Vulnerabilities

Fortinet reported that in the second half of 2023, the average time form the disclosure of a vulnerability to its active exploitation in the wild decreased to just 4.76 days a 43% reduction compared to the 1st half of the year. Fortinet’s 2H Global landscape report indicate that hackers to …

Google released an urgent security update for Chrome browser. The update fixes a critical vulnerability that is already being exploited by hackers. The vulnerability, known as CVE-2024-4671, is a bug in the browser’s Visuals component. CVE-2024-4671 is a type of vulnerability referred to as “use after free” in the Visuals …

A security breach has been reported, with a threat actor claiming to be selling a database with 49 million customer records from Dell. The data includes information on systems bought from Dell between 2017 and 2024. According to Daily dark web, recent data obtained from Dell servers includes sensitive personal …

Eclypsium recently found flaws in F5’s BIG-IP Next Central Manager, which could let attackers take control of the network. BIG-IP is a product line from F5 that includes software and hardware for managing, securing, and optimizing applications across networks. The Next Central Manager is a key control point for tasks …

Samsung has patched 25 vulnerabilities in its mobile devices. This is to strengthen them against code execution and privilege escalation attacks. Samsung is continuously working to improve the security of its smartphones and tablets, protecting the safety and privacy of its users. Samsung recently disclosed vulnerabilities, known as Samsung Vulnerabilities …

The 2024 Olympic Games in Paris are coming soon. A recent cybersecurity assessment by Outpost24, a provider of cyber threat exposure management solutions, has raised concerns about the online infrastructure of the games. Outpost24 has identified critical vulnerabilities in the security posture, despite it being considered “mostly secure”. These vulnerabilities …

Researchers found multiple vulnerabilities in various applications and system components on Xiaomi devices. “The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, [and] disclosure of phone, settings and Xiaomi account data,” The Hacker News report reads. …

The U.S. federal agency CISA has included CVE-2023-7028 in its Known Exploited Vulnerabilities Catalog. This means that the vulnerability is currently being targeted by attackers. CISA has instructed federal agencies to protect their systems by May 22, giving them a deadline of three weeks. The U.S. cybersecurity agency hasn’t shared …

Google fixed a serious Chrome bug known as CVE-2024-4058 in the ANGLE graphics layer engine along with four vulnerabilities in the Chrome web browser. CVE-2024-4058 is a vulnerability in the ANGLE graphics layer engine. It allows attackers to execute arbitrary code on macOS systems. Toan Pham and Bao Pham from …

According to a new research bad actors could exploit the DOS-to-NT path conversion process to hide and impersonate files, directories, and processes, gaining rootkit-like capabilities. “When a user executes a function that has a path argument in Windows, the DOS path at which the file or folder exists is converted …