Security News

Google has released an urgent security update to fix a number of vulnerabilities in Chrome browser, including a zero-day vulnerability that is being actively exploited in the wild.CVE-2023-6345, reported by Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group, is due to an integer overflow in Skia - an open source 2D graphics library commonly used as a graphics engine for Google Chrome, ChromeOS, Android, Flutter, and others.

Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the...

Google has fixed the sixth Chrome zero-day vulnerability this year in an emergency security update released today to counter ongoing exploitation in attacks. Google TAG is known for uncovering zero-days, often exploited by state-sponsored hacking groups in spyware campaigns targeting high-profile individuals like journalists and opposition politicians.

Google has fixed the fifth Chrome zero-day vulnerability this year in an emergency security update released today to counter ongoing exploitation in attacks. Google TAG is known for uncovering zero-days, often exploited by state-sponsored hacking groups in spyware campaigns targeting high-profile individuals like journalists and opposition politicians.

The attack started with compromising a media outlet's website to embed malicious scripts into an article, allowing for a 'watering hole' attack. State-backed North Korean hacking operations consistently rely on supply chain attacks and the exploitation of zero-day vulnerabilities as part of their cyber warfare tactics.

An active malware campaign is leveraging two zero-day vulnerabilities with remote code execution (RCE) functionality to rope routers and video recorders into a Mirai-based distributed...

A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution vulnerabilities to infect routers and video recorder devices. The malware hijacks the devices to make them part of its DDoS swarm, presumably rented for profit.

Google's Threat Analysis Group has discovered that threat actors exploited a zero-day vulnerability in Zimbra Collaboration email server to steal sensitive data from government systems in multiple countries. According to Google's threat analysts, the threat actors exploited the vulnerability on government systems in Greece, Moldova, Tunisia, Vietnam, and Pakistan to steal email data, user credentials, and authentication tokens, perform email forwarding, and lead victims to phishing pages.

A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens. "Most of...

Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of...