Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

The growth of commercial spyware based intelligence providers without legal or ethical supervision

Commercial spyware has become so notorious that international governments are taking notice and action against it, as evidenced by the Biden administration’s recent Executive Order on commercial spyware.

TALOS
Open in Source
#vulnerability#android#apple#google#cisco#git#intel#asus#auth#zero_day#sap
Critical RCE Vulnerability Puts 330,000 Fortinet Firewalls at Risk

By Deeba Ahmed The vulnerability has a CVSS score of 9.8 out of 10, is a critical security bug that affects Fortinet appliances and has been actively exploited in the wild. This is a post from HackRead.com Read the original post: Critical RCE Vulnerability Puts 330,000 Fortinet Firewalls at Risk

Update Android now! Google patches three actively exploited zero-days

Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Android Tags: 2023-07-05 Tags: CVE2021-29256 Tags: CVE-2023-26083 Tags: CVE-2023-2136 Tags: CVE-2023-21250 Tags: ARM Tags: Skia Google has patched 43 vulnerabilities in Android, three of which are actively exploited zero-day vulnerabilities. (Read more...) The post Update Android now! Google patches three actively exploited zero-days appeared first on Malwarebytes Labs.

Cl0p's MOVEit Campaign Represents a New Era in Cyberattacks

The ransomware group shows an evolution of its tactics with MOVEit zero-day — potentially ushering in a new normal when it comes to extortion supply chain cyberattacks, experts say.

Zero-Day Exploit Threatens 200,000 WordPress Websites

By Habiba Rashid Tracked as CVE-2023-3460, the zero-day vulnerability possesses a CVSS score of 9.8, indicating its severity. This is a post from HackRead.com Read the original post: Zero-Day Exploit Threatens 200,000 WordPress Websites

GHSA-462x-c3jw-7vr6: Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution

### Impact An attacker can use this prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. ### Patches Prevent prototype pollution in MongoDB database adapter. ### Workarounds Disable remote code execution through the MongoDB BSON parser. ### Credits - Discovered by hir0ot working with Trend Micro Zero Day Initiative - Fixed by dbythy - Reviewed by mtrezza ### References - https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6 - https://github.com/advisories/GHSA-prm5-8g2m-24gg

Iran-Linked APT35 Targets Israeli Media With Upgraded Spear-Phishing Tools

The APT35 group (aka Charming Kitten) has added backdoor capabilities to their spear-phishing payloads — and targeted an Israeli reporter with it.

Perception Point Unveils AI Model to Thwart Generative AI-Based BEC Attacks

The detection model identifies LLM patterns to counter the rising abuse of generative AI in social engineering attacks.

WatchGuard Threat Lab Report Reveals New Browser-Based Social Engineering Trends

Key findings from the research also show three of the four new malware threats on this quarter's top-ten list originated in China and Russia, living-off-the-land attacks on the rise, and more.