Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn't include the 25 additional flaws that the tech giant addressed in its Chromium-based

The Hacker News
Open in Source
#vulnerability#web#android#windows#apple#google#microsoft#amazon#ubuntu#linux#debian#cisco#red_hat#apache#git#oracle#intel#rce#perl#vmware#aws#lenovo#samsung#auth#ibm#dell#zero_day#mongo#chrome#firefox#sap#The Hacker News
Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines

Users searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads. "These attacks capitalize on the popularity of Lua gaming engine supplements within the student gamer community," Morphisec researcher Shmuel Uzan said in a new report published today, adding "this malware

What Google's U-Turn on Third-Party Cookies Means for Chrome Privacy

Earlier this year, Google ditched its plans to abolish support for third-party cookies in its Chrome browser. While privacy advocates called foul, the implications for users is not so clear cut.

Exposing the Facebook funeral livestream scam (Lock and Code S05E21)

This week on the Lock and Code podcast, we speak with Zach Hinkle and Pieter Arntz about the Facebook funeral livestream scam.

PHP-Nuke Top Module SQL Injection

The Top module for PHP-Nuke versions 6.x and below 7.6 suffers from a remote SQL injection vulnerability.

Storm-1575 Threat Actor Deploys New Login Panels for Phishing Infrastructure

The Storm-1575 group is known for frequently rebranding its phishing infrastructure. Recently, ANY.RUN analysts identified the deployment of…

GoldenJackal Target Embassies and Air-Gapped Systems Using Malware Toolsets

A little-known threat actor tracked as GoldenJackal has been linked to a series of cyber attacks targeting embassies and governmental organizations with an aim to infiltrate air-gapped systems using two disparate bespoke toolsets. Victims included a South Asian embassy in Belarus and a European Union government (E.U.) organization, Slovak cybersecurity company ESET said. "The ultimate goal of

Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits

Qualcomm has rolled out security updates to address nearly two dozen flaws spanning proprietary and open-source components, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-43047 (CVSS score: 7.8), has been described as a user-after-free bug in the Digital Signal Processor (DSP) Service that could lead to "memory corruption

Okta Fixes Critical Vulnerability Allowing Sign-On Policy Bypass

Okta fixed a vulnerability in its Classic product that allowed attackers to bypass sign-on policies. Exploitation required valid…

Large scale Google Ads campaign targets utility software

Malicious Google sponsored results disguised as software downloads lead to malware.