Security News
Ivanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is said to have come under targeted exploitation in the wild. The list of...
The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26.After a zero-day vulnerability is exploited and reported to vendors during Pwn2Own, they have 90 days to release security patches before Trend Micro's Zero Day Initiative discloses it publicly.
Security researchers hacked the Tesla infotainment system and demoed 24 more zero-days on the second day of the Pwn2Own Automotive 2024 hacking competition. On the first day of Pwn2Own Automotive 2024, Synacktiv also collected another $295,000 after getting root on a Tesla Modem and hacking Ubiquiti Connect EV and JuiceBox 40 Smart EV Charging Stations using three chains, exploiting a total of seven zero-days.
Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits. Synacktiv Team took home $100,000 after successfully chaining three zero-day bugs to get root permissions on a Tesla Modem.
Apple has fixed an actively exploited zero-day vulnerability that affects Macs, iPhones, iPads and AppleTVs. CVE-2024-23222 is a type confusion issue that affects WebKit - Apple's browser engine used in the Safari web browser and all iOS and iPadOS web browsers.
Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild. The issue, tracked as...
Apple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs. The zero-day fixed today is tracked as CVE-2024-23222 and is a WebKit confusion issue that attackers could exploit to gain code execution on targeted devices. "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited," Apple said today.
Google fixes actively exploited Chrome zero-dayIn the new stable release of the Chrome browser, Google has fixed three security vulnerabilities affecting the V8 engine, including one zero-day with an existing exploit. With a constantly evolving threat landscape, cybersecurity awareness training is an essential component in creating a good security culture.
An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been linked to the abuse of a critical vulnerability in...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against...