:38

Photo ID apps leak user data affecting over 150,000

Alhamisi, 5. Mwezi wa pili 2026, 15:05:32

Critical flaws discovered in n8n workflow tool

Jumatatu, 2. Mwezi wa pili 2026, 10:02:41

Canada Computers reveals customer data breach

Tovuti hii inatumia vidakuzi

Tunatumia vidakuzi kwa uchambuzi ili kuboresha tovuti yetu. Soma sera ya faragha yetu kwa maelezo zaidi.
Kataa