AI Discovers Critical Zero-Day Vulnerability in SQLite Through Google’s Big Sleep Framework

Overview of the Zero-Day Vulnerability Discovery November 4, 2024 – Google recently announced the discovery of a zero-day vulnerability in the popular SQLite open-source database, achieved through its AI-powered framework, Big Sleep, previously known as Project Naptime. This breakthrough marks a significant milestone, as Google claims it’s the first real-world vulnerability detected by an AI-driven […]

CrossBarking: New Attack Exploiting Opera’s Private API

Guardio researchers recently uncovered a new browser-based cyberattack, known as “CrossBarking,” that exploits private APIs within the Opera browser, revealing significant security vulnerabilities. Private APIs are typically designed to give web applications secure access to various browser functions—like storage, geolocation, or performance enhancement. Most APIs are publicly accessible and rigorously reviewed, but some browsers, like […]

New Malware Campaign: Malicious Code Spread via Fake CAPTCHA Attacks

Introduction: The Rise of CAPTCHA-Based Attacks Cyber threats grow more advanced every day. In a recent example, attackers are using fake CAPTCHA tests—a common tool to distinguish humans from bots—to distribute malware. By tricking users into clicking familiar buttons, cybercriminals spread malicious code. This article will explain how this attack works, who it targets, and […]

Comparison study of 10 leading pharma companies coming out in October

The goal of the data and cybersecurity exposure assessment to be published in October, 2022, by Cyber Intel Matrix, is to give an objective picture of current detected vulnerabilities, and through it a sectoral overview of typical vulnerabilities, weaknesses, and possible future threats. The study examines eight main perspectives of each company’s infrastructure: Account Takeover […]

Google, Mandiant say zero-day numbers reached all-time highs in 2021

Google and Mandiant released reports this week saying the number of disclosed and exploited zero-days reached record highs in 2021. Mandiant said it identified 80 zero-days exploited in the wild, more than double the record volume they saw in 2019. The term zero-day refers to newly-discovered vulnerabilities in which a vendor has zero days to […]

First phase of ‘Hack DHS’ finds over 120 vulnerabilities

Indianapolis – Circa August 2018: Logo and seal of the United States Department of Homeland Security. DHS runs Immigration and Customs Enforcement (ICE) The initial leg of the Homeland Security Department’s first-ever bug bounty program uncovered more than 120 cybersecurity vulnerabilities in some of its external systems, the agency announced on Friday. More than 450 […]

New Log4j attacks target SolarWinds, ZyXEL devices

Image: Possessed Photography // Unsplash Cybercriminals looking to capitalize on the Log4Shell vulnerability are attacking devices from SolarWinds and ZyXEL that are known to have used the Log4j library inside their software, according to two reports published on Wednesday by Microsoft and Akamai. The most urgent of these attacks are those spotted by Microsoft, which said it […]

New MoonBounce UEFI bootkit can’t be removed by replacing the hard drive

Security researchers from Kaspersky said on Thursday that they had discovered a novel bootkit that can infect a computer’s UEFI firmware. What makes MoonBounce—the name they gave the bootkit—special is the fact that the malware doesn’t burrow and hide inside a section of the hard drive named ESP (EFI System Partition), where some UEFI code typically […]

Israel police uses NSO’s Pegasus to spy on citizens

Mayors, leaders of political protests against former Prime Minister Benjamin Netanyahu, and former governmental employees, were among those tracked by police without a search or bugging warrant authorizing the surveillance Israel police uses NSO’s Pegasus spyware to remotely hack phones of Israeli citizens, control them and extract information from them, Calcalist has revealed. Among those […]

Crypto.com Says ‘Incident’ Was Actually $30 Million Hack

The cryptocurrency platform initially called the hack “an incident.” Photograph: YinYang/Getty Images Crypto.com, one of the largest cryptocurrency exchanges in the world, confirmed that its users got hacked and that the hackers withdrew more than $30 million in cryptocurrency from the wallets of 483 users. The admission comes after the company initially downplayed the hack, […]