Collaborate Disseminate
Leading out the news this week is a report of “BlackTech”, an Advanced Persistent Threat (APT) group that appears to be based out of China, that has been installing malicious …read more Continue reading This Week in Security: Magic Packets, GPU.zip, and Enter the Sandman
Google has fixed another critical zero-day vulnerability (CVE-2023-5217) in Chrome that is being exploited in the wild. About CVE-2023-5217 The vulnerability is caused by a heap buffer overflow in vp8 encoding in libvpx – a video codec library fr… Continue reading Yet another Chrome zero-day exploited in the wild! (CVE-2023-5217)
Last week we covered the latest 0-day from NSO group, BLASTPASS. There’s more details about exactly how that works, and a bit of a worrying revelation for Android users. One …read more Continue reading This Week in Security: WebP, Cavium, Gitlab, and Asahi Lina
Apple has released updates for iOS and iPadOS, macOS, watchOS, and Safari to fix three zero-day vulnerabilities (CVE-2023-41992, CVE-2023-41991, CVE-2023-41993) exploited “against versions of iOS before iOS 16.7.” Bill Marczak of The Citize… Continue reading Apple fixes 3 zero-day vulnerabilities exploited to compromise iPhones
Google has rolled out a security update for a critical Chrome zero-day vulnerability (CVE-2023-4863) exploited in the wild. About the vulnerability (CVE-2023-4863) CVE-2023-4863 is a critical heap buffer overflow vulnerability in the component that han… Continue reading Chrome zero-day exploited in the wild, patch now! (CVE-2023-4863)
North Korean threat actors are once again attempting to compromise security researchers’ machines by employing a zero-day exploit. The warning comes from Google’s own security researchers Clement Lecigne and Maddie Stone, who detailed the l… Continue reading North Korean hackers target security researchers with zero-day exploit
Apple has patched two zero-day vulnerabilities (CVE-2023-41064, CVE-2023-41061) exploited to deliver NSO Group’s Pegasus spyware. “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interact… Continue reading Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061)
Atlas VPN has confirmed the existence of a zero-day vulnerability that may allow website owners to discover Linux users’ real IP address. Details about this zero-day vulnerability as well as exploit code have been publicly released on Reddit seve… Continue reading Atlas VPN zero-day allows sites to discover users’ IP address
By Habiba Rashid
The 0-day vulnerability in WinRAR, which has been exploited, is targeting traders and has successfully stolen funds from 130 victims so far.
This is a post from HackRead.com Read the original post: WinRAR users update your software as … Continue reading WinRAR users update your software as 0-day vulnerability is found
Financially-motivated attackers have exploited a zero-day vulnerability in WinRAR (CVE-2023-38831) to trick traders into installing malware that would allow them to steal money from broker accounts. “This vulnerability has been exploited since Ap… Continue reading Attackers exploited WinRAR zero-day for months to steal money from brokers (CVE-2023-38831)