Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Military-themed Email Scam Spreads Malware to Infect Pakistani Users

Cybersecurity researchers have shed light on a new phishing campaign that has been identified as targeting people in Pakistan using a custom backdoor. Dubbed PHANTOM#SPIKE by Securonix, the unknown threat actors behind the activity have leveraged military-related phishing documents to activate the infection sequence. "While there are many methods used today to deploy malware, the threat actors

The Hacker News
Open in Source
#mac#microsoft#git#backdoor#The Hacker News
Microsoft PlayReady Data Leak

On June 11, 2024, a Microsoft Engineer posted information about a crash that inadvertently leaked internal data related to PlayReady and Warbird libraries.

Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia

The new remote access trojan (RAT) dubbed SpiceRAT was used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia.

Oyster Backdoor Spreading via Trojanized Popular Software Downloads

A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to drop a backdoor called Oyster (aka Broomstick and CleanUpLoader). That's according to findings from Rapid7, which identified lookalike websites hosting the malicious payloads that users are redirected to after searching for them on search engines like Google and Bing. The

CVE-2024-6103: Chromium: CVE-2024-6103: Use after free in Dawn

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.68 6/20/2024 126.0.6478.114/115

CVE-2024-6102: Chromium: CVE-2024-6102: Out of bounds memory access in Dawn

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.68 6/20/2024 126.0.6478.114/115

CVE-2024-6101: Chromium: CVE-2024-6101: Inappropriate implementation in WebAssembly

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.68 6/20/2024 126.0.6478.114/115

CVE-2024-6100: Chromium: CVE-2024-6100 Type Confusion in V8

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.68 6/20/2024 126.0.6478.114/115

GHSA-rvj4-q8q5-8grf: ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability

### Impact There is a vulnerability in [Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability](https://nvd.nist.gov/vuln/detail/CVE-2024-35255). ### References - [CVE-2024-35255](https://nvd.nist.gov/vuln/detail/CVE-2024-35255) ### Patches - https://github.com/traefik/traefik/releases/tag/v2.11.5 - https://github.com/traefik/traefik/releases/tag/v3.0.3 ### Workarounds No workaround. ### For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).