Collaborate Disseminate
Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s Chrome browser (CVE-2024-4947). CVE-2024-20481 (Cisco ASA/FTD) In the past few da… Continue reading Exploited: Cisco, SharePoint, Chrome vulnerabilities
Millions of iOS and Android users are at risk after Symantec discovered that popular apps contain hardcoded, unencrypted… Continue reading Millions of iOS and Android Users at Risk as Popular Apps Expose Cloud Keys
Does anyone know any type of vulnerability that affects CPU registers that allows an attacker overwrite registers with specific values that remain fixed for example for a few instructions and only change when for example a mov instruction … Continue reading Does this vulnerability related to general purpose registers exist?
Does anyone know any type of vulnerability that affects CPU registers that allows an attacker overwrite registers with specific values that remain fixed for example for a few instructions and only change when for example a mov instruction … Continue reading Does this vulnerability related to general purpose registers exist?
Security researchers have uncovered a new flaw in some AI chatbots that could have allowed hackers to steal personal information from users.
The flaw, which has been named “Imprompter”, which uses a clever trick to hide malicious instructions within… Continue reading AI chatbots can be tricked by hackers into helping them steal your private data
Broadcom has released new patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server, one of which hasn’t been fully addressed the first time and could allow attackers to achieve remote code execution. The vul… Continue reading VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812)
Attackers have exploited an XSS vulnerability (CVE-2024-37383) in the Roundcube Webmail client to target a governmental organization of a CIS country, Positive Technologies (PT) analysts have discovered. The vulnerability was patched in May 2024, in Ro… Continue reading Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)
The Internet Archive (Archive.org) suffered a second security breach in October 2024, exposing support tickets through unrotated Zendesk… Continue reading Internet Archive (Archive.org) Hacked for Second Time in a Month
I detected in a codeline usage of a bouncy castle that is vulnerable to the cve CVE-2023-33201.
The CVE seems to come from the guilty class X509LDAPCertStoreSpi.java, and in specific the method search().
In the codeline I am testing, there… Continue reading how to check usages of a class method in open source code
Researchers at Microsoft discovered a new macOS vulnerability, “HM Surf” (CVE-2024-44133), which bypasses TCC protections, allowing unauthorized access… Continue reading “HM Surf” macOS Flaw Lets Attackers Access Camera and Mic – Patch Now!