July 1, 2024 at 05:02PM Google will reward security researchers who can perform a guest-to-host attack using a zero-day vulnerability in the KVM open source hypervisor. The meeting notes indicate that if security researchers are able to carry out a guest-to-host attack by exploiting a zero-day vulnerability in the KVM open source hypervisor, Google is … Read more
June 20, 2024 at 06:35AM The ransomware gang responsible for the London hospitals attack has expressed no remorse and claimed the attack was deliberate and politically motivated. Experts have questioned the political explanation, suggesting the gang is financially motivated. The gang has demanded a $50 million ransom and claimed to have gained access using a … Read more
June 4, 2024 at 05:59PM Multiple high-profile TikTok accounts were hijacked by attackers exploiting a zero-day vulnerability in the platform’s direct messages feature. Victims included Sony, CNN, and Paris Hilton. The exploit required targets to open a malicious message, without needing to download a payload or click on embedded links. TikTok is working to restore … Read more
May 30, 2024 at 05:48AM Check Point VPNs were targeted by threat actors exploiting a zero-day vulnerability, allowing access to enterprise networks through old VPN local accounts. The vulnerability, tracked as CVE-2024-24919, affects certain Check Point Security Gateways and allows hackers to extract password hashes. Mnemonic reported attacks using CVE-2024-24919 in customer environments since April … Read more
May 24, 2024 at 11:42AM Google has addressed a critical high-severity security flaw, CVE-2024-5274, in its Chrome browser. The bug, a type confusion vulnerability in the V8 engine, poses threats such as code execution or access control bypasses. Two researchers, Clément Lecigne and Brendon Tiszka, reported the flaw. It marks Google’s fourth zero-day vulnerability this … Read more
May 24, 2024 at 05:09AM Google has released a new Chrome update to fix a high-severity vulnerability, CVE-2024-5274, making it the fourth zero-day patched in two weeks. The exploit exists in the wild, and no bug bounty will be given for its discovery. Google urges users to update to the latest Chrome release, version 125.0.6422.112. … Read more
May 16, 2024 at 06:55AM Google issued an emergency Chrome security update to address a zero-day vulnerability, the third exploited in a week. The fix, released for Mac, Windows, and Linux, will automatically update Chrome, but users can verify by going to Help>About Google Chrome. The vulnerability, used in attacks, remains unpublicized as Google maintains … Read more
May 15, 2024 at 06:43PM Google released a new emergency Chrome security update to address a third zero-day vulnerability (CVE-2024-4947) exploited in attacks. This high-severity flaw was fixed with the release of version 125.0.6422.60/.61 for Mac/Windows and 125.0.6422.60 for Linux. This is the seventh actively exploited zero-day patched in 2024. Users can ensure they are … Read more
May 14, 2024 at 12:39PM Google has released an emergency security update for Chrome to address a zero-day vulnerability with potential for data theft, malware implantation, and more. This is the second zero-day patched within a week and the sixth this year. The update includes a patch for a high-severity out-of-bounds write in the V8 … Read more
May 10, 2024 at 08:45AM Google released Chrome 124 update, addressing a zero-day vulnerability, tracking as CVE-2024-4671, a high-severity use-after-free bug in the Visuals component. The patch came just two days after the bug was reported by an anonymous researcher. No bug bounty information was provided. This is the second Chrome vulnerability of 2024 being … Read more