June 19, 2024 at 07:21AM Google announced an update to Chrome 126 containing six security fixes, including four high-severity vulnerabilities reported by external researchers. The first bug, CVE-2024-6100, was reported by Seunghyun Lee at the TyphoonPWN 2024 hacking competition, earning a $20,000 bug bounty. The update also addresses other high-severity flaws and is now rolling … Read more
June 12, 2024 at 06:18AM Google and Mozilla released Chrome 126 and Firefox 127, respectively, with patches for high-severity memory safety vulnerabilities. Google awarded over $160,000 in bug bounty rewards to external researchers. The highest reward of $100,115 was for CVE-2024-5839, related to a medium-severity inappropriate Memory Allocator implementation. Firefox’s update addresses 15 vulnerabilities, including … Read more
June 11, 2024 at 03:32PM Microsoft released Windows Server 2022 KB5039227 and Windows Server 2019 KB5039217 updates as part of June 2024 Patch Tuesday, fixing 51 vulnerabilities. The latter resolves LSASS process crashes and memory leaks, with no known issues, while the former fixes additional bugs including SMB over QUIC issues and Outlook search problems, … Read more
May 23, 2024 at 01:50PM GitLab addressed a high-severity XSS vulnerability allowing unauthenticated attackers to compromise user accounts. Additionally, six medium-severity flaws were fixed, including a CSRF issue and a denial-of-service bug. These vulnerabilities allowed for account takeovers and disruption of services. GitLab urged immediate software updates due to potential impacts on sensitive data and … Read more
May 17, 2024 at 08:09AM Seven Windows privilege escalation vulnerabilities discovered at Pwn2Own 2024 remain unpatched by Microsoft, with only one fix issued so far. Trend Micro’s Zero Day Initiative, which oversees Pwn2Own, notes the potential threat these bugs pose. Microsoft’s lag in resolving these issues contrasts with prompt actions by other tech companies, prompting … Read more
May 14, 2024 at 01:33AM Apple and Google have jointly launched a new feature, “Detecting Unwanted Location Trackers” (DULT), to notify users if a Bluetooth tracking device is being used without their knowledge. This move addresses privacy and safety concerns, particularly due to reports of such devices being misused for nefarious purposes. Additionally, Apple has … Read more
February 16, 2024 at 01:36PM SolarWinds patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities allowing unauthenticated exploitation. Four flaws were found and reported by researchers. The company also fixed three other critical RCE bugs in October. SolarWinds was charged with defrauding investors by failing … Read more
January 9, 2024 at 01:57PM Microsoft released the Windows 11 KB5034123 update for versions 23H2 and 22H2, addressing Wi-Fi bug and displaying the smart card issue. The update is mandatory and can be installed through Windows Update or directly from Microsoft Update Catalog. It also includes build number updates for Windows versions and other improvements, … Read more
January 8, 2024 at 02:33AM Summary: Meta introduces a new feature, Link History, to gather user data for targeted advertising. Security teams are addressing critical vulnerabilities in Chrome and other software, while Twitter accounts of security firms Mandiant and CertiK are hijacked for crypto scams. Additionally, a Nigerian national is awaiting extradition to the US … Read more
December 12, 2023 at 01:47PM Microsoft has released a new update for Windows 11 versions 23H2 and 22H2 (KB5033375) to enhance security and improve Copilot. The December 2023 Update, Build 22631.2861, introduces features like Copilot for multiple displays and Alt-Tab. It also includes fixes for 36 key issues and updates to Dynamic Lighting. Known issues … Read more