Breaking News

Pierluigi Paganini April 09, 2024
Over 91,000 LG smart TVs running webOS are vulnerable to hacking

Researchers found multiple vulnerabilities in LG webOS running on smart TVs that could allow attackers to gain root access to the devices. Bitdefender researchers discovered multiple vulnerabilities in LG webOS running on smart TVs that could be exploited to bypass authorization and gain root access on the devices. The vulnerabilities discovered by the researchers impact […]

Pierluigi Paganini April 09, 2024
ScrubCrypt used to drop VenomRAT along with many malicious plugins

Researchers discovered a sophisticated multi-stage attack that leverages ScrubCrypt to drop VenomRAT along with many malicious plugins. Fortinet researchers observed a threat actor sending out a phishing email containing malicious Scalable Vector Graphics (SVG) files. The email is crafted to trick recipients into clicking on an attachment, which downloads a ZIP file containing a Batch […]

Pierluigi Paganini April 09, 2024
Google announces V8 Sandbox to protect Chrome users

Google announced support for a V8 Sandbox in the Chrome web browser to protect users from exploits triggering memory corruption issues. Google has announced support for what’s called a V8 Sandbox in the Chrome web browser. The company included the V8 Sandbox in Chrome’s Vulnerability Reward Program (VRP). Chrome 123 is a sort of “beta” release for the sandbox designed to […]

Pierluigi Paganini April 09, 2024
China is using generative AI to carry out influence operations

China-linked threat actors are using AI to carry out influence operations aimed at fueling social disorders in the U.S. and Taiwan. China is using generative artificial intelligence to carry out influence operations against foreign countries, including the U.S. and Taiwan, and fuel social disorders. According to the report published by the Microsoft Threat Analysis Center […]

Pierluigi Paganini April 08, 2024
Greylock McKinnon Associates data breach exposed DOJ data of 341650 people

Greylock McKinnon Associates, a service provider for the Department of Justice, suffered a data breach that exposed data of 341650 people. Greylock McKinnon Associates (GMA) provides expert economic analysis and litigation support to a diverse group of domestic and international clients in the legal profession, the business community, and government agencies, including the Department of […]

Pierluigi Paganini April 08, 2024
Crowdfense is offering a larger 30M USD exploit acquisition program

Zero-day broker firm Crowdfense announced a 30 million USD offer as part of its Exploit Acquisition Program. Crowdfense is a world-leading research hub and acquisition platform focused on high-quality zero-day exploits and advanced vulnerability research. In 2019 the company made the headlines for its 10M USD bug bounty program along with its unique “Vulnerability Research […]

Pierluigi Paganini April 08, 2024
U.S. Department of Health warns of attacks against IT help desks

The U.S. Department of Health and Human Services (HHS) warns of attacks against IT help desks across the Healthcare and Public Health (HPH) sector. The U.S. Department of Health and Human Services (HHS) reported that threat actors are carrying out attacks against IT help desks across the Healthcare and Public Health (HPH) sector. The Health […]

Pierluigi Paganini April 07, 2024
Security Affairs newsletter Round 466 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894 Cisco warns of XSS flaw […]

Pierluigi Paganini April 07, 2024
Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

A researcher disclosed an arbitrary command injection and hardcoded backdoor issue in multiple end-of-life D-Link NAS models. A researcher who goes online with the moniker ‘Netsecfish’ disclosed a new arbitrary command injection and hardcoded backdoor flaw, tracked as , tracked as CVE-2024-3273, that impacts multiple end-of-life D-Link Network Attached Storage (NAS) device models. The flaw affects […]

Pierluigi Paganini April 06, 2024
More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894

Experts warn of roughly 16,500 Ivanti Connect Secure and Poly Secure gateways still vulnerable to a remote code execution (RCE) flaw. Shadowserver researchers reported that roughly 16,500 Ivanti Connect Secure and Poly Secure gateways are vulnerable to the recently reported RCE flaw CVE-2024-21894. This week the company released security updates to address four security flaws […]