Very swiftly after their disclosure, Citrix has issued patches for two vulnerabilities in its Citrix Virtual Apps and Desktop technology that allow a remote attacker escalate privileges or execute code of their choice on vulnerable systems. Citrix… Article Source https://www.darkreading.com/cloud-security/citrix-patches-zero-day-recording-manager-bugs
An unpatched zero-day vulnerability in Citrix’s Session Recording Manager allows unauthenticated remote code execution (RCE, paving the way for data theft, lateral movement, and desktop takeover. According to watchTowr research out today, the… Article Source https://www.darkreading.com/cloud-security/citrix-recording-manager-zero-day-bug-unauthenticated-rce
A new zero-day vulnerability in Citrix’s Session Recording Manager can be exploited to enable unauthenticated remote code execution (RCE) against Citrix Virtual Apps and Desktops, according to watchTowr. The attack surface management provider… Article Source https://www.infosecurity-magazine.com/news/new-citrix-zeroday-vulnerability/
Google has announced patches for several high severity vulnerabilities. In total, 51 vulnerabilities have been patched in November’s updates, two of which are under limited, active exploitation by cybercriminals. If your Android phone… Article Source https://www.malwarebytes.com/blog/news/2024/11/update-your-android-google-patches-two-zero-day-vulnerabilities
Nov 04, 2024Ravie LakshmananArtificial Intelligence / Vulnerability Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep… Article Source https://thehackernews.com/2024/11/googles-ai-tool-big-sleep-finds-zero.html
Aug 22, 2024Ravie LakshmananNetwork Security / Zero-Day Details have emerged about a China-nexus threat group’s exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the… Article Source https://thehackernews.com/2024/08/chinese-hackers-exploit-zero-day-cisco.html
The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. Kaspersky discovered the attacks on May 13,… Article Source https://www.bleepingcomputer.com/news/security/lazarus-hackers-used-fake-defi-game-to-exploit-google-chrome-zero-day/
A zero-day vulnerability, tracked as CVE-2024-44068, has been discovered in Samsung’s mobile processors and is being used in an exploit chain for arbitrary code execution. The vulnerability was given a critical CVSS score of 8.1 out of 10 and was… Article Source https://www.darkreading.com/endpoint-security/samsung-zero-day-vuln-under-active-exploit-google-warns
Google Warns of Samsung Zero-Day Exploited in the Wild SecurityWeek Article Source https://www.securityweek.com/google-warns-of-samsung-zero-day-exploited-in-the-wild/
A cyberespionage group called “Velvet Ant,” believed to be aligned with China, recently exploited a zero-day vulnerability in Cisco Nexus devices. This flaw, identified as CVE-2024-20399, allows an attacker to execute arbitrary commands as root on the affected device. According to Sygnia researchers, this exploit led to the deployment of custom malware that enabled remote … Read more