August 30, 2024 at 01:05PM Google’s Threat Analysis Group (TAG) discovered a series of exploit campaigns perpetrated by a Russian-backed threat actor targeting the Mongolian government websites, delivering mobile exploits previously utilized by commercial spyware vendors Intellexa and NSO Group. The campaigns aimed to hijack visitors’ devices by exploiting iOS and Chrome vulnerabilities, posing an … Read more
August 20, 2024 at 11:43AM The FBI confirmed Iran’s involvement in cyberattacks on former President Donald Trump’s adviser, part of a wider campaign targeting US 2024 presidential elections. Security agencies attributed the attacks to “increasingly aggressive Iranian activity” and warned of continued efforts to disrupt the election. This follows previous reports by Microsoft and Google, … Read more
May 24, 2024 at 05:09AM Google has released a new Chrome update to fix a high-severity vulnerability, CVE-2024-5274, making it the fourth zero-day patched in two weeks. The exploit exists in the wild, and no bug bounty will be given for its discovery. Google urges users to update to the latest Chrome release, version 125.0.6422.112. … Read more
January 3, 2024 at 07:58AM The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to its Known Exploited Vulnerabilities catalog. The first vulnerability, CVE-2023-7101, affects the Spreadsheet::ParseExcel library, allowing remote code execution. The second vulnerability, CVE-2023-7024, is a heap buffer overflow issue in WebRTC in Google Chrome. Federal agencies have until January 23 … Read more
December 20, 2023 at 04:44PM Google has released emergency updates to address the eighth Chrome zero-day vulnerability of the year, CVE-2023-7024, which was exploited in targeted attacks. The bug, discovered by Google’s Threat Analysis Group, affects the open-source WebRTC framework and poses a high-severity risk due to a heap buffer overflow weakness. Google aims to … Read more
November 29, 2023 at 12:18AM Google patched seven Chrome security issues, including an actively exploited zero-day (CVE-2023-6345) in the Skia graphics library. Users should update to the latest version to prevent potential threats. This marks the sixth zero-day patched in 2023. Chromium-based browser users should also update. Meeting Takeaways: 1. Google has issued security updates … Read more
November 17, 2023 at 11:11AM Threat actors exploited a zero-day vulnerability in Zimbra Collaboration email server to steal sensitive data from government systems in multiple countries. The vulnerability, known as CVE-2023-37580, allowed the hackers to perform email forwarding, steal credentials, and lead victims to phishing pages. The attacks took place before Zimbra released an official … Read more
October 18, 2023 at 12:49PM Google’s Threat Analysis Group has identified state-backed hacking groups, including Sandworm, APT28, and APT40, exploiting a vulnerability in WinRAR, a popular compression software. The bug allows attackers to execute arbitrary code on users’ systems. Despite a patch being available, many users remain vulnerable. The bug has been exploited since April, … Read more