Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild. The vulnerability, rated high in severity, is being tracked under the Chromium issue tracker ID “466192044.” Unlike other disclosures, Google has opted to keep information about the CVE […]
Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, marking the eighth such security flaw patched since the start of the year. […] Read More
New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to achieve remote code execution. WatchTowr Labs, which has codenamed the “invalid cast vulnerability” SOAPwn, said the issue impacts Barracuda Service Center RMM, Ivanti Endpoint Manager (EPM), and Umbraco 8. But the number of affected vendors is likely […]
More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys. […] Read More
So far the attacks, which compromise virtual network computing (VNC) connections in OT systems, have not been particularly destructive, but this could change as they evolve. Read More
A new Android malware called DroidLock has emerged with capabilities to lock screens for ransom payments, erase data, access text messages, call logs, contacts, and audio data. […] Read More
Microsoft is working on a new Teams security feature that will analyze suspicious traffic with external domains to help IT administrators tackle potential security threats. […] Read More
U.S. prosecutors have charged a Ukrainian national for her role in cyberattacks targeting critical infrastructure worldwide, including U.S. water systems, election systems, and nuclear facilities, on behalf of Russian state-backed hacktivist groups. […] Read More
Last year, Kubernetes fixed a command injection vulnerability in the Kubernetes NodeLogQuery feature (%%cve:2024-9042%%) [1]. To exploit the vulnerability, several conditions had to be met: The vulnerable node had to run Windows The attacker had to have permissions to read logs The NogeLogQuery feature had to be enabled (at least at the time, it was […]
Last year, Kubernetes fixed a command injection vulnerability in the Kubernetes NodeLogQuery feature (%%cve:2024-9042%%) [1]. To exploit the vulnerability, several conditions had to be met: The vulnerable node had to run Windows The attacker had to have permissions to read logs The NogeLogQuery feature had to be enabled (at least at the time, it was […]