Vulnerabilities and exploits

North Korean threat actor Citrine Sleet exploiting Chromium zero-day

August 31, 2024

On August 19, 2024, Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as...

Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE

August 9, 2024

Microsoft researchers recently identified multiple medium severity vulnerabilities in OpenVPN, an open-source project with binaries integrated into routers, firmware, PCs,...

Vulnerabilities in PanelView Plus devices could lead to remote code execution

July 3, 2024

Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell Automation PanelView Plus that could be remotely exploited by unauthenticated attackers,...

“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps

May 2, 2024

Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite...

Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server

March 11, 2024

Microsoft discovered, responsibly disclosed, and helped remediate four vulnerabilities that could be remotely exploited by unauthenticated attackers in Perforce Helix...

Vulnerabilities and exploits

North Korean threat actor Citrine Sleet exploiting Chromium zero-day

Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE

Vulnerabilities in PanelView Plus devices could lead to remote code execution

“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps

Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server

[ABYSS] – Ransomware Victim: bataviacontainer[.]com

CVE Alert: CVE-2024-39804

CVE Alert: CVE-2024-41145

CVE Alert: CVE-2022-40732

CVE Alert: CVE-2024-41138

You may have missed