#exploits tag - Briefly

Russian government hackers found using exploits made by spyware companies NSO and Intellexa | TechCrunch

Russian hackers are using exploits linked to spyware firms, indicating threats from powerful cyber tools can trickle down to dangerous actors.

Commercial spyware vendor exploits used by Kremlin-backed hackers, Google says

Commercial surveillance vendors' exploits pose a global risk as they can be exploited by malicious actors despite initial claims of lawful use.

Russian government hackers found using exploits made by spyware companies NSO and Intellexa | TechCrunch

Russian hackers are using exploits linked to spyware firms, indicating threats from powerful cyber tools can trickle down to dangerous actors.

Commercial spyware vendor exploits used by Kremlin-backed hackers, Google says

Commercial surveillance vendors' exploits pose a global risk as they can be exploited by malicious actors despite initial claims of lawful use.

morespyware

#cybersecurity

Back to the future: Windows Update is now a trojan horse for hackers

A vulnerability in Windows Update can make fully patched machines vulnerable to past exploits.

Cloudflare reports almost 7% of internet traffic is malicious

6.8% of internet traffic is malicious, driven by wars, elections, and new vulnerabilities.

Speed at which new vulnerabilities are exploited is alarming, attackers targeting old vulnerabilities first.

DDoS attacks are cybercriminals' preferred weapon, with increasing sophistication and volume.

Windows admin-to-kernel exploit went unpatched for 6 months

Researchers notified Microsoft of a rootkit vulnerability in Windows, but the patch took six months to be released.

A serious admin-to-kernel exploit in a driver associated with AppLocker was reported, allowing an attacker to control the kernel function.

Three-year-old Apache Flink flaw now under active attack

Apache Flink CVE-2020-17519 allows unauthorized reading of local files, exploited in the wild, prompting urgent patches and checks for compromises.

Back to the future: Windows Update is now a trojan horse for hackers

A vulnerability in Windows Update can make fully patched machines vulnerable to past exploits.

Cloudflare reports almost 7% of internet traffic is malicious

6.8% of internet traffic is malicious, driven by wars, elections, and new vulnerabilities.

Speed at which new vulnerabilities are exploited is alarming, attackers targeting old vulnerabilities first.

DDoS attacks are cybercriminals' preferred weapon, with increasing sophistication and volume.

Windows admin-to-kernel exploit went unpatched for 6 months

Researchers notified Microsoft of a rootkit vulnerability in Windows, but the patch took six months to be released.

A serious admin-to-kernel exploit in a driver associated with AppLocker was reported, allowing an attacker to control the kernel function.

Three-year-old Apache Flink flaw now under active attack

Apache Flink CVE-2020-17519 allows unauthorized reading of local files, exploited in the wild, prompting urgent patches and checks for compromises.

morecybersecurity

#microsoft

Microsoft squashes security bugs under active exploitation

Microsoft fixed 73 security holes in February's Patch Tuesday, including two vulnerabilities that are actively being exploited.

One of the vulnerabilities allows for a bypass of security checks when a user clicks on a maliciously crafted shortcut file, while the other vulnerability allows for a bypass of Windows SmartScreen checks.

Microsoft fixes exploited bugs, one used in QakBot attacks

Microsoft disclosed and patched 60 Windows CVEs, including two widely exploited ones: CVE-2024-30051 and CVE-2024-30040 with significant CVSS ratings.

Microsoft security bypass bug said to be under exploit

Microsoft fixed 149 security flaws on Patch Tuesday.

A vulnerability, CVE-2024-26234, was actively exploited with a backdoor in Windows.

Microsoft squashes security bugs under active exploitation

Microsoft fixed 73 security holes in February's Patch Tuesday, including two vulnerabilities that are actively being exploited.

One of the vulnerabilities allows for a bypass of security checks when a user clicks on a maliciously crafted shortcut file, while the other vulnerability allows for a bypass of Windows SmartScreen checks.

Microsoft fixes exploited bugs, one used in QakBot attacks

Microsoft disclosed and patched 60 Windows CVEs, including two widely exploited ones: CVE-2024-30051 and CVE-2024-30040 with significant CVSS ratings.

Microsoft security bypass bug said to be under exploit

Microsoft fixed 149 security flaws on Patch Tuesday.

A vulnerability, CVE-2024-26234, was actively exploited with a backdoor in Windows.

moremicrosoft

Google patches its fifth zero-day vulnerability of the year in Chrome

Google has patched a high-severity zero-day vulnerability in Chrome, marking the fifth update this year to protect against malicious exploits.

CISA expects devs to squash old directory traversal bugs

CISA urges software industry to address directory traversal vulnerabilities.

AI's use as a hacking tool has been overhyped

The study found that GPT-4 was the only model able to write viable exploits for a range of vulnerabilities.

