Tuesday, November 12, 2024

Zero-Day

New Windows Zero-Day Vulnerability Let Attackers Steal Credentials From Victim’s Machine

A security researcher discovered a vulnerability in Windows theme files in the previous year, which allowed malicious actors to steal Windows users' credentials.When a theme file specifies a network...

New AI Tool To Discover 0-Days At Large Scale With A Click Of A Button

Vulnhuntr, a static code analyzer using large language models (LLMs), discovered over a dozen zero-day vulnerabilities in popular open-source AI projects on Github (over...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being actively exploited in cyberattacks.With a CVSS base score of 9.8,...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw, identified as CVE-2024-43047, is a use-after-free vulnerability resulting from memory...

Critical Automative 0-Day Flaws Let Attackers Gain Full Control Over Cars

Recent discoveries in the automotive cybersecurity landscape have unveiled a series of critical zero-day vulnerabilities that could allow attackers to gain full control over...

Multiple 0-Day Flaws in Automated Tank Gauge Systems Threaten Critical Infrastructure

Cybersecurity researchers from BitSight TRACE have uncovered multiple 0-day vulnerabilities in Automated Tank Gauge (ATG) systems, which are integral to managing fuel storage tanks...

Windows MSHTML Zero-Day Vulnerability Exploited In The Wild

Adobe released eight security updates in September 2024, addressing 28 vulnerabilities in various products, as ColdFusion received a critical patch to mitigate a code...

PoC Exploit Released For 0-Day Windows Kernel Privilege Escalation Vulnerability

Microsoft released several patches for multiple vulnerabilities during the Patch Tuesday for August 2024. One of the vulnerabilities listed by Microsoft was the CVE-2024-38106....

Google Patches Actively Exploited Android 0-day Privilege Escalation Vulnerability

Google has released a patch addressing a critical zero-day vulnerability that has been actively exploited.This vulnerability, CVE-2024-32896, is a privilege escalation flaw within the...

North Korean Hackers Actively Exploiting Chromium RCE Zero-Day In The Wild

Microsoft has identified a North Korean threat actor, Citrine Sleet, exploiting a zero-day vulnerability in Chromium (CVE-2024-7971) to gain remote code execution on cryptocurrency...

Operation DevilTiger, APT Hackers 0-Day Exploitation Tactics Exposed

The APT-Q-12 group, also known as Pseudo Hunter, is a Northeast Asian threat actor linked to Darkhotel, which primarily targets East Asian countries, including...