April 30, 2024 at 02:35PM Google has increased rewards for reporting remote code execution vulnerabilities in select Android apps, now offering up to $450,000. The company aims to focus on flaws leading to data theft, paying $75,000 for such exploits. The changes to the Mobile Vulnerability Rewards Program also include bonuses for exceptional quality reports … Read more
April 29, 2024 at 10:00AM A security vulnerability, CVE-2024-27322, has been discovered in the R programming language, enabling threat actors to execute malicious code via RDS files. This flaw, fixed in version 4.4.0, could lead to supply chain attacks through compromised R packages. AI security firm HiddenLayer reported the issue, emphasizing the importance of updating … Read more
April 11, 2024 at 02:09AM Fortinet has released patches for the critical security flaw in FortiClientLinux (CVE-2023-45590) with a CVSS score of 9.4. The vulnerability allows arbitrary code execution through a malicious website. Versions 7.0.3 through 7.0.10 are affected, requiring an upgrade to 7.0.11 or higher. Other security issues were also addressed, urging users to … Read more
April 9, 2024 at 01:42PM Adobe issued urgent security updates for its enterprise products, including Adobe Commerce and Magento Open Source, to address code execution vulnerabilities that hackers could exploit. The company also fixed security flaws in Adobe Experience Manager, Adobe Media Encoder, Adobe After Effects, Adobe Photoshop, Adobe InDesign, and Adobe Animate through Patch … Read more
March 27, 2024 at 03:00PM NVIDIA issued urgent patches for two high-risk vulnerabilities in its ChatRTX for Windows app, which could lead to code execution and data tampering attacks. The flaws, with severity scores of 8.2/10 and 6.5/10, impact versions 0.2 and earlier. The app is used for connecting PC LLMs to data using retrieval-augmented … Read more
March 13, 2024 at 06:33AM Fortinet announced patches for critical vulnerabilities in its network security and management products. The flaws, including CVE-2023-42789 and CVE-2023-48788, could lead to code execution and were resolved in various product versions. Additionally, high-severity and medium-severity bugs were also patched. Users are urged to apply the patches promptly to avoid potential … Read more
February 14, 2024 at 09:03AM AMD and Intel released patches for over 100 vulnerabilities, including 21 high-severity vulnerabilities, in their processors and software products. AMD addressed flaws in embedded processors, SEV firmware, and UltraScale and UltraScale+ FPGA series devices. Intel issued patches for various drivers, device firmware, Ethernet tools, and software products, resolving a total … Read more
February 13, 2024 at 01:03PM Adobe released patches for 30 security vulnerabilities in various products, including Adobe Acrobat, Reader, and Magento Open Source, among others. Users are at risk of code execution, security feature bypass, and denial-of-service attacks. The urgent patches address critical flaws and code execution bugs, with Adobe’s assurance of no known exploits … Read more
January 16, 2024 at 04:24PM Google has released an urgent Chrome browser update to address three high-severity security flaws, warning that one is currently being exploited in the wild. The exploited zero-day, CVE-2024-0519, is an out-of-bounds memory access issue in the V8 JavaScript engine. The update also covers two additional high-risk memory safety issues. This … Read more
January 16, 2024 at 02:14PM Google has released security updates to address the first Chrome zero-day vulnerability (CVE-2024-0519) exploited since the beginning of the year. This high-severity flaw in the Chrome V8 JavaScript engine allows attackers to access sensitive data, trigger crashes, and potentially execute arbitrary code. Google also fixed two other vulnerabilities (CVE-2024-0517 and … Read more