Critical Zero-Day Vulnerability in AVTECH AVM1203 Cameras Exploited for Five Years
A zero-day vulnerability in AVTECH AVM1203 security cameras has been actively exploited for five years, posing a high-severity risk to organizations.
A zero-day vulnerability in AVTECH AVM1203 security cameras has been actively exploited for five years, posing a high-severity risk to organizations.
Researchers from NCC Group have identified vulnerabilities in Sonos smart speakers that could allow attackers to eavesdrop on users by exploiting memory corruption and arbitrary code execution flaws.
Google’s Project Zero introduces Project Naptime, leveraging large language models to automate variant analysis and enhance vulnerability discovery approaches.
VMware has patched critical vulnerabilities in its vSphere and Cloud Foundation products, including heap-overflow flaws in the DCE/RPC protocol and a local privilege escalation issue in vCenter, with fixes released by Broadcom.
ASUS releases urgent firmware updates for multiple router models to address critical security vulnerabilities, including authentication bypass and buffer overflow flaws.
Chinese threat actors exploit zero-day vulnerability in Fortinet’s FortiOS and FortiProxy software, deploying Coathanger RAT malware on over 14,000 devices, including government systems in the Netherlands.
Arm and NVIDIA have identified zero-day vulnerabilities in their products, including a serious out-of-bounds write error in NVIDIA’s GPU Display Driver, prompting customers to patch their systems promptly to prevent unauthorized access and data breaches.
Judge0, a widely used open-source service for secure sandboxed code execution, has been found to have critical vulnerabilities that could allow attackers to execute sandbox escapes and gain root access to host machines.
Ivanti has issued a security advisory for its Avalanche mobile device management (MDM) product, urging users to update to the latest version, Avalanche 643, to address critical vulnerabilities, including heap overflow bugs that could potentially allow arbitrary command execution.
Attackers are actively exploiting the CVE-2023-22527 vulnerability in Atlassian Confluence Data Center and Confluence Server, using in-memory payloads to execute arbitrary code and control compromised servers.