What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-11-29 16:31:33 | CISA adds Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities Catalog (lien direct) | >CISA added a critical flaw impacting Oracle Fusion Middleware, tracked as CVE-2021-35587, to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) a critical vulnerability impacting Oracle Fusion Middleware, tracked as CVE-2021-35587 (CVSS 3.1 Base Score 9.8), to its Known Exploited Vulnerabilities Catalog. An unauthenticated attacker with network access via HTTP can exploit […] | Vulnerability | ★★★ | |
|
2022-11-28 20:08:00 | A flaw in some Acer laptops can be used to bypass security features (lien direct) | >ESET announced the discovery of a vulnerability impacting Acer laptops that can allow an attacker to deactivate UEFI Secure Boot. ESET researchers announced in a series of tweets the discovery of a vulnerability impacting Acer laptops, the issue can allow an attacker to deactivate UEFI Secure Boot. The experts explained that the flaw, tracked as […] | Vulnerability | ★★★ | |
|
2022-11-28 15:04:34 | Experts found a vulnerability in AWS AppSync (lien direct) | >Amazon Web Services (AWS) fixed a cross-tenant vulnerability that could have allowed attackers to gain unauthorized access to resources. Amazon Web Services (AWS) has addressed a cross-tenant confused deputy problem in its platform that could have allowed threat actors to gain unauthorized access to resources. The problem was reported to the company by researchers from […] | Vulnerability Threat | ★★ | |
|
2022-11-26 21:11:03 | Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches (lien direct) | >The massive data breach suffered by Twitter that exposed emails and phone numbers of its customers may have impacted more than five million users. At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor offered […] | Data Breach Vulnerability Threat | ★★ | |
|
2022-11-25 13:50:56 | Google fixed the eighth actively exploited #Chrome #zeroday this year (lien direct) | >Google on Thursday released security updates to address a new zero-day vulnerability, tracked as CVE-2022-4135, impacting the Chrome web browser. Google rolled out an emergency security update for the desktop version of the Chrome web browser to address a new zero-day vulnerability, tracked as CVE-2022-4135, that is actively exploited. The CVE-2022-4135 vulnerability is a heap […] | Vulnerability | ||
|
2022-11-21 21:19:22 | Expert published PoC exploit code for macOS sandbox escape flaw (lien direct) | >A researcher published details and proof-of-concept (PoC) code for High-Severity macOS Sandbox escape vulnerability tracked as CVE-2022-26696. Researcher Wojciech Reguła (@_r3ggi) of SecuRing published technical details and proof-of-concept (PoC) code for a macOS sandbox escape vulnerability tracked as CVE-2022-26696 (CVSS score of 7.8). In a wrap-up published by Regula, the researcher observed that the problem is caused […] | Vulnerability | ||
|
2022-11-18 21:35:51 | Atlassian fixed 2 critical flaws in Crowd and Bitbucket products (lien direct) | >Atlassian addressed this week two critical vulnerabilities impacting its Crowd and Bitbucket products. Atlassian announced the release of security updates to address critical-severity vulnerabilities in its identity management platform, Crowd Server and Data Center, and in the Bitbucket Server and Data Center, a self-managed solution that provides source code collaboration for professional teams. The vulnerability in […] | Vulnerability | ||
|
2022-11-17 16:32:32 | Magento and Adobe Commerce websites under attack (lien direct) | >Researchers warn of a surge in cyberattacks targeting CVE-2022-24086, a pre-authentication issue impacting Adobe Commerce and Magento stores. In September 2022, Sansec researchers warned of a surge in hacking attempts targeting a critical Magento 2 vulnerability tracked as CVE-2022-24086. Magento is a popular open-source e-commerce platform owned by Adobe, which is used by hundreds of thousands […] | Vulnerability | ||
|
2022-11-15 22:23:01 | (Déjà vu) Experts found critical RCE in Spotify\'s Backstage (lien direct) | >Researchers discovered a critical vulnerability impacting Spotify’s Backstage Software Catalog and Developer Platform. Researchers from the security firm Oxeye discovered a critical Remote Code Execution in Spotify's Backstage (CVSS Score of 9.8). Backstage is Spotify’s open-source platform for building developer portals, it's used by a several organizations, including American Airlines, Netflix, Splunk, Fidelity Investments and Epic Games. […] | Vulnerability | ||
|
2022-11-10 13:45:11 | A bug in ABB Totalflow flow computers exposed oil and gas companies to attack (lien direct) | >A flaw in the ABB Totalflow system used in oil and gas organizations could be exploited by an attacker to inject and execute arbitrary code. Researchers from industrial security firm Claroty disclosed details of a vulnerability affecting ABB Totalflow flow computers and remote controllers. Flow computers are used to calculate volume and flow rates for oil […] | Vulnerability | ★★★★ | |
