Zimperium 4

All eyes on mobile

Of all the data points contained in Zimperium’s recently released 2022 Global Mobile Threat Report, perhaps the most shocking is the spike in known cases of zero-day exploits being used in attacks ...
web application security banner

The Truth About Zero-day Vulnerabilities in Web Application Security

Zero-Day Vulnerabilities are highly valued in legitimate bug bounty programs and have earned bounties of up to USD 2 million. Since no patches or fixes exist, 0-day attacks/exploits are highly. The post ...

A Zoom zero-day exploit is up for sale for $500,000

Millions of people have moved onto the Zoom video-conferencing platform as the coronavirus pandemic has forced them to work from their homes. According to Zoom’s own statistics, its daily usage has soared ...
hackers

Wi-Fi Chip Firmware Flaws Enable Over-the-Air Hacking

Editor’s Note: This post was updated Jan. 29 to include a statement from Marvell Wi-Fi chips used in several gaming consoles, Chromebooks, streaming boxes, routers and other types of devices have several ...
Security Boulevard
Windows VCF Zero-Day Exploit Allows Remote Code Execution

Windows VCF Zero-Day Exploit Allows Remote Code Execution

A new unpatched vulnerability in Windows has been disclosed along with proof-of-concept exploit code. It could allow hackers to more easily install malware on computers, but it requires user interaction. The vulnerability ...
Security Boulevard
encryption

New Windows Zero-day Bug Allows Deleting Arbitrary Files

A security researcher released exploit code for an unpatched bug in Windows that could allow an attacker with limited privileges to delete system files. Exploiting the bug requires winning a race condition ...
Security Boulevard
GitHub storage data fileless malware Object

Researcher Drops Third Windows Zero-Day Exploit in Four Months

A security researcher who uses the online handle SandboxEscaper has published proof-of-concept exploit code for an unpatched vulnerability in Windows. The flaw is located in the “MsiAdvertiseProduct” function, which, according to Microsoft’s ...
Security Boulevard
North Korean APT Group Targets Academia via Malicious Chrome Extensions

North Korean APT Group Targets Academia via Malicious Chrome Extensions

Security researchers have uncovered an APT group with possible ties to North Korea that has targeted academic institutions since May. The group, dubbed Stolen Pencil by researchers from Netscout, send spear-phishing emails ...
Security Boulevard
Log4Shell Log4j U.S. cyber games fileless malware

Zero-Day Exploit Published for VM Escape Flaw in VirtualBox

A security researcher disclosed a yet unpatched zero-day vulnerability in the popular VirtualBox virtualization software that can be exploited from a guest operating system to break out of the virtual machine and ...
Security Boulevard
cyber attacks

Microsoft’s JET Vulnerability Patch Incomplete, Researchers Say

The patch released by Microsoft last week for a zero-day flaw in the JET database engine is incomplete and does not fully address the issue, according to a vulnerability research firm. The ...
Security Boulevard