April 8, 2024 at 07:36AM Google has introduced a new sandbox to combat memory safety bugs in its Chrome V8 engine. The tech giant also included it in the bug bounty program, aiming to enhance the browser’s security. This update was featured on SecurityWeek. Based on the meeting notes, it appears that Google is implementing … Read more
April 4, 2024 at 11:46AM A researcher was awarded a $5,500 bug bounty for identifying a vulnerability (CVE-2024-2879) in LayerSlider, a widely used plug-in with over a million active installations. The meeting notes indicate that a researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a … Read more
April 3, 2024 at 09:18AM A critical SQL injection vulnerability in the LayerSlider plugin, tracked as CVE-2024-2879 with a CVSS score of 9.8, allows unauthenticated attackers to extract sensitive information from website databases. The issue was reported through Defiant’s bug bounty program, and a $5,500 reward was given to the reporting researcher. Users are advised … Read more
April 3, 2024 at 07:12AM Google announced a new Chrome update addressing a high-severity CVE-2024-3159 bug, exploited at Pwn2Own 2024. The update also resolves two other vulnerabilities and follows last week’s update fixing CVE-2024-2886 and CVE-2024-2887 flaws. This latest iteration is now rolling out for Windows, macOS, and Linux, and users are advised to update … Read more
March 27, 2024 at 10:54AM Google released a Chrome browser security update addressing seven vulnerabilities, with four reported by external researchers. The most severe is a use-after-free bug in ANGLE, resulting in a $10,000 bug bounty. Three other high-severity issues were noted, including two zero-day vulnerabilities exploited at the Pwn2Own Vancouver 2024 hacking contest. The … Read more
March 25, 2024 at 06:18AM Mozilla has released updates for the Firefox browser to fix two zero-day vulnerabilities that were exploited at the Pwn2Own Vancouver 2024 hacking contest. The first vulnerability allows for bypass of range analysis, while the second issue leads to a sandbox escape. Both vulnerabilities are considered critical and were patched in … Read more
March 21, 2024 at 09:45AM Microsoft has released a patch for an Xbox vulnerability (CVE-2024-2891) categorized as ‘important’ severity, allowing local attackers with low privileges to escalate to System. The fix is automatically delivered to users with automatic updates enabled. This follows initial reluctance by Microsoft to acknowledge the issue, which was later publicly disclosed … Read more
March 20, 2024 at 08:57AM Google and Mozilla released web browser security updates addressing dozens of vulnerabilities, including critical and high-severity flaws. Chrome 123 fixes 12 bugs, one high-severity. The update also resolves medium and low-severity vulnerabilities. Google paid $22,000 in bug bounty rewards and released Chrome version 123.0.6312.58 for Linux and versions 123.0.6312.58/.59 for … Read more
March 19, 2024 at 07:30PM Security researchers discovered nearly 19 million plaintext passwords exposed due to misconfigured Firebase instances, with millions of sensitive user records including emails, names, phone numbers, and billing information. The trio of researchers scanned over five million domains and found 916 websites with inadequate security rules. They alerted impacted companies and … Read more
March 19, 2024 at 05:15PM The U.S. Department of Defense Cyber Crime Center has processed its 50,000th vulnerability report from 5,635 researchers since 2016. DC3 launched its Vulnerability Disclosure Program following ‘Hack-the-Pentagon’ to engage ethical hackers continuously. VDP’s success includes discovering and mitigating 400 significant security flaws in a special 12-month program with Defense Counterintelligence … Read more