ExtremeTech

Google finds critical vulnerability in SSL 3.0 called POODLE

Google has released the details on a new SSL 3.0 bug, codenamed Poodle, that threatens all modern browsers with a man-in-the-middle attack -- and the only solution is to disable the old handshake ...
Network World

SSL hack vulnerability details to emerge

The vulnerability means that attackers can lurk in the middle of what victims think are secure SSL sessions with banks, retailers and other secure Web sites, picking off passwords and other ...
Dark Reading

New Zombie 'POODLE' Attack Bred from TLS Flaw

Turns out a major design flaw discovered and patched five years ago in the old SSL 3.0 encryption protocol, which exposed secure sessions to the so-called POODLE attack, didn't really die: A ...
Infosecurity-magazine.com

Fortinet Addresses Critical FortiGate SSL-VPN Vulnerability

Network security solution provider Fortinet has patched a critical bug in its FortiOS and FortiProxy SSL-VPN software that could be exploited to hijack equipment. The vulnerability, identified as ...
eWeek

Signs Point to Worm Attack on SSL Vulnerability

Gov. Gavin Newsom signs SB 243, the first US law setting child-safety rules for AI chatbots, from crisis redirects to transparency requirements. Hollywood pushes back against OpenAI’s Sora 2 as ...
Ars Technica

OpenSSL 3 patch, once Heartbleed-level “critical,” arrives as a lesser “high”

An OpenSSL vulnerability once signaled as the first critical-level patch since the Internet-reshaping Heartbleed bug has just been patched. It ultimately arrived as a “high” security fix for a buffer ...
Dark Reading

Misconfigurations, Vulnerabilities Found in 95% of Applications

Nearly every application has at least one vulnerability or misconfiguration that affects security and a quarter of application tests found a highly or critically severe vulnerability, a new study ...