Hot Topics

Exploits

Moving Beyond CVSS Scores for Vulnerability Prioritization

| | CVSS scores, Cybersecurity, Exploits, Malware & Exploits, vulnerability
Since 2016, new vulnerabilities reported each year have nearly tripled. With the increasing number of discovered vulnerabilities, organizations need to prioritize which of them need immediate attention. However, the task of prioritizing ...
TuxCare

The Dangerous Numbers Behind Supply Chain Attacks

| | Exploits, Java, SecureChain for Java, Supply Chain Attacks, Vulnerabilities
Supply chain attacks have witnessed a staggering surge in recent years, morphing into a formidable threat in the cyber landscape. When businesses are increasingly reliant on third-party software and open-source components, supply ...
TuxCare

Security flaws in an SSO plugin for Caddy

| | attacks, audits, Dynamic Analysis, Exploits, Go, Mitigations, Program Analysis, Semgrep, Static Analysis
By Maciej Domanski, Travis Peters, and David Pokora We identified 10 security vulnerabilities within the caddy-security plugin for the Caddy web server that could enable a variety of high-severity attacks in web ...
Trail of Bits Blog
Zero Day Summer is No Vacation

Zero Day Summer is No Vacation

| | Blog, Exploits, generative AI, Malware, Ransomware, ransomware attack, Zero Day Attacks, zero-day, zero-day attack, zero-day attack identification, Zero-day threats
"Zero-day Summer" refers to the period during summertime when cybercriminals take advantage of the vulnerabilities in software, applications, and computer systems that remain undetected and unpatched by security teams ...
MixMode
Detecting the MOVEit Zero-Day: How MixMode AI Stays Ahead of Threats

Detecting the MOVEit Zero-Day: How MixMode AI Stays Ahead of Threats

| | Exploits, MOVEit, video, Zero Day Attacks, zero-day, zero-day attack, zero-day attack identification, Zero-day threats
We discuss a real-life example of a zero-day exploit, focusing on the MOVEit Transfer Software, and how MixMode can detect and mitigate such threats before they become widespread ...
MixMode

Operation Triangulation: Zero-Click iPhone Malware

| | Exploits, forensics, ios, iPhone, Malware, Uncategorized
Kaspersky is reporting a zero-click iOS exploit in the wild: Mobile device backups contain a partial copy of the filesystem, including some of the user data and service databases. The timestamps of ...
Schneier on Security
Practical Exploitation of Math.random on V8

Escaping misconfigured VSCode extensions

| | Exploits
By Vasco Franco TL;DR: This two-part blog series will cover how I found and disclosed three vulnerabilities in VSCode extensions and one vulnerability in VSCode itself (a security mitigation bypass assigned CVE-2022-41042 ...
Trail of Bits Blog

Readline crime: exploiting a SUID logic bug

| | attacks, Exploits, Linux
By roddux // Rory M I discovered a logic bug in the readline dependency partially reveals file information when parsing the file specified in the INPUTRC environment variable. This could allow attackers ...
Trail of Bits Blog
Heliconia DoJ hackers third party security

Spyware Vendor’s Heliconia Framework Exploits Browser Vulnerabilities

| | Browser Vulnerabilities, Chrome, Exploits, Firefox, Heliconia, Malware, spyware
A company in Barcelona that purports to offer custom security solutions is tied to exploitation frameworks that can deploy spyware. Variston IT’s “Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox and Microsoft ...
Security Boulevard

Zoom Exploit on MacOS

| | Apple, Exploits, Privilege Escalation, Uncategorized, Vulnerabilities
This vulnerability was reported to Zoom last December: The exploit works by targeting the installer for the Zoom application, which needs to run with special user permissions in order to install or ...
Schneier on Security
Load more

Secure Guardrails