Security
Headlines
HeadlinesLatestCVEs

Latest News

CVE-2024-10229: Chromium: CVE -2024-10229 Inappropriate implementation in Extensions

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

Microsoft Security Response Center
Open in Source
#vulnerability#microsoft#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation

Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild. Tracked as CVE-2024-47575 (CVSS score: 9.8), the vulnerability is also known as FortiJump and is rooted in the FortiGate to FortiManager (FGFM) protocol. "A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may

'Prometei' Botnet Spreads Its Cryptojacker Worldwide

The Russian-language malware primarily enlists computers to mine Monero, but theoretically it can do worse.

Hackers Leak 180,000 Esport North Africa User Records a Day Before Tournament Begins

A hacker leaked the personal data of 180,000 Esport North Africa users just before the tournament. While no…

GHSA-qqqw-gm93-qf6m: OS Command Injection in Snyk gradle plugin

The Snyk gradle plugin is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.

GHSA-69f9-h8f9-7vjf: OS Command Injection in Snyk php plugin

The Snyk php plugin is vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.

Lazarus Group Exploits Chrome Zero-Day in Latest Campaign

The North Korean actor is going after cryptocurrency investors worldwide leveraging a genuine-looking game site and AI-generated content and images.

On Monday, October 21, updates for the critical Remote Code Execution – VMware vCenter (CVE-2024-38812) vulnerability were released again

On Monday, October 21, updates for the critical Remote Code Execution – VMware vCenter (CVE-2024-38812) vulnerability were released again. Wait, haven’t fixes for this vulnerability been available since September 17th? They were, but it was not enough. “VMware by Broadcom has determined that the vCenter patches released on September 17, 2024 did not completely address […]

Codasip Donates Tools to Develop Memory-Safe Chips

The software development kit will simplify building and testing of CHERI-enabled RISC-V applications.

Russian Trolls Pose as Reputable Media to Sow US Election Chaos

Operation Overload pushes dressed up Russian state propaganda with the aim of flooding the US with election disinformation.