|
2022-11-08 21:52:41 | Citrix ADC and Citrix Gateway are affected by a critical authentication bypass flaw (lien direct) | >Citrix released security updates to address a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway. Citrix is urging customers to install security updates to address a critical authentication bypass issue, tracked as CVE-2022-27510, in Citrix ADC and Citrix Gateway. The company addressed the following three vulnerabilities: “Note that only appliances that are operating […] | Vulnerability | ★★★★ | |
|
2022-11-05 17:30:47 | Zero-day are exploited on a massive scale in increasingly shorter timeframes (lien direct) | >Microsoft warns of an uptick among threat actors increasingly using publicly-disclosed zero-day exploits in their attacks. According to the Digital Defense Report published by Microsoft, threat actors are increasingly leveraging publicly-disclosed zero-day vulnerabilities to target organizations worldwide. The researchers noticed a reduction in the time between the announcement of a vulnerability and the commoditization of […] | Vulnerability Threat | ||
|
2022-11-04 06:13:36 | Cisco addressed several high-severity flaws in its products (lien direct) | >Cisco addressed multiple flaws impacting its products, including high-severity issues in identity, email, and web security solutions. Cisco addressed multiple vulnerabilities impacting some of its products, including high-severity flaws in identity, email, and web security products. The most severe vulnerability addressed by the IT giant is a cross-site request forgery (CSRF) flaw, tracked as CVE-2022-20961 […] | Vulnerability | ||
|
2022-11-03 08:04:49 | Fortinet fixed 16 vulnerabilities, 6 rated as high severity (lien direct) | >Fortinet addressed 16 vulnerabilities in some of the company's products, six flaws received a 'high' severity rate. One of the high-severity issues is a persistent XSS, tracked as CVE-2022-38374, in Log pages of FortiADC. The root cause of the issue is an improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC. A […] | Vulnerability | ||
|
2022-11-01 13:19:26 | Experts warn of critical RCE in ConnectWise Server Backup Solution (lien direct) | >ConnectWise has addressed a critical remote code execution vulnerability impacting Recover and R1Soft Server Backup Manager (SBM). According to the advisory published by ConnectWise, the vulnerability is an Improper Neutralization of Special Elements in Output Used by a Downstream Component. An attacker can exploit the vulnerability to execute remote code or directly access confidential data. […] | Vulnerability | ||
|
2022-11-01 09:46:44 | (Déjà vu) Samsung Galaxy Store flaw could have allowed installing malicious apps on target devices (lien direct) | >A security flaw in the Galaxy Store app for Samsung devices could have potentially allowed remote command execution on affected phones. A now-patched vulnerability in the Galaxy Store app for Samsung devices could have potentially triggered remote command execution on affected phones. The flaw is a cross-site scripting (XSS) bug that can be triggered when […] | Vulnerability | ||
|
2022-10-31 18:21:37 | Actively exploited Windows Mark-of-the-Web zero-day received an unofficial patch (lien direct) | >An unofficial patch for an actively exploited flaw in Microsoft Windows that allows to bypass Mark-of-the-Web (MotW) protections. 0patch released an unofficial patch to address an actively exploited security vulnerability in Microsoft Windows that could allow bypassing Mark-of-the-Web (MotW) protections by using files signed with malformed signatures. The issue affects all supported and multiple legacy […] | Vulnerability | ||
|
2022-10-31 12:11:03 | GitHub flaw could have allowed attackers to takeover repositories of other users (lien direct) | >A critical flaw in the cloud-based repository hosting service GitHub could’ve allowed attackers to takeover other repositories. The cloud-based repository hosting service GitHub has addressed a vulnerability that could have been exploited by threat actors to takeover the repositories of other users. The vulnerability was discovered by Checkmarx that called the attack technique RepoJacking. The […] | Vulnerability Threat | ||
|
2022-10-28 13:00:33 | Google fixes a new actively exploited Chrome zero-day, it is the seventh one this year (lien direct) | >Google Thursday released an emergency patch for Chrome 107 to address the actively exploited zero-day vulnerability CVE-2022-3723. Google released an emergency update for the Chrome 107 to address an actively exploited zero-day vulnerability tracked as CVE-2022-3723. The CVE-2022-3723 flaw is a type confusion issue that resides in the Chrome V8 Javascript engine. The flaw has been reported […] | Vulnerability | ||
|
