961 Results for:CVE

  • Sort by: 

Google, Microsoft and Mozilla push browser updates to foil zero-day

By Alex Scroxton 14 Sep 2023

A zero-day in Google’s Chrome browser was first reported by surveillance researchers at The Citizen Lab and Apple, but also affects other browsers Read More

Open source alert over intentionally placed backdoor

By Alex Scroxton 01 Apr 2024

A backdoor in the open source XZ Utils data compression library could have led to widespread compromise across the Linux ecosystem - and the community is on the trail of a developer who seems to be behind it Read More

Kaspersky opens up over spyware campaign targeting its staffers

By Alex Scroxton 24 Oct 2023

Kaspersky has shared more details of the TriangleDB spyware that was used against its own workforce by an unknown APT group Read More

Ransomware attack on major Chinese lender disrupts financial markets

By Alex Scroxton 10 Nov 2023

The financial services arm of one of the world’s largest banks was taken offline by a supposed LockBit ransomware attack, causing problems for US markets Read More

April Patch Tuesday fixes zero-day used to deliver ransomware

By Alex Scroxton 12 Apr 2023

A zero-day in the Microsoft Common Log File System that has been abused by the operator of the Nokoyawa ransomware is among 97 vulnerabilities fixed in April’s Patch Tuesday update Read More

Thousands at risk from critical RCE bug in legacy MS service

By Alex Scroxton 13 Apr 2023

Thousands of organisations worldwide are at risk from three vulnerabilities – one critical – in a legacy Microsoft service that they may not be aware they are running Read More

Zero-day vulnerability in MoveIt Transfer under attack

By Rob Wright 01 Jun 2023

Rapid7 observed exploitation of a SQL injection vulnerability in Progress Software's managed file transfer product, which was disclosed this week but has not been patched. Read More

AWS fixes 'FlowFixation' vulnerability for account hijacking

By Alexander Culafi 21 Mar 2024

A Tenable researcher discovered a session fixation flaw in AWS Managed Workflows for Apache Airflow that, combined with a misconfiguration, could enable account hijacking. Read More

Apple patches zero days used in spyware attacks on Kaspersky

By Arielle Waldman 22 Jun 2023

Two Apple zero days were used in the spyware campaign Kaspersky Lab named 'Operation Triangulation,' which was initially discovered on iOS devices of Kaspersky employees. Read More

Russia-based actor exploited unpatched Office zero day

By Arielle Waldman 12 Jul 2023

Microsoft investigated an ongoing phishing campaign that leverages Word documents to deliver malicious attachments to targeted organizations in the U.S. and Europe. Read More