Vulnerabilities

In its recent Patch Tuesday release, Microsoft fixed 118 vulnerabilities, including five zero-day flaws, two of which are currently being exploited. The updates affect multiple Microsoft products, such as Windows, Office, Azure, .NET, and Visual Studio. Zero-Day Vulnerabilities: Among the five zero-day vulnerabilities patched, two were actively exploited in the …

The Cyber Threat Intelligence (CTI) Unit at BGD e-GOV CIRT has discovered a malware campaign involving the Lumma Stealer family. They’ve found that various types of stealer malware are being spread using similar methods. CIRT is monitoring stealer malware campaigns and has found malware that steals sensitive information. Recently, the …

Qualcomm’s October 2024 Security Bulletin reveals critical vulnerabilities in several chipsets, including the popular Snapdragon mobile platforms and FastConnect solutions. These issues impact various system components like WLAN, DSP, and graphics, posing serious security risks to users globally. CVE-2024-43047 (CVSS 7.8) is a vulnerability identified by Google’s Threat Analysis Group …

CISA has issued an urgent alert about critical vulnerabilities being exploited in Synacor’s Zimbra Collaboration and Ivanti’s Endpoint Manager (EPM). Organizations using these products are urged to mitigate potential risks immediately. CVE-2024-45519: Synacor Zimbra Collaboration Command Execution Vulnerability: A new vulnerability, CVE-2024-45519, has been found in the Synacor Zimbra Collaboration …

Hackers are exploiting a recently revealed RCE vulnerability in Zimbra email servers that can be activated by sending specially crafted emails to the SMTP server. CVE-2024-45519 is a remote code execution vulnerability in Zimbra’s postjournal service, which handles incoming emails via SMTP. Attackers can exploit this flaw by sending emails …

Simone Margaritelli has discovered a serious remote code execution (RCE) vulnerability in the Common Unix Printing System (CUPS), impacting all GNU/Linux systems. Simone Margaritelli has revealed technical details about the unauthenticated RCE flaw affecting all GNU/Linux systems, which he previously reported. The flaw, comprising four CVEs (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177), …

The White Snake malware has been updated to take advantage of a new feature in the latest Google Chrome version. This update lets malware steal CVC codes from credit cards saved in browsers, posing a serious online security threat, according to reports on X. Chrome’s New Feature Draws Attention: Google …

GitLab released patches for a critical flaw in Community and Enterprise Editions that could allow authentication bypass. The vulnerability in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0) could let an attacker log in as any user in the affected system. It was fixed by the maintainers last week. The issue …

Google has released Chrome 129 for Windows, Mac, and Linux users. The update will be available gradually over the next few days and weeks. The latest Chrome version (129.0.6668.58 for Linux, 129.0.6668.58/.59 for Windows and Mac) includes several improvements and important security fixes. This release focuses on security by fixing …

Broadcom has fixed a serious VMware vCenter Server vulnerability that allows attackers to execute remote code on unpatched servers through network packets. vCenter Server is the main management hub for VMware’s vSphere suite, enabling administrators to oversee and monitor virtualized infrastructure. The vulnerability (CVE-2024-38812) identified by TZL security researchers at …