-
![]()
Microsoft’s May 2023 Security Patch Addresses Critical Vulnerabilities, With Several Rated “Exploitation More Likely”
Microsoft has released its monthly security patch for May 2023, addressing several critical vulnerabilities across its products. Among the 40 vulnerabilities addressed in this update, some have been classified as “Exploitation More Likely” due to the higher possibility of being targeted by cybercriminals. This article will focus on these high-risk vulnerabilities and provide a summary…
-
![]()
WASM Vulnerability in Trust Wallet Leads to $170,000 Loss
Trust Wallet, a leading cryptocurrency wallet provider, has publicly disclosed details regarding a WebAssembly (WASM) vulnerability that affected its open-source library, Wallet Core. The vulnerability, which specifically impacted wallets created in Trust Wallet’s Browser Extension between November 14 and 23, 2022, was detected and patched within one day of its discovery in November 2022. The…
-
![]()
Google Chrome Releases Patch to Address Another Zero-Day Vulnerability
Google has announced an update to the stable and extended stable channels of its Chrome browser for desktop. The update includes version 112.0.5615.137/138 for Windows, 112.0.5615.137 for Mac, and 112.0.5615.165 for Linux. The rollout of these updates is expected to occur over the coming days and weeks, as noted in the official Chrome Releases blog…
-
![]()
Google Chrome Update Patches High-Severity Zero-Day Exploit: CVE-2023-2033
Google has released an important update for its Chrome browser to address a high-severity security vulnerability known as type confusion in the browser’s V8 engine. The flaw, designated as CVE-2023-2033, affected versions of Google Chrome prior to the latest release, version 112.0.5615.121. The vulnerability was described by the National Institute of Standards and Technology (NIST)…
-
![]()
Critical Exploitation Path Uncovered in Microsoft Azure Shared Key Authorization by Orca Security Researchers
Researchers at Orca Security have uncovered a critical exploitation path involving Microsoft Azure Shared Key authorization, which could lead to subscription privilege escalation and remote code execution (RCE). In a blog post published on April 11, 2023, Orca Security detailed their discovery and the potential impact it may have on organizations utilizing Microsoft Azure’s cloud…
-
![]()
Cisco Patches Critical Command Injection Vulnerabilities in Key Network Products
On April 5, 2023, Cisco issued an urgent security advisory to address multiple command injection vulnerabilities identified in several of its key products: the Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure. These vulnerabilities could be exploited by an authenticated, local attacker to bypass the restricted shell and…
-
![]()
Apple Issues Urgent Update to Fix Actively Exploited iOS Zero-Days
Cupertino, California – Apple has urgently released a major security update to address two zero-day vulnerabilities that were already being exploited in the wild. The company announced the rollout of the iOS 16.4.1 and iPadOS 16.4.1 updates, which include fixes for software flaws that could have exposed iPhone and iPad users to arbitrary code execution…
-
![]()
Millions of WordPress Sites at Risk from Active Exploitation of Elementor Pro Vulnerability
Cybercriminals are taking advantage of a critical vulnerability in the Elementor Pro plugin used with WordPress, granting them the ability to seize control of sites that utilize WooCommerce. The security flaw, identified by cybersecurity experts Jerome Bruandet from NinTechNet, permits assailants to run any code they choose on the affected system. According to Jerome’s blog,…
-
![]()
SafeMoon Suffers Major Loss in Security Exploit
In a major setback for the popular DeFi protocol, SafeMoon, the platform has suffered an exploit that resulted in the loss of approximately 8.9 million tokens from its liquidity pool. The attack, which took place on March 28th, 2023, was carried out by exploiting the token burn mechanism, causing the funds to be lost. According…
-
![]()
OpenAI’s ChatGPT suffers security breach through open-source library bug
OpenAI, the organization behind the popular chatbot ChatGPT, has confirmed a data breach that exposed users’ personal information. The breach was caused by a bug in an open-source library called Redis-py, introduced by OpenAI on March 20. As a consequence, users were able to access chat data that did not belong to them, and sensitive…