Rapid7 flames JetBrains over vulnerability disclosure

Rapid7 criticizes JetBrains for silent patching

Importance of transparency in vulnerability disclosure

Exploiting critical ConnectWise bug is 'embarrassingly easy'

ConnectWise ScreenConnect vulnerability requires urgent patch due to its severity rating, including RCE and path traversal flaws.

Researchers quickly developed working exploits, emphasizing the ease and severity of the vulnerabilities.

Suicide Squad: Kill The Justice League Update Extinguishes Infinite Burning Damage Exploit

Bug fixes address exploitable holes in Suicide Squad: Kill the Justice League game, including a bug with Burning damage that allowed for exponentially stacked elemental effect.

Rocksteady plans to introduce a new leaderboard and anticipates that players will discover other game-breaking builds in the future.

#exploits
#exploits

Zero Day Initiative - Pwn2Own Automotive 2025 - Day Three and Final Results

There's Something Very Sketchy About Elon Musk's Diablo IV Build

CoD: Black Ops 6 Player Hit Prestige Level 1,000 Using Zombies Exploit, Rewards Revealed

There's Something Very Sketchy About Elon Musk's Diablo IV Build

CoD: Black Ops 6 Player Hit Prestige Level 1,000 Using Zombies Exploit, Rewards Revealed

New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking

Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it

New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking

Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it

Russian government hackers found using exploits made by spyware companies NSO and Intellexa | TechCrunch

Commercial spyware vendor exploits used by Kremlin-backed hackers, Google says

Russian government hackers found using exploits made by spyware companies NSO and Intellexa | TechCrunch

Commercial spyware vendor exploits used by Kremlin-backed hackers, Google says

Back to the future: Windows Update is now a trojan horse for hackers

Cloudflare reports almost 7% of internet traffic is malicious

Windows admin-to-kernel exploit went unpatched for 6 months

Three-year-old Apache Flink flaw now under active attack

Back to the future: Windows Update is now a trojan horse for hackers

Cloudflare reports almost 7% of internet traffic is malicious

Windows admin-to-kernel exploit went unpatched for 6 months

Three-year-old Apache Flink flaw now under active attack

Microsoft squashes security bugs under active exploitation

Microsoft fixes exploited bugs, one used in QakBot attacks

Microsoft security bypass bug said to be under exploit

Microsoft squashes security bugs under active exploitation

Microsoft fixes exploited bugs, one used in QakBot attacks

Microsoft security bypass bug said to be under exploit

Google patches its fifth zero-day vulnerability of the year in Chrome

CISA expects devs to squash old directory traversal bugs

AI's use as a hacking tool has been overhyped

Rapid7 flames JetBrains over vulnerability disclosure

Exploiting critical ConnectWise bug is 'embarrassingly easy'

Suicide Squad: Kill The Justice League Update Extinguishes Infinite Burning Damage Exploit

#exploits#exploits

Zero Day Initiative - Pwn2Own Automotive 2025 - Day Three and Final Results

There's Something Very Sketchy About Elon Musk's Diablo IV Build

CoD: Black Ops 6 Player Hit Prestige Level 1,000 Using Zombies Exploit, Rewards Revealed

There's Something Very Sketchy About Elon Musk's Diablo IV Build

CoD: Black Ops 6 Player Hit Prestige Level 1,000 Using Zombies Exploit, Rewards Revealed

New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking

Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it

New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking

Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it

Russian government hackers found using exploits made by spyware companies NSO and Intellexa | TechCrunch

Commercial spyware vendor exploits used by Kremlin-backed hackers, Google says

Russian government hackers found using exploits made by spyware companies NSO and Intellexa | TechCrunch

Commercial spyware vendor exploits used by Kremlin-backed hackers, Google says

Back to the future: Windows Update is now a trojan horse for hackers

Cloudflare reports almost 7% of internet traffic is malicious

Windows admin-to-kernel exploit went unpatched for 6 months

Three-year-old Apache Flink flaw now under active attack

Back to the future: Windows Update is now a trojan horse for hackers

Cloudflare reports almost 7% of internet traffic is malicious

Windows admin-to-kernel exploit went unpatched for 6 months

Three-year-old Apache Flink flaw now under active attack

Microsoft squashes security bugs under active exploitation

Microsoft fixes exploited bugs, one used in QakBot attacks

Microsoft security bypass bug said to be under exploit

Microsoft squashes security bugs under active exploitation

Microsoft fixes exploited bugs, one used in QakBot attacks

Microsoft security bypass bug said to be under exploit

Google patches its fifth zero-day vulnerability of the year in Chrome

CISA expects devs to squash old directory traversal bugs

AI's use as a hacking tool has been overhyped

Rapid7 flames JetBrains over vulnerability disclosure

Exploiting critical ConnectWise bug is 'embarrassingly easy'

Suicide Squad: Kill The Justice League Update Extinguishes Infinite Burning Damage Exploit

#exploits
#exploits