Vulnerabilities

Qualcomm’s October 2024 Security Bulletin reveals critical vulnerabilities in several chipsets, including the popular Snapdragon mobile platforms and FastConnect solutions. These issues impact various system components like WLAN, DSP, and graphics, posing serious security risks to users globally. CVE-2024-43047 (CVSS 7.8) is a vulnerability identified by Google’s Threat Analysis Group …

CISA has issued an urgent alert about critical vulnerabilities being exploited in Synacor’s Zimbra Collaboration and Ivanti’s Endpoint Manager (EPM). Organizations using these products are urged to mitigate potential risks immediately. CVE-2024-45519: Synacor Zimbra Collaboration Command Execution Vulnerability: A new vulnerability, CVE-2024-45519, has been found in the Synacor Zimbra Collaboration …

Hackers are exploiting a recently revealed RCE vulnerability in Zimbra email servers that can be activated by sending specially crafted emails to the SMTP server. CVE-2024-45519 is a remote code execution vulnerability in Zimbra’s postjournal service, which handles incoming emails via SMTP. Attackers can exploit this flaw by sending emails …

Simone Margaritelli has discovered a serious remote code execution (RCE) vulnerability in the Common Unix Printing System (CUPS), impacting all GNU/Linux systems. Simone Margaritelli has revealed technical details about the unauthenticated RCE flaw affecting all GNU/Linux systems, which he previously reported. The flaw, comprising four CVEs (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177), …

The White Snake malware has been updated to take advantage of a new feature in the latest Google Chrome version. This update lets malware steal CVC codes from credit cards saved in browsers, posing a serious online security threat, according to reports on X. Chrome’s New Feature Draws Attention: Google …

GitLab released patches for a critical flaw in Community and Enterprise Editions that could allow authentication bypass. The vulnerability in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0) could let an attacker log in as any user in the affected system. It was fixed by the maintainers last week. The issue …

Google has released Chrome 129 for Windows, Mac, and Linux users. The update will be available gradually over the next few days and weeks. The latest Chrome version (129.0.6668.58 for Linux, 129.0.6668.58/.59 for Windows and Mac) includes several improvements and important security fixes. This release focuses on security by fixing …

Broadcom has fixed a serious VMware vCenter Server vulnerability that allows attackers to execute remote code on unpatched servers through network packets. vCenter Server is the main management hub for VMware’s vSphere suite, enabling administrators to oversee and monitor virtualized infrastructure. The vulnerability (CVE-2024-38812) identified by TZL security researchers at …

Ransomware groups like BianLian and Rhysida use Microsoft’s Azure Storage Explorer and AzCopy to steal data from hacked networks and store it in Azure Blob storage. Storage Explorer is a GUI tool for managing Microsoft Azure, while AzCopy is a command-line tool for large data transfers to and from Azure …

Apple has released iOS 18, the latest update for iPhones and iPads. Along with new features, it mainly focuses on fixing security vulnerabilities. Apple’s iOS 18 has addressed 33 major security vulnerabilities that could have endangered millions of iPhone users. Without these fixes, hackers could have accessed personal data, controlled …