August 26, 2024 at 07:30AM Cybersecurity researchers have identified over 20 vulnerabilities in machine learning (ML) software supply chain, posing severe risks like arbitrary code execution and dataset loading. These affect MLOps platforms and ML libraries, like MLFlow and Seldon Core, enabling attackers to execute code and move laterally. The disclosure emphasizes the need for … Read more
August 13, 2024 at 01:45PM Adobe released 72 security vulnerability fixes for various products, warning Windows and macOS users of code execution and denial-of-service risks. Critical flaws were addressed in Adobe Acrobat, Reader, Illustrator, Photoshop, InDesign, Commerce, Bridge, Substance 3D Stager, Substance 3D Sampler, Substance 3D Designer, and InCopy, urging users to update to the … Read more
August 6, 2024 at 01:16PM Samsung has introduced the new ‘Important Scenario Vulnerability Program’ for its mobile devices, offering bug bounty rewards of up to $1,000,000 for critical attack demonstrations. Highlighted payouts include rewards for arbitrary code execution and unlocks with data extraction. In 2023, Samsung paid security researchers $827,925 and aims to break records … Read more
July 9, 2024 at 01:04PM Adobe has released critical patches for code execution bugs in Adobe Premiere Pro, Adobe InDesign, and Adobe Bridge on Windows and macOS. The vulnerabilities pose significant security risks. This information was reported by SecurityWeek. Based on the meeting notes, it seems that Adobe has identified at least seven code execution … Read more
June 12, 2024 at 12:45PM Fortinet has released patches for multiple vulnerabilities in FortiOS, including stack-based buffer overflow flaws leading to unauthorized code execution. The most severe issue, CVE-2024-23110, impacts FortiOS 6.x and 7.x. Other vulnerabilities include CVE-2024-26010, CVE-2023-46720, and CVE-2024-3661. Customers are advised to upgrade to fixed releases to mitigate potential exploitation. Based on … Read more
June 11, 2024 at 02:36PM Adobe has released fixes for critical vulnerabilities, addressing the risk of code execution attacks on Windows and macOS platforms. The vulnerabilities were identified in After Effects and Illustrator. This highlights the importance of applying patches promptly to mitigate potential security threats. Upon review of the meeting notes, it appears that … Read more
May 21, 2024 at 07:09AM A critical security flaw in the llama_cpp_python Python package (CVE-2024-34359, codenamed Llama Drama) allows threat actors to execute arbitrary code, posing a risk to data and operations. Another high-severity flaw in Mozilla’s PDF.js library permits JavaScript execution in the PDF.js context. Both issues have been addressed in recent software updates. … Read more
May 1, 2024 at 11:21AM Google has raised the bug bounty rewards for its Mobile VRP, offering up to $450,000 for a single vulnerability report meeting certain criteria. Researchers can earn up to $150,000 for code execution flaws in Tier 2 apps and $45,000 for issues in Tier 3 apps. Reports without proposed patches may … Read more
April 30, 2024 at 09:07PM The open source R programming language has fixed a critical CVE-2024-27322 vulnerability that could allow arbitrary code execution. The flaw was closed in version 4.4.0 of R Core, and it’s recommended to upgrade. The exploit could compromise the software supply chain and trigger hidden payload even just by opening the … Read more
April 30, 2024 at 02:53PM A new vulnerability discovered in R programming language (CVE-2024-27322) allows arbitrary code execution through specially crafted RDS and RDX files. This poses a significant threat due to extensive usage in critical sectors. It’s recommended to update to R Core v4.4.0 for mitigation, which restricts promise usage in serialization to prevent … Read more