February 7, 2024 | Cybernews
Orca security firm discovers three vulnerabilities in Microsoft Azure’s HDInsight big-data analytics service, including denial-of-service and privilege escalation bugs, which have been promptly addressed by Microsoft.
February 1, 2024 | Cybernews
A heap-based buffer overflow vulnerability in the GNU C library (glibc) has been found, enabling unauthorized users to gain root access.
January 29, 2024 | Cybernews
Cisco has released a patch for a critical vulnerability in its Unified Communications and Contact Center Solutions products, which allows remote attackers to execute arbitrary code on affected devices by exploiting insecure processing of user-supplied data.
January 19, 2024 | Cybernews
Multiple vulnerabilities in the TianoCore EFI Development Kit II (EDK II) allow for remote code execution, denial-of-service attacks, DNS cache poisoning, and leakage of sensitive information, impacting various UEFI firmware implementations.
January 18, 2024 | Cybernews
Google has released important updates for its Chrome browser to address a critical zero-day vulnerability, known as CVE-2024-0519, which allows attackers to bypass protection mechanisms and execute code on the target device.
December 29, 2023 | Cybernews
Researchers have disclosed new details about the “Operation Triangulation” campaign, which involved zero-click attacks on iPhones and exploited an undocumented Apple hardware security feature, allowing attackers to gain control of iPhones and potentially other Apple devices.
December 22, 2023 | Cybernews
Google has released an emergency patch for a high-severity zero-day vulnerability in Chrome that is actively being exploited, allowing attackers to potentially install programs, manipulate data, or create new accounts with full user rights.
December 22, 2023 | Cybernews
Ivanti has released Avalanche 6.4.2, an update to its mobile device management product, to address 22 vulnerabilities, including critical ones that allowed remote code execution on unpatched systems.
November 16, 2023 | Cybernews
A critical security flaw in Apache ActiveMQ, known as CVE-202346604, allows for arbitrary code execution in memory, enabling threat actors to remotely run arbitrary shell commands and deploy ransomware strains like TellYouThePass and a remote access trojan called SparkRAT.