Tag: Exploitation
-
Hacker News: U.S. Government Disclosed 39 Zero-Day Vulnerabilities in 2023, First-Ever Report
Source URL: https://www.zetter-zeroday.com/u-s-government-disclosed-39-zero-day-vulnerabilities-in-2023-per-first-ever-report/ Source: Hacker News Title: U.S. Government Disclosed 39 Zero-Day Vulnerabilities in 2023, First-Ever Report Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the U.S. government’s disclosure of zero-day vulnerabilities through its Vulnerabilities Equities Process (VEP) in 2023. It highlights a significant shift in the level of transparency around…
-
Alerts: CISA Adds One Known Exploited Vulnerability to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2025/02/05/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-53104 Linux Kernel Out-of-Bounds Write Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to…
-
Alerts: CISA Adds Four Known Exploited Vulnerabilities to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2025/02/04/cisa-adds-four-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Four Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-45195 Apache OFBiz Forced Browsing Vulnerability CVE-2024-29059 Microsoft .NET Framework Information Disclosure Vulnerability CVE-2018-9276 Paessler PRTG Network Monitor OS Command Injection Vulnerability CVE-2018-19410 Paessler PRTG Network…
-
Schneier on Security: On Generative AI Security
Source URL: https://www.schneier.com/blog/archives/2025/02/on-generative-ai-security.html Source: Schneier on Security Title: On Generative AI Security Feedly Summary: Microsoft’s AI Red Team just published “Lessons from Red Teaming 100 Generative AI Products.” Their blog post lists “three takeaways,” but the eight lessons in the report itself are more useful: Understand what the system can do and where it is…
-
The Register: Poisoned Go programming language package lay undetected for 3 years
Source URL: https://www.theregister.com/2025/02/04/golang_supply_chain_attack/ Source: The Register Title: Poisoned Go programming language package lay undetected for 3 years Feedly Summary: Researcher says ecosystem’s auto-caching is a net positive but presents exploitable quirks A security researcher says a backdoor masquerading as a legitimate Go programming language package used by thousands of organizations was left undetected for years.……
-
The Register: US accuses Canadian math prodigy of $65M crypto scheme
Source URL: https://www.theregister.com/2025/02/04/math_prodigy_crypto_scheme/ Source: The Register Title: US accuses Canadian math prodigy of $65M crypto scheme Feedly Summary: Suspect, still at large, said to back concept that ‘code is law’ New York feds today unsealed a five-count criminal indictment charging a 22-year-old Canadian math prodigy with exploiting vulnerabilities in two decentralized finance protocols, allegedly using…