-
Google has unveiled the latest version of its Chrome browser, Chrome 127, which is now available on the Stable channel. The update, identified as version 127.0.6533.72/73 for Windows and Mac, and 127.0.6533.72 for Linux, will be rolled out over the coming days and weeks. This release addresses 24 security vulnerabilities, enhancing the browserβs security and [β¦] The post Google Chrome 127 Released with a fix for 24 Security Vulnerabilities appeared first on GBHackers on Security | #1 Globally Trusted Cyber…
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
SonicWall has disclosed a critical heap-based buffer overflow vulnerability in its SonicOS IPSec VPN. This flaw, identified as CVE-2024-40764, can potentially allow unauthenticated, remote attackers to cause a Denial of Service (DoS) condition. The vulnerability has been rated with a CVSS v3 score of 7.5, indicating a high severity level. CVE-2024-40764: Critical Vulnerability in SonicOS [β¦] The post SonicOS IPSec VPN Vulnerability Let Attackers Cause Dos Condition appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News…
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
HTTP Request Smuggling is a flaw in web security that is derived from variations in the way different web servers or intermediaries, such as load balancers and proxies handle HTTP request sequences. By creating malicious HTTP requests that exploit these inconsistencies, an attacker can control the order in which requests are processed, possibly resulting in [β¦] The post New TE.0 HTTP Request Smuggling Flaw Impacts Google Cloud Websites appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security…
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Hackers remotely execute malicious code on a compromised device or server by exploiting the Universal Code Execution vulnerability. Through this vulnerability, threat actors can inject codes into server-side interpreter languages such as Java, Python, and PHP. Hacking into this security flaw can steal information, divert money to other accounts, perform surveillance, and even severely affect [β¦] The post Universal Code Execution Vulnerability In Browsers Puts Millions Of Users At Risk appeared first on GBHackers on Security | #1 Globally Trusted…
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
A critical vulnerability has been discovered in the Ghostscript rendering platform, identified as CVE-2024-29510. This flaw, a format string vulnerability, affects versions up to 10.03.0 and allows attackers to bypass the -dSAFER sandbox, leading to remote code execution (RCE). This vulnerability has significant implications for web applications and services that utilize Ghostscript for document conversion [β¦] The post Ghostscript Rendering Platform Vulnerability Let Attackers Execute Remote Code appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News…
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
A critical security vulnerability has been discovered in HCL Domino, a popular enterprise server software, that could potentially expose sensitive configuration information to remote unauthenticated attackers. This vulnerability, CVE-2024-23562, has raised concerns among cybersecurity experts and enterprises relying on HCL Domino for their operations. CVE-2024-23562 β Vulnerability Details CVE-2024-23562 vulnerability allows a remote, unauthenticated attacker [β¦] The post HCL Domino Vulnerability Let Attackers obtain Sensitive information appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
A threat actor has claimed to have discovered a vulnerability that bypasses the two-factor authentication (2FA) on the HackerOne bug bounty platform. The claim was made public via a tweet from the account MonThreat, which is known for sharing cybersecurity-related information. This raises concerns about the security of one of the most trusted platforms for [β¦] The post Threat Actor Claiming 2FA Bypass Vulnerability in HackerOne Bug Bounty Platform appeared first on GBHackers on Security | #1 Globally Trusted Cyber…
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
A critical vulnerability has been discovered in the popular WordPress plugin βEmail Subscribers by Icegram Express β Email Marketing, Newsletters, Automation for WordPress & WooCommerce.β The flaw, identified as CVE-2024-6172, has been assigned a CVSS score of 9.8, indicating its severe impact. The vulnerability was publicly disclosed on July 1, 2024, and last updated on [β¦] The post Critical WordPress Plugin Flaw Exposes 90,000+ WordPress Sites appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Google has unveiled kvmCTF, a new vulnerability reward program (VRP) explicitly targeting the Kernel-based Virtual Machine (KVM) hypervisor. This initiative, first announced in October 2023, underscores Googleβs commitment to enhancing the security of foundational technologies like Linux and KVM, which are integral to many of its products, including Android and Google Cloud. KVM, a robust [β¦] The post Google to offer $250,000 for Full VM Escape Zero-day Vulnerability appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security…
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Water Sigbin (8220 Gang) exploits vulnerabilities (CVE-2017-3506, CVE-2023-21839) in Oracle WebLogic servers to deliver cryptocurrency miners using PowerShell scripts.Β They use a multi-stage loading technique with a .Net Reactor protecting the payload to deploy the PureCrypter loader and XMRig miner, which makes it hard to analyze the code and implement defensive measures.Β Water Sigbin exploits [β¦] The post Water Sigbin Exploiting Oracle WebLogic Server Flaw appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
CYBERSECURITY / DEFENSE / INTELLIGENCE
