Vulnerabilities

ZeroFont Phishing is a new yet old technique for sending Phishing emails. It allows threat actors to bypass security mechanisms and successfully send phishing emails. Using this technique, attackers were able to evade Microsoft’s Natural Language Processing, which was serving as portion against phishing emails for Office users. Office 365 …

Air Canada, the national airline of Canada, has acknowledged a “brief” breach in its security controls. Air Canada confirmed that an incident occurred, but they did not give details about when or how much personal information was accessed by the attacker. “An unauthorized group briefly obtained limited access to an …

Bassem Bazzoun, a security researcher awarded for $25,300 and ranked 2nd place on the conference Leaderboard for discovering a Two-Factor Authentication bypass in Facebook during Meta bug bounty Researchers conference in Seoul, South Korea, 2023. If you’re curious about the technical details of how he managed to bypass Facebook’s two-factor …

A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website’s source code. An examination of the text input fields in web browsers revealed that the coarse-grained permission model underpinning Chrome extensions violates the principles …

A SAML token signature bypass vulnerability in VMware Tools was responsibly reported to VMware with a maximum CVSSv3 base score of 7.5. Updates are available to remediate this vulnerability in the affected VMware products. Click here to read full report.

The National Safety Council has leaked nearly 10,000 emails and passwords of their members, exposing 2000 companies, including governmental organizations and big corporations. The National Safety Council (NSC) is a non-profit organization in the United States providing workplace and driving safety training. On its digital platform, NSC provides online resources …

A list of security patches  has been released by oracle for more than 130+ products. These products are being used in industries, including banking, communication, enterprise, development and so on. Oracle patched the severity categorically as critical, high, medium, and low and it is based on their CVSS 3.1 score. …

SpyCloud reports that 53% of security leaders are extremely concerned about attacks that use malware to steal authentication data. Only less than 1% of leaders are not concerned at all. Malware infection responses: Many people still don’t have the tools to investigate the security and organizational impact of these infections …

Apple released Rapid Security Response updates for its Safari web browser, iOS, iPadOS, and macOS to address a zero-day vulnerability that was being actively exploited. By exploiting the WebKit vulnerability known as CVE-2023-37450, malicious actors may execute arbitrary code while handling specially designed web content. The iPhone maker said it …

Google has released its monthly security updates for the Android operating system, addressing 46 new software vulnerabilities. Three of these vulnerabilities have been identified as actively exploited in targeted attacks. One vulnerability, tracked as CVE-2023-26083, is a memory leak flaw affecting the Arm Mali GPU driver for Bifrost, Avalon, and …