Year: 2024

A team of researchers from the Graz University of Technology in Austria has published a paper on SLUBStick, a new Linux kernel exploitation technique that can make heap vulnerabilities more dangerous. The researchers noted that while the number of Linux kernel flaws has significantly increased in the past years, many issues have limited impact. Software […]

Organizations worldwide are reporting major outages that appear to be caused by a bad update pushed out by cybersecurity giant CrowdStrike (NASDAQ: CRWD). CrowdStrike launched an investigation after receiving widespread reports of Windows hosts experiencing a Blue Screen of Death (BSOD). In the latest update provided at the time of writing the company said it’s in […]

Google on Tuesday announced security updates for Chrome 126 that address ten vulnerabilities, including eight high-severity bugs reported by external researchers. Despite Google’s efforts to eliminate memory safety bugs in Chrome, most of the externally reported security defects are memory issues that could potentially lead to a sandbox escape and remote code execution. The new […]

More than 310 gigabytes of data from spyware maker mSpy, including 2.4 million unique emails, was leaked online in June, and obtained by data breach notification site Have I Been Pwned. The data, reportedly leaked online by hacktivists, includes 142 Gb of user data such as email addresses, IP addresses, and names, obtained from support tickets filed […]

The New York Times reported on July 4, 2024, that OpenAI suffered an undisclosed breach in early 2023. The NYT notes that the attacker did not access the systems housing and building the AI, but did steal discussions from an employee forum. OpenAI did not publicly disclose the incident nor inform the FBI because, it claims, no […]

Shockwaves from the Russian government’s hack of Microsoft’s corporate infrastructure continue to spread with news that the software giant is notifying surprised customers that their emails were also stolen by the Midnight Blizzard hackers. The mega-breach, which led to a US government investigation and a massive overhaul of Microsoft’s security practices, was previously known to expose Microsoft source code […]

The US subsidiary of Spain-based bank Santander is notifying more than 12,000 employees that their personal information was compromised in a third-party data breach. The incident was identified on May 10, and involved a third-party database used by an affiliate between late April and early May 2024, the bank said in a notification letter to […]

A suspected Pakistan-based threat actor has been linked to a cyber espionage campaign targeting Indian government entities in 2024. Cybersecurity company Volexity is tracking the activity under the moniker UTA0137, noting the adversary’s exclusive use of a malware called DISGOMOJI that’s written in Golang and is designed to infect Linux systems. “It is a modified […]