Security News

Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a...

A novel side-channel attack called GPU.zip renders virtually all modern graphics processing units (GPU) vulnerable to information leakage. "This channel exploits an optimization that is data...

On Thursday, researchers from security firm Rezillion published evidence that they said made it "Highly likely" both indeed stemmed from the same bug, specifically in libwebp, the code library that apps, operating systems, and other code libraries incorporate to process WebP images. Rather than Apple, Google, and Citizen Lab coordinating and accurately reporting the common origin of the vulnerability, they chose to use a separate CVE designation, the researchers said.

Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild....

Software development firm JetBrains has fixed a critical vulnerability in its TeamCity continuous integration and continuous delivery solution, which may allow authenticated attackers to achieve remote code execution and gain control of the server. "As of September 25, 2023, Rapid7 is not aware of in-the-wild exploitation of CVE-2023-42793, and no public exploit code is available," shared Caitlin Condon, head of vulnerability research at Rapid7.

Vulnerability scanners delve into systems to uncover security gaps. Beyond merely pinpointing weaknesses, vulnerability scanning is a proactive measure to anticipate potential attacker entry points.

An inside look at NetSPI's impressive Breach and Attack Simulation platformIn this Help Net Security interview, Scott Sutherland, VP of Research at NetSPI, delves into the intricacies of their Breach and Attack Simulation platform and discusses how it offers unique features - from customizable procedures to advanced plays - that help organizations maximize their ROI. How companies can take control of their cybersecurityIn this Help Net Security interview, Baya Lonqueux, CEO at Reciproc-IT, discusses the evolving cybersecurity landscape and the essential skillsets needed for teams working in this field. Critical Trend Micro vulnerability exploited in the wildTrend Micro has fixed a critical zero-day vulnerability in several of its endpoint security products for enterprises that has been spotted being exploited in the wild.

GitLab has fixed a critical vulnerability in the Enterprise Edition and Community Edition of its widely used DevOps platform. "Scan execution policy allows configuring built-in scanners for GitLab projects, such as static analysis and vulnerability scanning. These scanners are running in dedicated pipelines with a predefined set of permissions," Alex Ilgayev, head of security research at Cycode told Help Net Security.

Trend Micro has fixed a critical zero-day vulnerability in several of its endpoint security products for enterprises that has been spotted being exploited in the wild."Trend Micro has observed at least one active attempt of potential exploitation of in the wild," the company shared.

A malicious actor released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability on GitHub with an aim to infect users who downloaded the code with Venom RAT malware....