Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2024-6291: CVE-2024-6291

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.81 6/27/2024 126.0.6478.127

Microsoft Security Response Center
#microsoft#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2024-6290: CVE-2024-6290

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.81 6/27/2024 126.0.6478.127

Debian Security Advisory 5720-1

Debian Linux Security Advisory 5720-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

'Snowblind' Tampering Technique May Drive Android Users Adrift

As cybersecurity's cat-and-mouse game starts to look more like Tom and Jerry, attackers develop a method for undermining Android app security with no obvious fix.

New Medusa Android Trojan Targets Banking Users Across 7 Countries

Cybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to target users in Canada, France, Italy, Spain, Turkey, the U.K., and the U.S. The new fraud campaigns, observed in May 2024 and active since July 2023, manifested through five different botnets operated by various affiliates, cybersecurity firm Cleafy said in an analysis

Student Attendance Management System 1.0 SQL Injection

Student Attendance Management System version 1.0 suffers from a remote SQL Injection vulnerability that allows for authentication bypass.

GHSA-7gjr-hcc3-xfr4: Improper line feed handling in zenml

A denial of service (DoS) vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed (`\n`) characters in component names. When a low-privileged user adds a component through the API endpoint `api/v1/workspaces/default/components` with a name containing a `\n` character, it leads to uncontrolled resource consumption. This vulnerability results in the inability of users to add new components in certain categories (e.g., 'Image Builder') and to register new stacks through the UI, thereby degrading the user experience and potentially rendering the ZenML Dashboard unusable. The issue does not affect component addition through the Web UI, as `\n` characters are properly escaped in that context. The vulnerability was tested on ZenML running in Docker, and it was observed in both Firefox and Chrome browsers.

Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign

A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across Asia and EMEA (Europe, Middle East, and Africa) with SugarGh0st malware since at least August 2023. "SneakyChef uses lures that are scanned documents of government agencies, most of which are related to various countries' Ministries