A recently disclosed critical-severity vulnerability in discontinued Zyxel NAS devices is already exploited in botnet attacks, the Shadowserver Foundation warns.

Tracked as CVE-2024-29973, the issue is described as a code injection flaw that can be exploited remotely without authentication. It was introduced last year, when Zyxel patched CVE-2023-27992, a similar code injection bug.

“While patching this vulnerability, they added a new endpoint which uses the same approach as the old ones, and while doing so, implemented the same mistakes as its predecessors,” explains Outpost24 security researcher Timothy Hjort, who discovered and reported the security defect.

A few months ago, I stumbled upon a 24 years old buffer overflow in the glibc, the base library for linux programs. Despite being reachable in multiple well-known libraries or executables, it proved rarely exploitable — while it didn't provide much leeway, it required hard-to-achieve preconditions. Looking for targets lead mainly to disappointment. On PHP however, the bug shone, and proved useful in exploiting its engine in two different ways.

The agency found no evidence that hackers exfiltrated information but noted the intrusion “may have resulted in the potential unauthorized access” to security plans, vulnerability assessments and user accounts within a national system to protect the chemicals sector.

A novel command execution technique dubbed 'GrimResource' uses specially crafted MSC (Microsoft Saved Console) and an unpatched Windows XSS flaw to perform code execution via the Microsoft Management Console.

Wiz Research discovered CVE-2024-37032, an easy-to-exploit Remote Code Execution vulnerability in the open-source AI Infrastructure project Ollama.

Rapid7 observed a recent malvertising campaign luring users to download malicious installers for popular software like Google Chrome and Microsoft Teams.

Discover how RansomHub's ransomware-as-a-service targets Windows, Linux, and ESXi systems.

In this article, we analyze XZ backdoor behavior inside OpenSSH, after it has achieved RSA-related function hook.

A cyber attacker compromised Indonesia's national data centre, disrupting immigration checks at airports, and asked for an $8 million ransom, the country's communications minister told Reuters on Monday.
The attack disrupted several government services, most notably at airports last week, with long lines forming at immigration desks. Automated passport machines were now functioning, the communications ministry said.

Personal information, including partial payment details, may have been obtained by bad actors during an automated credential-stuffing attack on Levi’s online store.

The maker of the famous Levi’s denim jeans reported that over 72,000 accounts were affected during a “security incident” that was detected on July 13th.

The Spanish banking giant was one of the first organizations to report a breach in the Snowflake incident, which is now known to have affected about 165 organizations.

Discover how this healthcare breach unfolds and learn crucial defense strategies. Dive into our expert analysis for actionable insights.

Hackers are exploiting a flaw in a premium Facebook module for PrestaShop named pkfacebook to deploy a card skimmer on vulnerable e-commerce sites and steal people's payment credit card details.

Android, Google’s most popular mobile operating system, powers billions of smartphones and tablets globally. Known for its open-source nature and flexibility, Android offers users a wide array of features, customization options, and access to a vast ecosystem of applications through the Google Play Store and other sources.

However, with its widespread adoption and open environment comes the risk of malicious activity. Android malware, a malicious software designed to target Android devices, poses a significant threat to users’ privacy, security, and data integrity. These malicious programs come in various forms, including viruses, Trojans, ransomware, spyware, and adware, and they can infiltrate devices through multiple vectors, such as app downloads, malicious websites, phishing attacks, and even system vulnerabilities.

Discover critical vulnerabilities in Mailcow server software allowing remote code execution and XSS attacks.

National Crime Agency may take retaliatory measures after Qilin gang steals data covering 300m patient interactions

Notorious threat actor IntelBroker is claiming to have © data from Apple and AMD

At Project Zero, we constantly seek to expand the scope and effectiveness of our vulnerability research. Though much of our work still relies on traditional methods like manual source code audits and reverse engineering, we're always looking for new approaches.

As the code comprehension and general reasoning ability of Large Language Models (LLMs) has improved, we have been exploring how these models can reproduce the systematic approach of a human security researcher when identifying and demonstrating security vulnerabilities. We hope that in the future, this can close some of the blind spots of current automated vulnerability discovery approaches, and enable automated detection of "unfuzzable" vulnerabilities.

Cybercriminals behind attacks disrupting at least five London hospitals leaked nearly 400 gigabytes of data, which reportedly included blood test information.

Qilin ransomware started leaking data stolen from England National Health Service (NHS) partner Synnovis labs. According to reports from the BBC, the data includes patient names, dates of birth, NHS numbers, descriptions of blood tests, and other information.

An alert from France's ANSSI confirms several incidents that had previously been publicly reported and attributed to the Kremlin-backed hacking group that the French agency tracks as Nobelium.