Vulnerabilities

Google Releases Emergency Update Patching Exploited Bugs

Leave a Comment / Vulnerabilities /

An emergency update for Chrome web browser fixing two zero-day vulnerabilities has been released. The vulnerability is tracked as CVE-2021-38000 and CVE-2021-38003 and relates to insufficient validaton of untrusted input in a feature called Intents and inappropriate implentation in V8 JavaScript and WebAssembly engine. This flaw was discovered and reported by Threat Analysis Group (TAG) […]

Google Releases Emergency Update Patching Exploited Bugs Read More »

Squirrel Engine Bug Vulnerability Could Let Attackers Break Out Of Sandbox Restrictions

Leave a Comment / Vulnerabilities /

An out-of-bounds read vulnerability in the Squirrel programming language has been discovered by researchers on August 20,2021. This can be abused by attackers to break out of the sandbox restrictions and execute arbitrary code within a SquirrelVM giving a malicious actor complete access to the underlying machine. Tracked as CVE-2021-41556, occurs when a game library

Squirrel Engine Bug Vulnerability Could Let Attackers Break Out Of Sandbox Restrictions Read More »

New 0-day Patches in Windows Now Available Update Your PCs

Leave a Comment / Vulnerabilities /

Security patches to contain a total of 71 vulnerabilities in Microsoft Windows and other software has been released. This patch would also fix an actively exploited privilege escalation vulnerability that could be exploited in conjunction with remote code execution bugs to take over vulnerable systems. The security flaws have been rated with two being Critical,

New 0-day Patches in Windows Now Available Update Your PCs Read More »

OpenSea Patches A Vulnerability That Could Have Enabled Hackers Drain Wallets Of Cryptocurrency

Leave a Comment / Vulnerabilities /

OpenSea has just patched a critical vulnerability that could have been abused by malicious actors to drain cryptocurrency funds from a victim by sending a specially-crafted token in the form of a malicious NFT. When this malicious NFT is clicked, it results in a scenario whereby rogue transactions can be facilitated through a third-party wallet

OpenSea Patches A Vulnerability That Could Have Enabled Hackers Drain Wallets Of Cryptocurrency Read More »

Code Injection Flaw Discovered In Yamale Python Package

Leave a Comment / Vulnerabilities /

Yamale the Python package that allows developers to validate YAML – a data serialization language often used for writing configuration files has been discovered to be having a high severity code injection vulnerability that could be trivially exploited by adversaries to execute arbitrary Python code. The flaw tracked as CVE-2021-38305 (CVSS score: 7.8) involves manipulating

Code Injection Flaw Discovered In Yamale Python Package Read More »

Apache Releases Patches to a Zero-Day Exploit in the Wild

Leave a Comment / Vulnerabilities /

Apache has issued patches to two security vulnerabilities which is tracked as CVE-2021-41773. This vulnerability affects only Apache HTTP server version 2.4.49. Ash Daulton and cPanel Security Team have been credited with discovering and reporting the issue on September 29, 2021. With this flaw, an attacker could use a path traversal attack to map URLs

Apache Releases Patches to a Zero-Day Exploit in the Wild Read More »

A Current Flaw in Apple Pay is Enabling Attackers Perform Unauthorized Contactless Payments

Leave a Comment / Vulnerabilities /

An unpatched flaw in Apple Pay has been disclosed by Cybersecurity researchers giving attackers the ability to make an unauthorized Visa payment with a locked iPhone via the Express Travel mode setup in the device’s wallet. All that is needed is the mobile phone to be on and also transactions could be relayed from an

A Current Flaw in Apple Pay is Enabling Attackers Perform Unauthorized Contactless Payments Read More »

A vast number of Third-Party Cloud Containers possess popular vulnerabilities

Leave a Comment / Vulnerabilities /

Researchers have reported that a large amount of third-party code used in cloud infrastructure possess vulnerabilities as well as insecure configurations. The security vendor’s Unit 42 Cloud Threat Report 2H 2021 used data from various public sources better to understand the threat from cloud software supply chains. Data from various public sources were used by

A vast number of Third-Party Cloud Containers possess popular vulnerabilities Read More »

Chrome Releases Update Patching Actively Exploited Zero-Day Vulnerability

Leave a Comment / Vulnerabilities /

Google rolled out an emergency security patch to its Chrome web browser on the 24th of September, 2021 aimed at addressing a security flaw that’s known to have an exploit in the wild. The vulnerability is tracked as CVE-2021-37973 and described as use after free in Portals API, a web page navigation system that enables

Chrome Releases Update Patching Actively Exploited Zero-Day Vulnerability Read More »