LightSpy, a sophisticated iOS spyware linked to a suspected state-sponsored group, exploits vulnerabilities in iOS and macOS systems to collect sensitive data and introduce destructive functions, posing a significant threat to Apple device users.
A sophisticated cyber-attack by the Lazarus Group exploited a critical zero-day vulnerability in Google Chrome, targeting cryptocurrency investors and resulting in significant thefts.
Broadcom has issued essential software updates to address severe security vulnerabilities CVE-2024-38812 and CVE-2024-38813 in VMware vCenter Server, which could allow remote code execution and system compromise.
Multiple significant security vulnerabilities in the Manufacturing Message Specification (MMS) protocol, affecting MZ Automation’s and Triangle MicroWorks’ libraries, pose serious risks to industrial environments, including potential device crashes and remote code execution.
Google’s adoption of memory-safe languages like Rust has significantly decreased memory safety vulnerabilities in Android over a six-year period.
Researchers have found a critical-rated zero-click vulnerability in MediaTek Wi-Fi chipsets that allows for remote code execution without user interaction, affecting routers and smartphones from various manufacturers.
Researchers discover GAZEploit exploit in Vision Pro headset, enabling hackers to decipher passwords and messages typed with the eyes.
A zero-day vulnerability in AVTECH AVM1203 security cameras has been actively exploited for five years, posing a high-severity risk to organizations.
Researchers from NCC Group have identified vulnerabilities in Sonos smart speakers that could allow attackers to eavesdrop on users by exploiting memory corruption and arbitrary code execution flaws.
Google’s Project Zero introduces Project Naptime, leveraging large language models to automate variant analysis and enhance vulnerability discovery approaches.
