Year: 2024

Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. “Type confusion in V8 in Google Chrome prior to […]

The U.S. Federal Bureau of Investigation (FBI) on Monday announced the disruption of online infrastructure associated with a nascent ransomware group called Radar/Dispossessor. The effort saw the dismantling of three U.S. servers, three United Kingdom servers, 18 German servers, eight U.S.-based criminal domains, and one German-based criminal domain. Dispossessor is said to be led by […]

LAS VEGAS —  SafeBreach Labs researcher Alon Leviev is calling urgent attention to major gaps in Microsoft’s Windows Update architecture, warning that malicious hackers can launch software downgrade attacks that make the term “fully patched” meaningless on any Windows machine in the world.  During a closely watched presentation at the Black Hat conference today in […]

A team of researchers from the Graz University of Technology in Austria has published a paper on SLUBStick, a new Linux kernel exploitation technique that can make heap vulnerabilities more dangerous. The researchers noted that while the number of Linux kernel flaws has significantly increased in the past years, many issues have limited impact. Software […]

Organizations worldwide are reporting major outages that appear to be caused by a bad update pushed out by cybersecurity giant CrowdStrike (NASDAQ: CRWD). CrowdStrike launched an investigation after receiving widespread reports of Windows hosts experiencing a Blue Screen of Death (BSOD). In the latest update provided at the time of writing the company said it’s in […]

Google on Tuesday announced security updates for Chrome 126 that address ten vulnerabilities, including eight high-severity bugs reported by external researchers. Despite Google’s efforts to eliminate memory safety bugs in Chrome, most of the externally reported security defects are memory issues that could potentially lead to a sandbox escape and remote code execution. The new […]

More than 310 gigabytes of data from spyware maker mSpy, including 2.4 million unique emails, was leaked online in June, and obtained by data breach notification site Have I Been Pwned. The data, reportedly leaked online by hacktivists, includes 142 Gb of user data such as email addresses, IP addresses, and names, obtained from support tickets filed […]

The New York Times reported on July 4, 2024, that OpenAI suffered an undisclosed breach in early 2023. The NYT notes that the attacker did not access the systems housing and building the AI, but did steal discussions from an employee forum. OpenAI did not publicly disclose the incident nor inform the FBI because, it claims, no […]