May 24, 2024 at 06:35PM The pcTattletale spyware website was hacked, and databases and source code data were leaked, exposing a serious security flaw. Despite attempts to contact the developers, the vulnerability remains unresolved. A security researcher discovered the flaw and exposed it, prompting a hacker to deface the website and leak data. Meanwhile, the … Read more
May 10, 2024 at 04:09AM Google has released a security update for the Chrome browser to fix the fifth zero-day vulnerability of 2024, which is a high-severity “user after free” issue in the Visuals component. The update addresses potential data leakage, code execution, and crashes. Users are advised to confirm they have the latest version … Read more
May 8, 2024 at 05:56PM The University System of Georgia (USG) is sending data breach notifications to 800,000 individuals exposed in the 2023 Clop MOVEit attacks. The breach impacted sensitive information, including social security numbers, and USG is offering identity protection and fraud detection services through Experian until July 31, 2024. The incident highlights the … Read more
April 29, 2024 at 10:00AM A security vulnerability, CVE-2024-27322, has been discovered in the R programming language, enabling threat actors to execute malicious code via RDS files. This flaw, fixed in version 4.4.0, could lead to supply chain attacks through compromised R packages. AI security firm HiddenLayer reported the issue, emphasizing the importance of updating … Read more
April 24, 2024 at 09:33AM Security researchers and CrushFTP warn of a critical sandbox escape flaw (CVE-2024-4040) in version 11.1 of the multiprotocol, multiplatform, cloud-based file transfer server. The vulnerability has been actively exploited and potentially politically motivated, leading to intelligence gathering attacks on US organizations. Publicly available exploit code raises high risks, urging immediate … Read more
April 16, 2024 at 11:07AM The PuTTY version 0.68 through 0.80 contains a vulnerability (CVE-2024-31497) that could allow attackers with access to 60 cryptographic signatures to recover the private key used for their generation. It affects systems using ECDSA keys and could be exploited to gain unauthorized access to SSH servers or sign commits as … Read more
April 8, 2024 at 06:23PM Attackers target over 92,000 unpatched end-of-life D-Link NAS devices with a critical remote code execution vulnerability. Exploiting a hardcoded account and command injection flaw, threat actors deploy a Mirai malware variant to create botnets for large-scale DDoS attacks. D-Link has ceased support for these devices, advising owners to retire or … Read more
April 5, 2024 at 01:24PM Magecart attackers have devised a new method of implanting persistent backdoors in e-commerce websites to automatically deploy malware. They exploit a critical command injection vulnerability in the Adobe Magento e-commerce platform to execute arbitrary code, using a layout template to inject malware into compromised sites. Upgrading to specific versions of … Read more
April 4, 2024 at 08:03AM New research has revealed a vulnerability in the HTTP/2 protocol, named HTTP/2 CONTINUATION Flood, which can be exploited to conduct denial-of-service (DoS) attacks. The issue affects multiple HTTP/2 implementations and could lead to server crashes, performance degradation, and memory exhaustion. Upgrading affected software or temporarily disabling HTTP/2 is recommended. After … Read more
March 26, 2024 at 08:48AM Apple has issued security updates for iOS and macOS to fix an arbitrary code execution vulnerability affecting CoreMedia and WebRTC components. This issue, also impacting the dav1d AV1 decoder, can lead to memory corruption and arbitrary code execution. The company credited Google Project Zero researcher Nick Galloway for reporting the … Read more