Security
Headlines
HeadlinesLatestCVEs

Tag

#google

0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices

Cybersecurity researchers have discovered a new "0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks. The critical vulnerability "exposes a fundamental flaw in how browsers handle network requests, potentially granting malicious actors access to sensitive services running on local devices," Oligo Security researcher Avi Lumelsky

The Hacker News
Open in Source
#vulnerability#web#mac#windows#apple#google#microsoft#linux#rce#auth#chrome#firefox#The Hacker News
New Phishing Scam Uses Google Drawings and WhatsApp Shortened Links

Cybersecurity researchers have discovered a novel phishing campaign that leverages Google Drawings and shortened links generated via WhatsApp to evade detection and trick users into clicking on bogus links designed to steal sensitive information. "The attackers chose a group of the best-known websites in computing to craft the threat, including Google and WhatsApp to host the attack elements,

Monitoring Changes in KEV List Can Guide Security Teams

The number of additions to the Known Exploited Vulnerabilities catalog is growing quickly, but even silent changes to already-documented flaws can help security teams prioritize.

E-Commerce Site Using PHP PDO 1.0 Directory Traversal

E-Commerce Site using PHP PDO version 1.0 suffers from a directory traversal vulnerability.

New Go-based Backdoor GoGra Targets South Asian Media Organization

An unnamed media organization in South Asia was targeted in November 20233 using a previously undocumented Go-based backdoor called GoGra. "GoGra is written in Go and uses the Microsoft Graph API to interact with a command-and-control (C&C) server hosted on Microsoft mail services," Symantec, part of Broadcom, said in a report shared with The Hacker News. It's currently not clear how it's

Chameleon Android Banking Trojan Targets Users Through Fake CRM App

Cybersecurity researchers have lifted the lid on a new technique adopted by threat actors behind the Chameleon Android banking trojan targeting users in Canada by masquerading as a Customer Relationship Management (CRM) app. "Chameleon was seen masquerading as a CRM app, targeting a Canadian restaurant chain operating internationally," Dutch security outfit ThreatFabric said in a technical

Android vulnerability used in targeted attacks patched by Google

Google has issued security updates for 46 vulnerabilities, including a patch for a remote code execution flaw which has been used in limited targeted attacks.

Concert Ticket Reservation System 1.0 SQL Injection

Concert Ticket Reservation System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.