While many expected — or at least hoped — that the 4th of July would be quiet on the cybersecurity front, Google on Monday announced the release of an emergency Chrome update that patches an actively exploited zero-day vulnerability.The flaw, tracked as CVE-2022-2294, has been described as a heap buffer overflow in WebRTC. The security hole was reported to G

Google has released Chrome 103.0.5060.114 for Windows users to address a high-severity zero-day vulnerability exploited by attackers in the wild, the fourth Chrome zero-day patched in 2022."Google is aware that an exploit for CVE-2022-2294 exists in the wild.," the browser vendor explained in a security advisory published on Monday.The 103.0.5060.1

ul.lst-kix_68660h7uawx-0{list-style-type:none}ul.lst-kix_68660h7uawx-1{list-style-type:none}ul.lst-kix_68660h7uawx-2{list-style-type:none}ul.lst-kix_68660h7uawx-3{list-style-type:none}ul.lst-kix_68660h7uawx-4{list-style-type:none}ul.lst-kix_68660h7uawx-5{list-style-type:none}ul.lst-kix_68660h7uawx-6{list-style-type:none}.lst-kix_68660h7uawx-7>li:before{conte

Google Project Zero states that in H1 2022 at least half of zero-day issues exploited in attacks were related to not properly fixed old flaws. Google Project Zero researcher Maddie Stone published a blog post that resumes her speech at the FIRST conference in June 2022, the presentation is titled “0-day In-the-Wild Exploitation in 2022…so far“. S

Researchers shared technical details and proof-of-concept exploit code for the CVE-2022-28219 flaw in Zoho ManageEngine ADAudit Plus tool. Security researchers from Horizon3.ai have published technical details and proof-of-concept exploit code for a critical vulnerability, tracked as CVE-2022-28219 (CVSS 9.8 out of 10), in the Zoho ManageEngine ADAudit Pl

Security researchers have published technical details and proof-of-concept exploit code for CVE-2022-28219, a critical vulnerability in the Zoho ManageEngine ADAudit Plus tool for monitoring activities in the Active Directory.The vulnerability allows an unauthenticated attacker to execute code remotely and compromise Active Directory accounts. It comes with

CISA has re-added a security bug affecting Windows devices to its list of bugs exploited in the wild after removing it in May due to Active Directory (AD) certificate authentication issues caused by Microsoft's May 2022 updates.The flaw is an actively exploited Windows LSA (Local Security Authority) spoofing vulnerability tracked as CVE-2022-26925 and confir

A Remote Access Trojan (RAT) is a type of malware that provides the attacker with full remote control over your system. When a RAT reaches your computer, it allows the hacker to easily access your local files, secure login authorization, and other sensitive information, or use that connection to download viruses you could unintentionally pass on to others.Wh

The Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Linux vulnerability known as PwnKit to its list of bugs exploited in the wild.The security flaw, identified as CVE-2021-4034, was found in the Polkit's pkexec component used by all major distributions (including Ubuntu, Debian, Fedora, and CentOS).PwnKit is a memory corrupt

The US Cybersecurity and Infrastructure Security Agency (CISA) says a Linux vulnerability tracked as CVE-2021-4034 and PwnKit has been exploited in attacks.The flaw, which came to light in January, affects Polkit, a component designed for controlling system-wide privileges in Unix-like operating systems. Polkit is developed by Red Hat, but it’s also used by

Hi FullDisclosure,I would like to publish an exploit that I found on AnyDesk as follows.# Exploit Title: AnyDesk allow arbitrary file write by symbolic linkattack lead to denial-of-service attack on local machine# Google Dork: [if applicable]# Date: 24/5/2022# Exploit Author: Erwin Chan# Vendor Homepage: https://anydesk.com/en# Software Link: https://anydesk

CISA and the United States Coast Guard Cyber Command (CGCYBER) are warning that the threat of Log4Shell hasn’t gone away. It’s being actively exploited and used to target organisations using VMware Horizon and Unified Access Gateway servers. Log4Shell: what is it? Log4Shell was a zero-day vulnerability in something called Log4j. This open s

A threat actor is selling access to 50 vulnerable networks that have been compromised exploiting the recently disclosed Atlassian Confluence zero-day. A threat actor is selling access to 50 vulnerable networks that have been compromised by exploiting the recently discovered Atlassian Confluence zero-day flaw (CVE-2022-26134). The discovery was made by

Experts warn threat actors have exploited a zero-day vulnerability in a Mitel VoIP appliance in a ransomware attack. CrowdStrike researchers recently investigated the compromise of a Mitel VOIP appliance as an entry point in a ransomware attack against the network of an organization.  The attackers exploited a remote code execution zero-day vulnerabili

Security researchers at CrowdStrike have stumbled upon ransomware actors deploying zero-day exploits against Mitel VOIP appliances sitting on the network perimeter.The discovery is added confirmation that ransomware criminals are increasingly investing in zero-day exploits for use in data-extortion attacks and that poorly configured network devices present a