ZeroDay – Page 2 – OWASP Jakarta

New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution

New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution Aug 06, 2024Ravie LakshmananEnterprise Security / Vulnerability A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning (ERP) system that could allow threat actors to achieve remote code execution on Read more

By adminowasp, 12 months ago

News

Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day

Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day. The high-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege issue in Pixel Firmware. The company did Read more

By adminowasp, 1 year ago

News

Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw

Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the Microsoft Windows Error Reporting Service as a zero-day, according to new findings from Symantec. The security flaw in question is CVE-2024-26169 Read more

By adminowasp, 1 year ago

News

Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers

Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers Arm is warning of a security vulnerability impacting Mali GPU Kernel Driver that it said has been actively exploited in the wild. Tracked as CVE-2024-4610, the use-after-free issue impacts the following products – Bifrost GPU Kernel Driver (all versions Read more

By adminowasp, 1 year ago

News

Check Point Warns of Zero-Day Attacks on its VPN Gateway Products

Check Point Warns of Zero-Day Attacks on its VPN Gateway Products Check Point is warning of a zero-day vulnerability in its Network Security gateway products that threat actors have exploited in the wild. Tracked as CVE-2024-24919, the issue impacts CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Read more

By adminowasp, 1 year ago

News

Update Chrome Browser Now: 4th Zero-Day Exploit Discovered in May 2024

Update Chrome Browser Now: 4th Zero-Day Exploit Discovered in May 2024 Google on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild. Assigned the CVE identifier CVE-2024-5274, the vulnerability relates to a type confusion bug in the V8 Read more

By adminowasp, 1 year ago

News

Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability

Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability Google has rolled out fixes to address a set of nine security issues in its Chrome browser, including a new zero-day that has been exploited in the wild. Assigned the CVE identifier CVE-2024-4947, the vulnerability relates to a type confusion bug in the V8 JavaScript and Read more

By adminowasp, 1 year ago

News

New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation

New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-4761, is an out-of-bounds write bug impacting the V8 JavaScript and WebAssembly engine. Read more

By adminowasp, 1 year ago

News

Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability

Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the wild. Tracked as CVE-2024-4671, the high-severity vulnerability has been described as a case of use-after-free in the Visuals component. It was Read more

By adminowasp, 1 year ago

News

State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage

State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the activity ArcaneDoor, attributed it as the handiwork of a previously undocumented sophisticated state-sponsored actor Read more

By adminowasp, 1 year ago