Exploited Chrome Zero-Day Patched by Google

May 10, 2024 at 08:45AM Google released Chrome 124 update, addressing a zero-day vulnerability, tracking as CVE-2024-4671, a high-severity use-after-free bug in the Visuals component. The patch came just two days after the bug was reported by an anonymous researcher. No bug bounty information was provided. This is the second Chrome vulnerability of 2024 being … Read more

Mozilla fixes $100,000 Firefox zero-days following two-day hackathon

March 25, 2024 at 11:04AM Mozilla quickly patched two critical Firefox zero-day vulnerabilities after they were demonstrated by researcher Manfred Paul at the Pwn2Own event in Vancouver. The bugs, rated “critical,” allowed for out-of-bounds read/write and privileged code execution. Mozilla released Firefox 124.0.1 to address the vulnerabilities, with some users encountering upgrade issues. Paul earned … Read more

US Gov Expects Widespread Exploitation of Atlassian Confluence Vulnerability

October 17, 2023 at 07:12AM The US cybersecurity agency CISA, together with the FBI and MS-ISAC, has issued a warning about a zero-day vulnerability in Atlassian Confluence Data Center and Server. Tracked as CVE-2023-22515, the flaw has been exploited by a nation-state threat actor since September 14. It allows unauthorized access, creation of administrative accounts, … Read more