30 Nov 2022

Acer Firmware Flaw Lets Attackers Bypass Key Security Feature

Security researchers at ESET have identified a flaw tracked as CVE-2022-4020 impacting the Acer firmware. The flaw impacts five of the company’s laptop models and could allow an attacker to disable a device’s Secure Boot settings, leading to malware execution and disarming of security measures. The flaw was discovered on

Read More
16 Nov 2022

Billbug Targets Government Agencies in Multiple Asian Countries

According to security researchers at Symantec, state-sponsored actors operating for the Billbug group, also known as Thrip and Lotus, have attempted to compromise a digital certificate authority in an Asian country. The attack was part of a larger campaign targeting multiple government agencies. Security researchers from Symantec have made the

Read More
09 Nov 2022

Microsoft Patches Six Zero-Day Bugs this Month

During this month’s Patch Tuesday, Microsoft released a relatively low number of security updates to fix flaws plaguing its products, however, six of the patches are flaws being actively exploited in the wild. According to Microsoft, one of these flaws is called “ProxyNotShell” and lies in the Microsoft Exchange Server.

Read More
28 Oct 2022

GitHub Bug Exposed Repositories to Hijacking

Security researchers have identified a flaw in GitHub that reportedly enables attackers to take control of repositories, thus allowing them to spread malware and infect code. GitHub has fixed the bug since it was discovered and stated that it lied in the popular repository namespace retirement feature. The same tool

Read More
26 Oct 2022

Apple Fixes Actively Exploited iOS and iPadOS Zero-Day Vulnerability

Apple released new updates earlier this week that patch zero-day vulnerabilities in iOS and iPadOS devices. The flaws fixed in the latest updates have reportedly been exploited in the wild by threat actors. One of the flaws is an out-of-bounds write issue in the kernel and could be exploited by

Read More
19 Oct 2022

Zoom Patches High-Severity Flaw in macOS Client

Zoom released a patch last week that fixes a high-severity flaw in its client for macOS devices. The video messaging platform identified the vulnerability, which is tracked as CVE-2022-28762, as a debugging port misconfiguration that affects versions between 5.10.6 and 5.12.0. The flaw has been assigned a 7.3 out of

Read More
12 Oct 2022

Critical Open Source vm2 Sandbox Escape Bug Affects Millions

A remote code execution vulnerability has been identified in a widely used JavaScript sandbox. The vulnerability has earned a rating of 10, the highest number on the CVSS vulnerability scale. Therefore, the bug is described as high severity. The flaw could allow threat actors to execute a sandbox escape and

Read More
04 Oct 2022

Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet

Microsoft has fast-tracked two patches for vulnerabilities impacting Microsoft Exchange Servers. The vulnerabilities have been reported as zero-days. While Microsoft works on developing a patch, businesses should be on alert for attacks targeting these vulnerabilities. Last Friday, Microsoft confirmed that it has identified targeted attacks, albeit limited. The bugs can

Read More
22 Sep 2022

Twitter Password Reset Bug Exposed User Accounts

Twitter has fixed an issue that allowed accounts to stay logged in on multiple devices even after resetting their passwords. This means that if an unauthorized party was able to gain access to a user’s Twitter account, they would remain logged in even after the user reset their password and

Read More
21 Sep 2022

Arbitrum Rewards Hacker With 400 ETH For Detecting a Critical $400M Vulnerability

On September 19, Arbitrum, one of the most popular Layer 2 solutions for Ethereum, paid 400 ETH (about $560,000) to a white hat hacker who found a potential vulnerability in its code. The white hat hacker, known on Twitter as Riptide, finds vulnerabilities within smart contracts written in Solidity. Riptide said

Read More