A critical security vulnerability, tracked as CVE-2024-9680, has been identified in Mozilla Firefox, allowing remote attackers to execute arbitrary code, with active exploitation reported in the wild.
Multiple significant security vulnerabilities in the Manufacturing Message Specification (MMS) protocol, affecting MZ Automation’s and Triangle MicroWorks’ libraries, pose serious risks to industrial environments, including potential device crashes and remote code execution.
NVIDIA has patched a severe vulnerability, CVE-2024-0132, allowing threat actors to potentially gain full root privileges on host systems through container escapes.
Google’s adoption of memory-safe languages like Rust has significantly decreased memory safety vulnerabilities in Android over a six-year period.
Attackers exploited a memory feature in ChatGPT to implant spyware, enabling continuous data exfiltration of user input and responses.
Researchers have found a critical-rated zero-click vulnerability in MediaTek Wi-Fi chipsets that allows for remote code execution without user interaction, affecting routers and smartphones from various manufacturers.
Researchers discover GAZEploit exploit in Vision Pro headset, enabling hackers to decipher passwords and messages typed with the eyes.
A zero-day vulnerability in AVTECH AVM1203 security cameras has been actively exploited for five years, posing a high-severity risk to organizations.
ValleyRAT malware poses a significant threat to Chinese-speaking individuals and industries, utilizing shellcode, sleep obfuscation, XOR encoding, AES-256 decryption, reflective DLL loading, API hashing, and callback procedures to evade detection and control victims.
Researchers from NCC Group have identified vulnerabilities in Sonos smart speakers that could allow attackers to eavesdrop on users by exploiting memory corruption and arbitrary code execution flaws.
