Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, and Windows Zero-Days

A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. "Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to

The Hacker News
Open in Source
#vulnerability#web#android#windows#google#microsoft#linux#js#git#java#rce#pdf#zero_day#chrome#firefox#The Hacker News
Google Moves to Block Invasive Spanish Spyware Framework

The Heliconia hacking tool exploited vulnerabilities in Chrome, Windows Defender, and Firefox, according to company security researchers.

Google TAG Warns on Emerging Heliconia Exploit Framework for RCE

The framework has ties back to a Spanish exploit broker called Variston IT, and offers a one-stop shop for compromising Chrome, Defender and Firefox.

CVE-2022-44151: bug_report/SQLi-1.md at main · li-baige/bug_report

Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php.

Critical Quarkus Flaw Threatens Cloud Developers With Easy RCE

Red Hat has issued patches for a bug in an open source Java virtual machine software that opens the door to drive-by localhost attacks. Patch now, as it's easy for cyberattackers to exploit.

CVE-2022-4231: bug-report/vendors/tribalsystems/zenario/session-fixation at main · lithonn/bug-report

A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. This issue affects some unknown processing of the component Remember Me Handler. The manipulation leads to session fixiation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214589 was assigned to this vulnerability.

CVE-2022-4229: bug-report/vendors/oretnom23/bsms_ci/broken-access-control at main · lithonn/bug-report

A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214588.

Chinese Cyber Espionage Hackers Using USB Devices to Target Entities in Philippines

A threat actor with a suspected China nexus has been linked to a set of espionage attacks in the Philippines that primarily relies on USB devices as an initial infection vector. Mandiant, which is part of Google Cloud, is tracking the cluster under its uncategorized moniker UNC4191. An analysis of the artifacts used in the intrusions indicates that the campaign dates as far back as September