“Researchers” exploit Kraken exchange bug, steal $3 million in crypto

June 19, 2024 at 10:54AM Kraken crypto exchange experienced a breach when alleged security researchers exploited a zero-day bug, stealing $3 million in cryptocurrency. The bug allowed unauthorized deposits and fund withdrawals. After fixing the bug, three individuals, one claiming to be a researcher, refused to return the stolen funds, demanding a business call instead. … Read more

New Windows Event Log zero-day flaw gets unofficial patches

February 1, 2024 at 10:42AM Free unofficial patches are available for the Windows zero-day flaw, EventLogCrasher, impacting all versions from Windows 7 to Windows 11 and server editions. The vulnerability allows attackers to remotely crash the Event Log service, impacting Security Information and Event Management systems. 0patch has launched micropatches for affected systems until an … Read more

Ivanti warns of new Connect Secure zero-day exploited in attacks

January 31, 2024 at 08:48AM Ivanti has warned of two vulnerabilities affecting Connect Secure, Policy Secure, and ZTA gateways. The first vulnerability (CVE-2024-21893) is a zero-day bug allowing server-side request forgery, granting unauthorized access. The second flaw (CVE-2024-21888) enables privilege escalation. Ivanti has released security patches and mitigation measures. Threat actors have exploited these vulnerabilities, … Read more

Uh-oh, update Google Chrome – exploit already out there for one of these 6 security holes

November 30, 2023 at 03:48PM Google has released an urgent Chrome update to fix six security vulnerabilities, including an actively exploited zero-day flaw (CVE-2023-6345) relating to the Skia graphics library. Spyware risks are implied. Zyxel also patched critical issues affecting NAS devices. Users are urged to promptly update Chrome to mitigate security threats. Meeting Takeaways: … Read more

Over 10,000 Cisco devices hacked in IOS XE zero-day attacks

October 17, 2023 at 04:49PM More than 10,000 Cisco IOS XE devices have been compromised and infected with malicious implants through a zero-day bug. The vulnerability has been exploited in attacks on devices running Cisco IOS XE software with the Web User Interface feature and HTTP/HTTPS Server feature enabled. Security company VulnCheck has released a … Read more