Wi-Fi Chip Firmware Flaws Enable Over-the-Air Hacking

Wi-Fi Chip Firmware Flaws Enable Over-the-Air Hacking

Editor’s Note: This post was updated Jan. 29 to include a statement from Marvell Wi-Fi chips used in several gaming consoles, Chromebooks, streaming boxes, routers and other types of devices have several ...
Security Boulevard
Windows VCF Zero-Day Exploit Allows Remote Code Execution

Windows VCF Zero-Day Exploit Allows Remote Code Execution

A new unpatched vulnerability in Windows has been disclosed along with proof-of-concept exploit code. It could allow hackers to more easily install malware on computers, but it requires user interaction. The vulnerability ...
Security Boulevard
Microsoft’s Johnson: Data Breach Disclosures

New Windows Zero-day Bug Allows Deleting Arbitrary Files

A security researcher released exploit code for an unpatched bug in Windows that could allow an attacker with limited privileges to delete system files. Exploiting the bug requires winning a race condition ...
Security Boulevard
Fileless Malware Rapid Expansion

Researcher Drops Third Windows Zero-Day Exploit in Four Months

A security researcher who uses the online handle SandboxEscaper has published proof-of-concept exploit code for an unpatched vulnerability in Windows. The flaw is located in the “MsiAdvertiseProduct” function, which, according to Microsoft’s ...
Security Boulevard
Best Practices for Data Security

New Windows Zero-Day Flaw Dropped on Twitter

A new vulnerability affecting Windows 10 has been disclosed on Twitter before being patched and it allows attackers to delete system files or to replace sensitive libraries. The vulnerability is located in ...
Security Boulevard
China Gifts African Union

Hackers Replace MEGA Chrome Extension with Trojanized Version

Users of the Mega.nz file hosting and sharing service were targeted through a supply chain attack in which hackers replaced the company’s official Chrome extension with a malicious version. The attack happened ...
Security Boulevard
Npm Update Crashes Linux Systems

Someone Dropped a Windows Zero-Day Exploit on GitHub

A previously unknown vulnerability that allows attackers to obtain SYSTEM privileges on Windows computers has been publicly disclosed. Someone with the username SandboxEscaper posted a link to a proof-of-concept exploit on Twitter ...
Security Boulevard
Windows Zero-Day Vulnerability Comes With PoC on GitHub

Windows Zero-Day Vulnerability Comes With PoC on GitHub

A new zero-day vulnerability was recently made public following a Tweet from @SandboxEscaper, who claimed to be frustrated with Microsoft and, apparently, their bug submission process. The tweet included a link to ...