Security
Headlines
HeadlinesLatestCVEs

Latest News

Ghidra data type archive for Windows driver functions

Cisco Talos is releasing a GDT file on GitHub that contains various definitions for functions and data types.

TALOS
#windows#microsoft#cisco#git
Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms

Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. "At first glance, the thing that stood out was the script's obfuscation, which seemed a bit bizarre because of all the accented characters," Jscrambler researchers said in an analysis. "The heavy use of Unicode characters, many

CVE-2024-9603: Chromium: CVE-2024-9603 Type Confusion in V8

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 129.0.2792.89 10/10/2024 129.0.6668.100/.101

CVE-2024-9602: Chromium: CVE-2024-9602 Type Confusion in V8

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 129.0.2792.89 10/10/2024 129.0.6668.100/.101

CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), relates to cases of remote code execution that affects FortiOS, FortiPAM, FortiProxy, and FortiWeb. "A

Firefox Zero-Day Under Attack: Update Your Browser Immediately

Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline component. "An attacker was able to achieve code execution in the content process by exploiting a use-after-free in

GHSA-434g-2637-qmqr: Elliptic's verify function omits validation

The Elliptic package 6.5.5 for Node.js for EDDSA implementation does not perform the required check if the signature proof(s) is within the bounds of the order n of the base point of the elliptic curve, leading to signature malleability. Namely, the `verify` function in `lib/elliptic/eddsa/index.js` omits `sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()` validation. This vulnerability could have a security-relevant impact if an application relies on the uniqueness of a signature.

Internet Archive Breach Exposes 31 Million Users

The hack exposed the data of 31 million users as the embattled Wayback Machine maker scrambles to stay online and contain the fallout of digital—and legal—attacks.

AI-Powered Cybercrime Cartels on the Rise in Asia

All across the Asia-Pacific region, large and diverse marketplaces for AI cybercrime tools have developed, with deepfakes proving most popular.

Google Launches Data-Sharing Initiative to Fight Fraud

Global Signal Exchange will act as a global clearing house for online scams and fraud signals.