July 18, 2024 at 09:45AM Cybersecurity researchers have discovered an adware called HotPage, capable of running arbitrary code on Windows hosts. The malware intercepts and modifies browser traffic, displaying ads and redirecting webpages. It exfiltrates system information to a Chinese company’s server and exploits a Microsoft Windows policy loophole. HotPage’s kernel component is signed by … Read more
June 25, 2024 at 09:44AM A critical vulnerability in discontinued Zyxel NAS devices, tracked as CVE-2024-29973, allows for remote code execution through crafted HTTP POST requests. Exploited by a Mirai-like botnet, the flaw was discovered by security researcher Timothy Hjort. Zyxel released patches for the vulnerability, urging users to update devices or consider replacing them. … Read more
January 16, 2024 at 09:12AM Vulnerability in Opera browser feature My Flow allowed remote code execution. Guardio Labs found old, vulnerable landing pages and created a proof-of-concept to execute malicious code. The issue was resolved in November 2023. Opera confirmed the vulnerability and deployed a fix. No evidence of in-the-wild exploitation was found. Opera is … Read more
January 8, 2024 at 08:36AM Security researchers warn that tens of thousands of public GitHub repositories are vulnerable to malicious code injection via self-hosted GitHub Actions runners, posing high-impact supply chain attack risks. These attacks can be launched using self-hosted runners, allowing malicious code execution and persistence. Exploitation of this vulnerability has led to significant … Read more
December 13, 2023 at 05:42AM UK-based cybersecurity firm Sophos announced patches for a critical code injection vulnerability in Firewall versions 19.0 MR1 and older, giving attackers the ability to execute remote code. The company also warned of a new exploit and urged organizations to update to supported versions to mitigate the risk. Additionally, patches have … Read more
November 24, 2023 at 10:40AM The owner of OpenCart, an e-commerce store management system, has responded hostilely to a security researcher who disclosed a vulnerability in the product. The researcher, Mattia Brollo, tried to contact OpenCart for nearly a month through various channels before receiving dismissive and offensive responses from the owner, Daniel Kerr. OpenCart … Read more