Today, VulnCheck vulnerability researcher Jacob Baines released another PoC exploit that only utilizes CVE-2023-36845, bypassing the need to upload files while still achieving remote code execution.
CardX released a data leak notification impacting their customers in Thailand Pierluigi Paganini September 17, 2023 One of Thailand’s major digital financial platforms, CardX, recently disclosed a data leak that affected their customers. According to the statement published on the CardX official website on September 15th, the company experienced a cybersecurity incident that exposed personal […]
Fortinet has released patches for a high-severity cross-site scripting (XSS) vulnerability impacting multiple FortiOS and FortiProxy versions. Tracked as CVE-2023-29183 (CVSS score of 7.3), the security defect is described as an “improper neutralization of input during web page generation”. Successful exploitation of the bug, Fortinet explains in an advisory, may allow an authenticated attacker to […]
Google says that starting in 2024, all Chromebooks released after 2021 will automatically qualify for ten years of security updates, delivered automatically to the device every four weeks.
NIST released Special Publication (SP) 800-207A – “A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Location Environments.” Enterprise application environments consist of geographically distributed and loosely coupled microservices that span multiple cloud and on-premises environments. Users from different locations access them through different devices. This scenario calls for establishing trust in […]
Sep 13, 2023THNEndpoint Security / Zero Day Microsoft has released software fixes to remediate 59 bugs spanning its product portfolio, including two zero-day flaws that have been actively exploited by malicious cyber actors. Of the 59 vulnerabilities, five are rated Critical, 55 are rated Important, and one is rated Moderate in severity. The update is […]
Sep 13, 2023THNVulnerability / Browser Security Mozilla on Tuesday released security updates to resolve a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in the wild, a day after Google released a fix for the issue in its Chrome browser. The shortcoming, assigned the identifier CVE-2023-4863, is a heap buffer overflow […]
Google on Monday released an emergency Chrome 116 security update to patch the fourth zero-day vulnerability discovered in the browser in 2023. Tracked as CVE-2023-4863 and rated ‘critical severity’, the bug is described as a heap buffer overflow issue in the WebP component. WebP is an image format that provides improved compression and quality compared […]
Notepad++ version 8.5.7 has been released with fixes for multiple buffer overflow zero-days, with one marked as potentially leading to code execution by tricking users into opening specially crafted files.