Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation

Google has revealed that a security flaw that was patched as part of a security update rolled out last week to its Chrome browser has come under active exploitation in the wild. Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine. "Inappropriate implementation in V8 in Google Chrome prior to

The Hacker News
#vulnerability#web#mac#windows#google#linux#java#zero_day#chrome#The Hacker News
PSA: These ‘Microsoft Support’ ploys may just fool you

We came a cross a clever abuse of Google and Microsoft's services that fooled us for a minute. See if you could have spotted it.

GHSA-6jrj-vc65-c983: unzip-stream allows Arbitrary File Write via artifact extraction

### Impact When using the `Extract()` method of unzip-stream, malicious zip files were able to write to paths they shouldn't be allowed to. ### Patches Fixed in 0.3.2 ### References - https://snyk.io/research/zip-slip-vulnerability - https://github.com/mhr3/unzip-stream/compare/v0.3.1...v0.3.2 ### Credits Justin Taft from Google

Move over malware: Why one teen is more worried about AI (re-air) (Lock and Code S05E18)

This week on the Lock and Code podcast, we speak with Nitya Sharma about why AI is a far bigger concern than malware in staying safe.

Helpdeskz 2.0.2 Cross Site Scripting

Helpdeskz version 2.0.2 suffers from a persistent cross site scripting vulnerability.

Loan Management System 1.0 SQL Injection

Loan Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access

SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), has been described as an improper access control bug. "An improper access control vulnerability has been identified in the SonicWall SonicOS

Jobs Finder System 1.0 Cross Site Scripting

Jobs Finder System version 1.0 suffers from a cross site scripting vulnerability.