Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, and Windows Zero-Days

The Hacker News
Open in Source
#vulnerability#web#android#windows#google#microsoft#linux#js#git#java#rce#pdf#zero_day#chrome#firefox#The Hacker News
Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, and Windows Zero-Days

A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. "Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to

CVE-2022-4221: ONEKEY identifies a command injection bug in the M25 NAS from Asus. Read the latest Security Advisory here👆

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7.

Microsoft Exchange ProxyNotShell Remote Code Execution

This Metasploit module chains two vulnerabilities on Microsoft Exchange Server that, when combined, allow an authenticated attacker to interact with the Exchange Powershell backend (CVE-2022-41040), where a deserialization flaw can be leveraged to obtain code execution (CVE-2022-41082). This exploit only supports Exchange Server 2019. These vulnerabilities were patched in November 2022.

Google Moves to Block Invasive Spanish Spyware Framework

The Heliconia hacking tool exploited vulnerabilities in Chrome, Windows Defender, and Firefox, according to company security researchers.

Google TAG Warns on Emerging Heliconia Exploit Framework for RCE

The framework has ties back to a Spanish exploit broker called Variston IT, and offers a one-stop shop for compromising Chrome, Defender and Firefox.

New Exploit Broker on the Scene Pays Premium for Signal App Zero-Days

Signal messaging app zero-day vulnerabilities have sparked a $1.5M bidding match, as gray-market exploit brokers flourish in today's geopolitical climate.

CVE-2022-36962: SolarWinds Trust Center Security Advisories | CVE-2022-36962

SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.

A Ride on the Wild Side with Hacking Heavyweight Sick Codes

Beverage of Choice: Krating Daeng (Thai Red Bull) Industry Influencer he Admires: Casey John Ellis What did you want to be when you grew up? A physician and nearly did Hobbies (Present & Past): Motorcycling & Australian Football Bucket List: Continuing to discover new software Fun Fact: He currently has 2,000 tabs open “People keep 
 A Ride on the Wild Side with Hacking Heavyweight Sick Codes Read More »