Google Introduces Project Naptime for AI-Powered Vulnerability Discovery
Google’s Project Zero introduces Project Naptime, leveraging large language models to automate variant analysis and enhance vulnerability discovery approaches.
Google’s Project Zero introduces Project Naptime, leveraging large language models to automate variant analysis and enhance vulnerability discovery approaches.
VMware has patched critical vulnerabilities in its vSphere and Cloud Foundation products, including heap-overflow flaws in the DCE/RPC protocol and a local privilege escalation issue in vCenter, with fixes released by Broadcom.
ASUS releases urgent firmware updates for multiple router models to address critical security vulnerabilities, including authentication bypass and buffer overflow flaws.
Chinese threat actors exploit zero-day vulnerability in Fortinet’s FortiOS and FortiProxy software, deploying Coathanger RAT malware on over 14,000 devices, including government systems in the Netherlands.
Arm and NVIDIA have identified zero-day vulnerabilities in their products, including a serious out-of-bounds write error in NVIDIA’s GPU Display Driver, prompting customers to patch their systems promptly to prevent unauthorized access and data breaches.
Judge0, a widely used open-source service for secure sandboxed code execution, has been found to have critical vulnerabilities that could allow attackers to execute sandbox escapes and gain root access to host machines.
Ivanti has issued a security advisory for its Avalanche mobile device management (MDM) product, urging users to update to the latest version, Avalanche 643, to address critical vulnerabilities, including heap overflow bugs that could potentially allow arbitrary command execution.
Attackers are actively exploiting the CVE-2023-22527 vulnerability in Atlassian Confluence Data Center and Confluence Server, using in-memory payloads to execute arbitrary code and control compromised servers.
The APT group Water Hydra has exploited a zero-day vulnerability, CVE-202421412, to target crypto traders with spearphishing techniques and deploy the DarkMe malware.
Orca security firm discovers three vulnerabilities in Microsoft Azure’s HDInsight big-data analytics service, including denial-of-service and privilege escalation bugs, which have been promptly addressed by Microsoft.