Zero-day Exploit
A Zoom zero-day exploit is up for sale for $500,000
Millions of people have moved onto the Zoom video-conferencing platform as the coronavirus pandemic has forced them to work from their homes. According to Zoom’s own statistics, its daily usage has soared ...
Wi-Fi Chip Firmware Flaws Enable Over-the-Air Hacking
Editor’s Note: This post was updated Jan. 29 to include a statement from Marvell Wi-Fi chips used in several gaming consoles, Chromebooks, streaming boxes, routers and other types of devices have several ...
Windows VCF Zero-Day Exploit Allows Remote Code Execution
A new unpatched vulnerability in Windows has been disclosed along with proof-of-concept exploit code. It could allow hackers to more easily install malware on computers, but it requires user interaction. The vulnerability ...
New Windows Zero-day Bug Allows Deleting Arbitrary Files
A security researcher released exploit code for an unpatched bug in Windows that could allow an attacker with limited privileges to delete system files. Exploiting the bug requires winning a race condition ...
Researcher Drops Third Windows Zero-Day Exploit in Four Months
A security researcher who uses the online handle SandboxEscaper has published proof-of-concept exploit code for an unpatched vulnerability in Windows. The flaw is located in the “MsiAdvertiseProduct” function, which, according to Microsoft’s ...
North Korean APT Group Targets Academia via Malicious Chrome Extensions
Security researchers have uncovered an APT group with possible ties to North Korea that has targeted academic institutions since May. The group, dubbed Stolen Pencil by researchers from Netscout, send spear-phishing emails ...
Zero-Day Exploit Published for VM Escape Flaw in VirtualBox
A security researcher disclosed a yet unpatched zero-day vulnerability in the popular VirtualBox virtualization software that can be exploited from a guest operating system to break out of the virtual machine and ...
Microsoft’s JET Vulnerability Patch Incomplete, Researchers Say
The patch released by Microsoft last week for a zero-day flaw in the JET database engine is incomplete and does not fully address the issue, according to a vulnerability research firm. The ...
Zero-Day RCE Flaw Found in Microsoft JET Database Engine
Trend Micro’s Zero Day Initiative (ZDI) team has publicly disclosed a serious remote code execution vulnerability in the Microsoft JET Database engine which is used by several Microsoft products. ZDI decided to ...
Hackers Replace MEGA Chrome Extension with Trojanized Version
Users of the Mega.nz file hosting and sharing service were targeted through a supply chain attack in which hackers replaced the company’s official Chrome extension with a malicious version. The attack happened ...