Google Links Over 60 Zero-Days to Commercial Spyware Vendors

More than 60 of the Adobe, Google, Android, Microsoft, Mozilla and Apple zero-days that have come to light since 2016 attributed to spyware vendors. 
The post Google Links Over 60 Zero-Days to Commercial Spyware Vendors appeared first on SecurityWeek.
Continue reading Google Links Over 60 Zero-Days to Commercial Spyware Vendors

CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products

In an unprecedented move, CISA is demanding that federal agencies disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours.
The post CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products appeared … Continue reading CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products

Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation

Apple pushes out fresh versions of its iOS and macOS platforms to fix WebKit vulnerabilities being exploited as zero-day in the wild.
The post Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation appeared first on SecurityWeek.
Continue reading Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation

How can I get a count of high risk vulnerabilities of web browsers? [closed]

Every month I’m reading about some zero-day vulnerability being exploited in Google Chrome. I’d like to roughly compare the situation with Firefox in some objective way. It’s ok if it does not fully capture everything (undisclosed vulnerab… Continue reading How can I get a count of high risk vulnerabilities of web browsers? [closed]

Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins

The recently disclosed Ivanti VPN zero-days have been exploited to hack at least 1,700 devices, including government, telecoms, defense, and tech.
The post Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins appeared fir… Continue reading Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins

Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout

Ivanti zero-day vulnerabilities dubbed ConnectAround could impact thousands of systems and Chinese cyberspies are preparing for patch release.
The post Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout appeared first on … Continue reading Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout