#exploits

[ follow ]
#vulnerabilities
Theregister
1 month ago
Information security

Three-year-old Apache Flink flaw now under active attack

Apache Flink CVE-2020-17519 allows unauthorized reading of local files, exploited in the wild, prompting urgent patches and checks for compromises. [ more ]
ITPro
2 months ago
Data science

AI's use as a hacking tool has been overhyped

The study found that GPT-4 was the only model able to write viable exploits for a range of vulnerabilities. [ more ]
Theregister
2 months ago
Information security

Microsoft security bypass bug said to be under exploit

Microsoft fixed 149 security flaws on Patch Tuesday.
A vulnerability, CVE-2024-26234, was actively exploited with a backdoor in Windows. [ more ]
Theregister
3 months ago
Information security

Windows admin-to-kernel exploit went unpatched for 6 months

Researchers notified Microsoft of a rootkit vulnerability in Windows, but the patch took six months to be released.
A serious admin-to-kernel exploit in a driver associated with AppLocker was reported, allowing an attacker to control the kernel function. [ more ]
Theregister
4 months ago
Information security

Microsoft squashes security bugs under active exploitation

Microsoft fixed 73 security holes in February's Patch Tuesday, including two vulnerabilities that are actively being exploited.
One of the vulnerabilities allows for a bypass of security checks when a user clicks on a maliciously crafted shortcut file, while the other vulnerability allows for a bypass of Windows SmartScreen checks. [ more ]
Theregister
7 months ago
Information security

Microsoft fixes security holes including 3 already exploited

Microsoft's November Patch Tuesday includes fixes for about 60 vulnerabilities, including three that have already been exploited in the wild.
The vulnerabilities include a Windows Desktop Manager elevation-of-privilege vulnerability, a privilege-escalation vulnerability in Windows Cloud Files Mini Filter Driver, and a vulnerability that allows bypassing Windows Defender SmartScreen.
These vulnerabilities are likely being exploited in conjunction with code execution bugs and users are advised to update quickly. [ more ]
Theregister
1 month ago
Information security

Three-year-old Apache Flink flaw now under active attack

Apache Flink CVE-2020-17519 allows unauthorized reading of local files, exploited in the wild, prompting urgent patches and checks for compromises. [ more ]
ITPro
2 months ago
Data science

AI's use as a hacking tool has been overhyped

The study found that GPT-4 was the only model able to write viable exploits for a range of vulnerabilities. [ more ]
Theregister
2 months ago
Information security

Microsoft security bypass bug said to be under exploit

Microsoft fixed 149 security flaws on Patch Tuesday.
A vulnerability, CVE-2024-26234, was actively exploited with a backdoor in Windows. [ more ]
Theregister
3 months ago
Information security

Windows admin-to-kernel exploit went unpatched for 6 months

Researchers notified Microsoft of a rootkit vulnerability in Windows, but the patch took six months to be released.
A serious admin-to-kernel exploit in a driver associated with AppLocker was reported, allowing an attacker to control the kernel function. [ more ]
Theregister
4 months ago
Information security

Microsoft squashes security bugs under active exploitation

Microsoft fixed 73 security holes in February's Patch Tuesday, including two vulnerabilities that are actively being exploited.
One of the vulnerabilities allows for a bypass of security checks when a user clicks on a maliciously crafted shortcut file, while the other vulnerability allows for a bypass of Windows SmartScreen checks. [ more ]
Theregister
7 months ago
Information security

Microsoft fixes security holes including 3 already exploited

Microsoft's November Patch Tuesday includes fixes for about 60 vulnerabilities, including three that have already been exploited in the wild.
The vulnerabilities include a Windows Desktop Manager elevation-of-privilege vulnerability, a privilege-escalation vulnerability in Windows Cloud Files Mini Filter Driver, and a vulnerability that allows bypassing Windows Defender SmartScreen.
These vulnerabilities are likely being exploited in conjunction with code execution bugs and users are advised to update quickly. [ more ]
morevulnerabilities
Theregister
1 month ago
Information security

Microsoft fixes exploited bugs, one used in QakBot attacks

Microsoft disclosed and patched 60 Windows CVEs, including two widely exploited ones: CVE-2024-30051 and CVE-2024-30040 with significant CVSS ratings. [ more ]
Ars Technica
1 month ago
Information security

Google patches its fifth zero-day vulnerability of the year in Chrome

Google has patched a high-severity zero-day vulnerability in Chrome, marking the fifth update this year to protect against malicious exploits. [ more ]
Theregister
1 month ago
Information security

CISA expects devs to squash old directory traversal bugs

CISA urges software industry to address directory traversal vulnerabilities. [ more ]
Theregister
3 months ago
Information security

Rapid7 flames JetBrains over vulnerability disclosure

Rapid7 criticizes JetBrains for silent patching
Importance of transparency in vulnerability disclosure [ more ]
Theregister
4 months ago
Information security

Exploiting critical ConnectWise bug is 'embarrassingly easy'

ConnectWise ScreenConnect vulnerability requires urgent patch due to its severity rating, including RCE and path traversal flaws.
Researchers quickly developed working exploits, emphasizing the ease and severity of the vulnerabilities. [ more ]
GameSpot
4 months ago
Video games

Suicide Squad: Kill The Justice League Update Extinguishes Infinite Burning Damage Exploit

Bug fixes address exploitable holes in Suicide Squad: Kill the Justice League game, including a bug with Burning damage that allowed for exponentially stacked elemental effect.
Rocksteady plans to introduce a new leaderboard and anticipates that players will discover other game-breaking builds in the future. [ more ]
[ Load more ]