Security News

China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer
2024-11-19 23:02

No word on when or if the issue will be fixed Chinese government-linked snoops are exploiting a zero-day bug in Fortinet's Windows VPN client to steal credentials and other information, according...

Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked
2024-11-17 09:00

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) November 2024 Patch...

Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE
2024-10-27 09:00

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Fortinet releases patches for publicly undisclosed critical FortiManager vulnerability In the last...

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)
2024-09-16 12:40

CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack...

Week in review: Veeam Backup & Replication RCE could soon be exploited, Microsoft fixes 4 0-days
2024-09-15 08:00

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)...

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)
2024-08-20 12:59

CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ computers, Gen Digital...

“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox
2024-08-09 09:58

A "0.0.0.0-Day" vulnerability affecting Chrome, Safari and Firefox can be - and has been - exploited by attackers to gain access to services on internal networks, Oligo Security researchers have revealed. The vulnerability stems from how those popular browsers handle network requests from external, public websites, and may allow attackers to change settings, gain access to protected information, uploading malicious models, or even achieve remote code execution.

0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices
2024-08-08 13:25

Cybersecurity researchers have discovered a new "0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks. The critical vulnerability "Exposes a fundamental flaw in how browsers handle network requests, potentially granting malicious actors access to sensitive services running on local devices," Oligo Security researcher Avi Lumelsky said.

Week in review: RADIUS protocol critical vuln, Microsoft 0-day exploited for a year, AT&T breach
2024-07-14 08:00

Critical vulnerability in the RADIUS protocol leaves networking equipment open to attackA new critical security vulnerability in the RADIUS protocol, dubbed BlastRADIUS, leaves most networking equipment open to Man-in-the-Middle attacks. Zero-day patched by Microsoft has been exploited by attackers for over a yearCVE-2024-38112, a spoofing vulnerability in Windows MSHTML Platform for which Microsoft has released a fix on Tuesday, has likely been exploited by attackers in the wild for over a year, Check Point researcher Haifei Li has revealed.

UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying
2024-06-19 15:09

The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has been observed utilizing multiple persistence mechanisms in...