Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

Google Patches Chrome’s Fifth Zero-Day of the Year

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

Threatpost
Open in Source
#vulnerability#web#android#google#microsoft#linux#java#perl#buffer_overflow#zero_day#chrome
Urgent update for macOS and iOS! Two actively exploited zero-days fixed

Categories: Exploits and vulnerabilities Categories: News Tags: macOS Tags: iOS Tags: CVE-2022-32894 Tags: CVE-2022-32893 Tags: kernel privileges Tags: WebKit Tags: actively exploited Tags: watering hole Tags: exploit kit Apple has released emergency security updates to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs. (Read more...) The post Urgent update for macOS and iOS! Two actively exploited zero-days fixed appeared first on Malwarebytes Labs.

Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities

Apple on Wednesday released security updates for iOS, iPadOS, and macOS platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices. The list of issues is below - CVE-2022-32893 - An out-of-bounds issue in WebKit which could lead to the execution of arbitrary code by processing a specially crafted web content CVE-2022-32894 - An

Google Chrome Zero-Day Found Exploited in the Wild

The high-severity security vulnerability (CVE-2022-2856) is due to improper user-input validation.

ThreatX Raises $30 Million in Series B Funding to Accelerate Growth in Global API Protection Market

Funds will support product development and market expansion for ThreatX, which delivers real-time protection for APIs and Web apps against complex botnets, DDoS, and multimode attacks.

7 Smart Ways to Secure Your E-Commerce Site

Especially if your e-commerce and CMS platforms are integrated, you risk multiple potential sources of intrusion, and the integration points themselves may be vulnerable to attack.

New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild

Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild. Tracked as CVE-2022-2856, the issue has been described as a case of insufficient validation of untrusted input in Intents. Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on

Update Chrome now! Google issues patch for zero day spotted in the wild

Categories: Exploits and vulnerabilities Categories: News Tags: 104.0.5112.101 Tags: Google Tags: Chrome Tags: CVE-2022-2852 Tags: CVE-2022-2856 Tags: CVE-2022-2854 Tags: CVE-2022-2853 Tags: UAF Tags: heap buffer overflow Google issued an update that includes 11 security fixes. One of the vulnerabilities is labeled as “Critical” and one of the vulnerabilities that is labeled as “High” exists in the wild. (Read more...) The post Update Chrome now! Google issues patch for zero day spotted in the wild appeared first on Malwarebytes Labs.

Most Q2 Attacks Targeted Old Microsoft Vulnerabilities

The most heavily targeted flaw last quarter was a remote code execution vulnerability in Microsoft Office that was disclosed and patched four years ago.

Patch Madness: Vendor Bug Advisories Are Broken, So Broken

Duston Childs and Brian Gorenc of ZDI take the opportunity at Black Hat USA to break down the many vulnerability disclosure issues making patch prioritization a nightmare scenario for many orgs.