0day

Vulnerability CVE-2024-4671 has been fixed in the latest version. Google has urgently released another security update for its Chrome browser. The reason was the discovery of a critical vulnerability with active exploitation in real attacks. The vulnerability was identified as CVE-2024-4671...

How the policy is implemented in commercial software development. Users of the CrushFTP file transfer software are strongly encouraged to upgrade to the latest version after discovering a vulnerability that has been targeted. CrushFTP has warned that there is a zero-Day vulnerability in...

The developers explained what was going on – everything turned out to be much easier. Telegram has fixed a zero-day vulnerability in its Windows app that allowed it to bypass security warnings and automatically run Python scripts. This was announced by the developers after the spread of rumors...

We turn our vigilance to full – hackers will not miss their chance. Palo Alto Networks has reported an actively exploited critical zero-day vulnerability in the PAN-OS software used in the GlobalProtect software network gateways. The vulnerability, identified as CVE-2024-3400, is characterized...

Another Chrome bug cost specialists $42,500. Google has fixed a critical vulnerability in the Chrome browser that was discovered during the Pwn2Own 2024 competition in Vancouver. Vulnerability CVE-2024-3159 is related to an Out-of-bounds read error in the JavaScript V8 engine and can lead to...

Vulnerabilities CVE-2024-29745 and CVE-2024-29748 were actively exploited by digital forensics. Google fixed two critical zero-day vulnerabilities in its Pixel smartphones that allowed companies specializing in forensic analysis to unlock users ' phones without using a PIN code and gain access...

Google researchers have proposed a working strategy to reduce the level of malicious exploitation. A recent report from Google's cyber experts found that the number of zero-day exploits of vulnerabilities increased by 50% in 2023, reaching 97 cases compared to 62 in the previous year. Zero-day...

Upgrade your devices to avoid becoming another victim of hackers. Apple has released emergency security updates to address two zero-day vulnerabilities in iOS that have already been exploited in real attacks on the iPhone. The company announced this on March 5 in a separate security...

The new vulnerability renders security systems useless. A new Windows vulnerability, called EventLogCrasher, allows an attacker to remotely disable the event log service on devices in the same Windows domain. To do this, the attacker only needs to have a network connection to the target device...

The company did not have time to fix the old problems, as new ones were immediately discovered. Ivanti has released a number of patches for vulnerable Connect Secure (ICS) and Policy Secure (IPS) gateways. However, in parallel, the company discovered two new zero-day vulnerabilities, one of...

The massive exploitation of Ivanti vulnerabilities caused panic among federal agencies. Cybersecurity company Censys has discovered that hackers allegedly working for the Chinese government are massively exploiting critical vulnerabilities in Ivanti's virtual private networks (VPNs), gaining...

Apple has released updates to fix another bug in its products. Apple has released security updates for iOS, iPadOS, macOS, tvOS, and the Safari web browser to address a zero-day vulnerability that has been actively exploited. The Type Confusion vulnerability CVE-2024-23222 in the WebKit engine...

The vulnerability allows you to launch a chain of exploits. Google has released updates that fix four security issues in the Chrome browser, including the actively exploited zero-day vulnerability. Vulnerability CVE-2024-0519 is related to Out-of-bounds access in JavaScript V8 and WebAssembly...

Update today or continue to risk your data – the choice is up to users. Citrix strongly recommends that users immediately install patches on Netscaler ADC and Netscaler Gateway devices connected to the Internet to prevent attacks related to two new actively exploited zero-day vulnerabilities...

More and more hacker associations are using CVE-2023-46805 and CVE-2024-21887 in their attacks. Earlier this month, we covered zero-day vulnerabilities in Ivanti products. A recent analysis by Mandiant revealed that attackers used 5 different malware families in their attacks, including...

A vulnerability in VPN devices allowed deploying 5 malicious programs at once. At least 5 different malicious programs were allegedly used by government hackers to gain access to company networks through Zero-Day vulnerabilities in Ivanti Connect Secure (ICS) VPN devices. The attacks took place...

The Apache OFBiz RCE vulnerability can cost businesses and reputations. SonicWall has recorded thousands of daily attempts to exploit Apache OFBiz zero-day vulnerabilities for almost two weeks. The flaw was first made public on December 26, after which the number of exploitation attempts...

You should update as soon as possible to avoid leaks of corporate information. A critical zero-day vulnerability has been discovered in the Apache OFBiz system, which is widely used for enterprise resource planning (ERP). It allows you to bypass authentication systems and exposes the business...

Chinese hackers have attracted attention after exploiting a vulnerability in the company's popular product. Barracuda, a network and email security company, said that on December 21, it remotely fixed a zero-day vulnerability in all active Email Security Gateway (ESG) devices that was exploited...

This month, Microsoft increased user security by eliminating dangerous and critical vulnerabilities in its systems. Microsoft's December 2023 Update Tuesday includes security updates for 34 flaws and one zero-day vulnerability in AMD processors. Although 8 Remote Code Execution (RCE)...