#zero_day

An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to gain access to the system with the highest authority possible and gain full control over the FileWave platform.

Security professionals can now achieve real-time protection for their workloads in minutes.

Plus: The FCC cracks down on car warranty robocalls, Thai activists get targeted by NSO's Pegasus, and the Russia-Ukraine cyberwar continues.

Candiru attackers breached a news agency employee website to target journalists with DevilsTongue spyware, researchers say.

Open source security expert warns there is still a ‘long road’ ahead to prepare for the next attack wave

By Deeba Ahmed The spyware vendor Candiru used the Chrome zero-day in March 2022 to target journalists and other unsuspected victims… This is a post from HackRead.com Read the original post: Israeli Spyware Vendor Uses Chrome 0day to Target Journalists

The actively exploited but now-fixed Google Chrome zero-day flaw that came to light earlier this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East. Czech cybersecurity firm Avast linked the exploitation to Candiru (aka Saito Tech), which has a history of leveraging previously unknown flaws to deploy a Windows malware dubbed

The CloudMensis spyware, which can lift reams of sensitive information from Apple machines, is the first Mac malware observed to exclusively rely on cloud storage for C2 activities.

A study of the unregulated dark markets shows that the vast majority of malware, exploits, and attacker tools sell for less than $10, giving would-be criminals a fast entry point.

Apple on Wednesday rolled out software fixes for iOS, iPadOS, macOS, tvOS, and watchOS to address a number of security flaws affecting its platforms. This includes at least 37 flaws spanning different components in iOS and macOS that range from privilege escalation to arbitrary code execution and from information disclosure to denial-of-service (DoS). Chief among them is