Skip to main content
  1. Home
  2. Computing
  3. News

Venom’s bite could be worse than Heartbleed’s bark

Add as a preferred source on Google

According to a report released by the security firm CrowdStrike, millions of datacenters around the world could be victims of a new vulnerability that affects the software which manages floppy disk controllers on virtual machines.

Most datacenters today work by installing virtualized environments on their servers, a standard practice which allows them to save space and better optimize the way that larger and smaller companies share bandwidth between them.

Recommended Videos

The codeword for the bug, called ‘Venom’, is actually an abbreviation of the full title of the vulnerability —  the “Virtualized Environment Neglected Operations Manipulation”– which is based off which parts of the system it attacks.

A collection of virtualized machines running off one machine is what’s known as a “hypervisor”, and what makes Venom significant is its ability to use the open-source computer emulator QEMU to hijack the floppy disk controller and affect all the sandboxes under the same hypervisor umbrella.

“Millions of virtual machines are using one of these vulnerable platforms,” said CrowdStrike’s Jason Geffner, the researcher who found the bug.

Thankfully, CrowdStrike has been working closely with major datacenter providers over the past few months to get the hole patched before publicly disclosing its existence today. This approach is in stark contrast to what we saw with Heartbleed, wherein the free-for-all of patching vulnerabilities was left to whoever could jump on the pile first after the news initially broke.

So far no exploits have been detected in the wild, despite the fact that the bug has been installed in the affected systems since as early as 2004. For now, the main virtualization platforms under fire include KVM, VirtualBox, and Xen, while VMWare, Hyper-V, and Bochs hypervisors are in the clear.

With the majority of providers utilizing systems based off the latter half of this list, hopefully the threat will be reigned in before things spiral too far out of control.

Chris Stobing
Former Digital Trends Contributor
Self-proclaimed geek and nerd extraordinaire, Chris Stobing is a writer and blogger from the heart of Silicon Valley. Raised…
This new Mac malware won’t let you use your computer until you surrender your password
This Mac malware turns your own computer against you
AI Generated Image

A newly discovered strain of macOS malware is taking social engineering to an unsettling new level. Instead of exploiting a software vulnerability or silently stealing information in the background, it simply refuses to let you use your Mac until you type in your login password.

Dubbed ClickLock, the malware repeatedly shuts down key macOS processes, disables notifications, displays convincing Apple password prompts, and effectively traps users in a loop that only ends when the correct password is entered. Once that happens, it doesn't just steal the password. It goes after browser data, cryptocurrency wallets, saved credentials, password managers, and much more.

Read more
1Password lets Claude inside your accounts without handing over the keys
Claude can now sign in on your behalf while your password stays hidden, though trusting it after login is a separate decision
1Password official

1Password is giving Claude a way into your online accounts without making your passwords part of the bargain. The new 1Password for Claude integration can fill login details while keeping the credentials hidden from Anthropic’s AI agent.

Available now on Mac, the feature kicks in when Claude reaches a sign-in page during a task. Claude requests a saved login, then you approve or deny it. If approved, 1Password submits the credentials through a separate encrypted channel. Passwords and one-time codes never enter Claude’s context or Anthropic’s systems.

Read more
New open-weight AI from China is toppling the best of OpenAI and Claude Fable
Moonshot’s 2.8-trillion-parameter Kimi K3 beats Fable 5 and GPT 5.6 Sol in select benchmarks
Art, Drawing, Plant

China's Moonshot AI has launched Kimi K3, a massive 2.8-trillion-parameter model built for coding, research, reasoning, and visual tasks. Moonshot admits K3 still trails Claude Fable 5 and GPT 5.6 Sol overall. Even so, its benchmark results put it surprisingly close to both, and it finishes ahead in several tests.

How close is Kimi K3 to the best closed models?

Read more