June 28, 2024 | Cybernews
A recent joint report by CISA, Australia, and Canada reveals that over half of critical open source software projects analyzed exhibit memory safety vulnerabilities, emphasizing the need for organizations to transition to memory safe languages and adopt secure coding practices.
June 26, 2024 | Cybernews
Google’s Project Zero introduces Project Naptime, leveraging large language models to automate variant analysis and enhance vulnerability discovery approaches.
June 19, 2024 | Cybernews
VMware has patched critical vulnerabilities in its vSphere and Cloud Foundation products, including heap-overflow flaws in the DCE/RPC protocol and a local privilege escalation issue in vCenter, with fixes released by Broadcom.
June 13, 2024 | Cybernews
Chinese threat actors exploit zero-day vulnerability in Fortinet’s FortiOS and FortiProxy software, deploying Coathanger RAT malware on over 14,000 devices, including government systems in the Netherlands.
June 12, 2024 | Cybernews
Arm and NVIDIA have identified zero-day vulnerabilities in their products, including a serious out-of-bounds write error in NVIDIA’s GPU Display Driver, prompting customers to patch their systems promptly to prevent unauthorized access and data breaches.
April 18, 2024 | Cybernews
Ivanti has issued a security advisory for its Avalanche mobile device management (MDM) product, urging users to update to the latest version, Avalanche 643, to address critical vulnerabilities, including heap overflow bugs that could potentially allow arbitrary command execution.
March 11, 2024 | Cybernews
Attackers are actively exploiting the CVE-2023-22527 vulnerability in Atlassian Confluence Data Center and Confluence Server, using in-memory payloads to execute arbitrary code and control compromised servers.
February 27, 2024 | Cybernews
The White House Office of the National Cyber Director emphasizes the importance of memory safety in preventing data exposure and corruption to enhance cybersecurity.
February 16, 2024 | Cybernews
FortiGuard researchers have discovered the TicTacToe dropper, a group of malware droppers that have been active throughout 2023 and are responsible for delivering various final-stage payloads, posing a significant threat to organizations.
February 15, 2024 | Cybernews
The APT group Water Hydra has exploited a zero-day vulnerability, CVE-202421412, to target crypto traders with spearphishing techniques and deploy the DarkMe malware.