Security Archives - Page 69 of 519

Pierluigi Paganini June 13, 2024

Google fixed an actively exploited zero-day in the Pixel Firmware

Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively exploited in the wild as a zero-day. Google warned of an elevation of privilege vulnerability, tracked as CVE-2024-32896, in the Pixel Firmware, which has been exploited in the wild as a zero-day. “There are indications that CVE-2024-32896 may be under limited, […]

Pierluigi Paganini June 13, 2024

Multiple flaws in Fortinet FortiOS fixed

Fortinet released security updates to address multiple vulnerabilities in FortiOS, including a high-severity code execution security issue. Fortinet addressed multiple vulnerabilities in FortiOS and other products, including some code execution flaws. The company states that multiple stack-based buffer overflow vulnerabilities in the command line interpreter of FortiOS [CWE-121], collectively tracked as CVE-2024-23110 (CVSS score of […]

Pierluigi Paganini June 12, 2024

CISA adds Arm Mali GPU Kernel Driver, PHP bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Mali GPU Kernel Driver, PHP bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The vulnerability CVE-2024-4610 is a use-after-free issue issue that impacts Bifrost GPU Kernel Driver (all versions from r34p0 to r40p0) and Valhall […]

Pierluigi Paganini June 12, 2024

JetBrains fixed IntelliJ IDE flaw exposing GitHub access tokens

JetBrains warned to fix a critical vulnerability in IntelliJ integrated development environment (IDE) apps that exposes GitHub access tokens. JetBrains warned customers to address a critical vulnerability, tracked as CVE-2024-37051, that impacts users of its IntelliJ integrated development environment (IDE) apps and exposes GitHub access tokens. The flaw impacts IntelliJ-based IDEs version 2023.1 and later, […]

Pierluigi Paganini June 12, 2024

Microsoft Patch Tuesday security updates for June 2024 fixed only one critical issue

Microsoft Patch Tuesday security updates for June 2024 addressed 49 vulnerabilities, only one of them is a publicly disclosed zero-day flaw. Microsoft Patch Tuesday security updates for June 2024 addressed 49 vulnerabilities in Windows and Windows Components; Office and Office Components; Azure; Dynamics Business Central; and Visual Studio. Eight of these bugs were reported through […]

Pierluigi Paganini June 11, 2024

Arm zero-day in Mali GPU Drivers actively exploited in the wild

Semiconductor and software design company Arm warns of an actively exploited zero-day vulnerability in Mali GPU Kernel Driver. Arm is warning of an actively exploited zero-day vulnerability, tracked as CVE-2024-4610, in Mali GPU Kernel Driver. The vulnerability is a use-after-free issue issue that impacts Bifrost GPU Kernel Driver (all versions from r34p0 to r40p0) and Valhall GPU Kernel […]

Pierluigi Paganini June 10, 2024

Japanese video-sharing platform Niconico was victim of a cyber attack

The Japanese video-sharing platform, Niconico, was forced to suspend its services following a cybersecurity incident. The Japanese video-sharing platform, Niconico, temporarily suspended its services following a large-scale cyberattack on June 8, 2024. “Due to the effects of a large-scale cyber attack, Niconico has been unavailable since early morning on June 8th” reads the incident notice […]

Pierluigi Paganini June 09, 2024

PHP addressed critical RCE flaw potentially impacting millions of servers

A new PHP for Windows remote code execution (RCE) flaw affects version 5.x and earlier versions, potentially impacting millions of servers worldwide. Researchers at cybersecurity firm DEVCORE discovered a critical remote code execution (RCE) vulnerability, tracked as CVE-2024-4577, in the PHP programming language. An unauthenticated attacker can exploit the flaw to take full control of affected servers. PHP is […]

Pierluigi Paganini June 09, 2024

Security Affairs newsletter Round 475 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. New York Times source code compromised via exposed GitHub token SolarWinds fixed multiple flaws in Serv-U […]

Pierluigi Paganini June 08, 2024

New York Times source code compromised via exposed GitHub token

The source code and data of The New York Times leaked on the 4chan was stolen from the company’s GitHub repositories in January 2024. This week, VX-Underground first noticed that the internal data of The New York Times was leaked on 4chan by an anonymous user. The mysterious user leaked 270GB of data and claimed […]

Security

Google fixed an actively exploited zero-day in the Pixel Firmware

Multiple flaws in Fortinet FortiOS fixed

CISA adds Arm Mali GPU Kernel Driver, PHP bugs to its Known Exploited Vulnerabilities catalog

JetBrains fixed IntelliJ IDE flaw exposing GitHub access tokens

Microsoft Patch Tuesday security updates for June 2024 fixed only one critical issue

Arm zero-day in Mali GPU Drivers actively exploited in the wild

Japanese video-sharing platform Niconico was victim of a cyber attack

PHP addressed critical RCE flaw potentially impacting millions of servers

Security Affairs newsletter Round 475 by Pierluigi Paganini – INTERNATIONAL EDITION

New York Times source code compromised via exposed GitHub token

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

Koske, a new AI-Generated Linux malware appears in the threat landscape

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

Coyote malware is first-ever malware abusing Windows UI Automation

QUICK LINKS

Security

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!