Google Chrome Zero-day Vulnerability, Eighth this year (CVE-2024-5274)

Another vulnerability in Chrome is being exploited in the wild. Tracked as CVE-2024-5274, this is a type confusion vulnerability in V8 JavaScript engine. Clément Lecigne of Google’s Threat Analysis Group and Brendon Tiszka of Chrome Security have discovered and reported the vulnerability.

Another Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2024-4947)

Google released a security advisory for the second time this week to address a vulnerability known to be exploited in the wild. In this update, Google addressed nine security vulnerabilities, one of which (CVE-2024-4947) is actively exploited.

Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2024-4761)

Google has released updates to address an actively exploited vulnerability in the Chrome browser. Tracked as CVE-2024-4761, Google has given the vulnerability a high severity rating. The out-of-bounds write vulnerability impacts the V8 JavaScript engine. The engine executes JS code in the application.

Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2024-4671)

Google has released updates to address an actively exploited vulnerability in the Chrome browser. Tracked as CVE-2024-4671, Google has given the vulnerability a high severity rating. The use-after-free vulnerability exists in the Visuals component. In the advisory, Google mentioned that they are aware of the active exploitation of the vulnerability.

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Vulnerabilities Exploited in the Wild (CVE-2024-20353 & CVE-2024-20359)

Cisco released software updates to address two actively exploited vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software (CVE-2024-20353 & CVE-2024-20359). Successful exploitation of the vulnerabilities may result in remote code execution and denial of service (DoS) conditions. CISA added the vulnerabilities to its Known Exploited Vulnerabilities Catalog, acknowledging … Continue reading “Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Vulnerabilities Exploited in the Wild (CVE-2024-20353 & CVE-2024-20359)”

PAN-OS OS Command Injection Vulnerability Exploited in the Wild (CVE-2024-3400) (Operation MidnightEclipse)

Attackers are exploiting a command injection vulnerability in Palo Alto Networks PAN-OS software. Tracked as CVE-2024-3400, the vulnerability has been given a critical severity rating and a CVSS score of 10. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code with root privileges on the firewall. The vulnerability exists in the … Continue reading “PAN-OS OS Command Injection Vulnerability Exploited in the Wild (CVE-2024-3400) (Operation MidnightEclipse)”

FortiOS Out-of-Bound Write Vulnerability Under Active Exploitation (CVE-2024-21762)

Fortinet has addressed an out-of-bounds write vulnerability impacting FortiOS. Tracked as CVE-2024-21762, the vulnerability has a critical severity rating with a CVSS score 9.6. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests. Fortinet quoted in the advisory that vulnerability is potentially exploited … Continue reading “FortiOS Out-of-Bound Write Vulnerability Under Active Exploitation (CVE-2024-21762)”

Google Patches Actively Exploited Zero-day Vulnerability Impacting Chrome Browser (CVE-2024-0519)

Google has released security updates to address four vulnerabilities impacting Chrome. One of the four vulnerabilities, CVE-2024-0519, is exploited in the wild. The vulnerability was reported anonymously to Google. CVE-2024-0519 is the first zero-day vulnerability addressed by Google this year. CVE-2024-0519 is a high-severity out-of-bounds memory access vulnerability in the V8 JavaScript and WebAssembly engines. … Continue reading “Google Patches Actively Exploited Zero-day Vulnerability Impacting Chrome Browser (CVE-2024-0519)”

Citrix NetScaler ADC and NetScaler Gateway Vulnerabilities Exploited in the Wild (CVE-2023-6548 and CVE-2023-6549)

CVE-2023-6548 and CVE-2023-6549 are the two vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway. On successful exploitation, the vulnerabilities may result in remote code execution and denial of service. Citrix has mentioned in the advisory that they have observed the exploitation attempts on vulnerable appliances. Citrix stated in the advisory, “This bulletin only applies to … Continue reading “Citrix NetScaler ADC and NetScaler Gateway Vulnerabilities Exploited in the Wild (CVE-2023-6548 and CVE-2023-6549)”

Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateway Vulnerabilities Exploited in the Wild (CVE-2023-46805 & CVE-2024-21887)

The security research team at Veloxity identified an active exploitation of two vulnerabilities (CVE-2023-46805 & CVE-2024-21887) impacting Ivanti Connect Secure VPN devices. When chained together, the vulnerabilities may allow attackers to transmit malicious requests and execute arbitrary commands on a targeted system. According to the research, a Chinese nation-state-level threat actor has exploited the vulnerabilities. … Continue reading “Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateway Vulnerabilities Exploited in the Wild (CVE-2023-46805 & CVE-2024-21887)”