2022-10-27 13:38:51 | SiriSpy flaw allows eavesdropping on users\' conversations with Siri (lien direct) | SiriSpy is a vulnerability affecting Apple iOS and macOS that allowed apps to eavesdrop on users’ conversations with Siri. SiriSpy is a now-patched vulnerability, tracked as CVE-2022-32946, in Apple’s iOS and macOS that could have potentially allowed any app with access to Bluetooth to eavesdrop on conversations with Siri and audio. “An app may be […] | Vulnerability | ||
|
2022-10-26 23:00:48 | OpenSSL to fix the second critical flaw ever (lien direct) | >The OpenSSL Project announced an upcoming update to address a critical vulnerability in the open-source toolkit. The OpenSSL Project announced that it is going to release updates to address a critical vulnerability in the open-source toolkit. Experts pointed out that it is the first critical vulnerability patched in toolkit since September 2016. “The OpenSSL project […] | Vulnerability | ||
|
2022-10-26 07:36:50 | VMware fixes critical RCE in VMware Cloud Foundation (lien direct) | >VMware addressed a critical remote code execution vulnerability in VMware Cloud Foundation tracked as CVE-2021-39144. VMware has released security updates to address a critical vulnerability, tracked as CVE-2021-39144 (CVSSv3 9.8), in VMware Cloud Foundation. VMware Cloud Foundation™ is the industry’s most advanced hybrid cloud platform. It provides a complete set of software-defined services for compute, storage, […] | Vulnerability | ★★★★★ | |
|
2022-10-25 20:22:55 | Experts disclosed a 22-year-old bug in popular SQLite Database library (lien direct) | >A high-severity vulnerability, tracked as CVE-2022-35737, has been disclosed in the SQLite database library. The security expert Andreas Kellas detailed a high-severity vulnerability, tracked as CVE-2022-35737 (CVSS score: 7.5), in the SQLite database library, which was introduced in October 2000. The CVE-2022-35737 flaw is an integer overflow issue that impacts SQLite versions 1.0.12 through 3.39.1. The vulnerability was […] | Vulnerability | ||
|
2022-10-24 21:09:12 | Apple fixed the ninth actively exploited zero-day this year (lien direct) | >Apple released security updates that addressed the ninth zero-day vulnerability actively exploited in the wild since the start of the year. Apple has addressed the ninth zero-day vulnerability exploited in attacks in the wild since the start of the year. The vulnerability, tracked as CVE-2022-42827, is an out-of-bounds write issue that can be exploited by an attacker to […] | Vulnerability | ||
|
2022-10-19 22:50:57 | Text4Shell, a remote code execution bug in Apache Commons Text library (lien direct) | >Researcher discovered a remote code execution vulnerability in the open-source Apache Commons Text library. GitHub’s threat analyst Alvaro Munoz discovered a remote code execution vulnerability, tracked as CVE-2022-42889, in the open-source Apache Commons Text library. Apache Commons Text is a library focused on algorithms working on strings. The vulnerability, dubbed “Text4Shell,” is an unsafe script evaluation issue […] | Vulnerability Threat | ||
|
2022-10-19 15:14:05 | Researchers share of FabriXss bug impacting Azure Fabric Explorer (lien direct) | >Cybersecurity researchers published technical details about a now-patched FabriXss flaw that impacts Azure Fabric Explorer. Orca Security researchers have released technical details about a now-patched FabriXss vulnerability, tracked as CVE-2022-35829 (CVSS 6.2), that impacts Azure Fabric Explorer. An attacker can exploit the vulnerability to gain administrator privileges on the cluster. In order to exploit this flaw, an […] | Vulnerability | ||
|
2022-10-18 12:27:39 | Critical Remote Code Execution issue impacts popular post-exploitation toolkit Cobalt Strike (lien direct) | >HelpSystems, the company that developed the Cobalt Strike platform, addressed a critical remote code execution vulnerability in its software. HelpSystems, the company that developed the commercial post-exploitation toolkit Cobalt Strike, addressed a critical remote code execution vulnerability, tracked as CVE-2022-42948, in its platform. The company released an out-of-band security update to address the remote code […] | Vulnerability | ||
|
2022-10-15 12:58:39 | Palo Alto Networks fixed a high-severity auth bypass flaw in PAN-OS (lien direct) | >Palo Alto Networks addressed a high-severity authentication bypass vulnerability affecting the PAN-OS 8.1 software. Palo Alto Networks released security patches to address a high-severity authentication bypass flaw, tracked as CVE-2022-0030 (CVSS score 8.1), impacting the PAN-OS 8.1 software. “An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker […] | Vulnerability | ||
|
2022-10-14 09:37:35 | Experts released PoC exploit code for critical bug CVE-2022-40684 in Fortinet products (lien direct) | >Experts released the PoC exploit code for the authentication bypass flaw CVE-2022-40684 in FortiGate firewalls and FortiProxy web proxies. A proof-of-concept (PoC) exploit code for the authentication bypass vulnerability CVE-2022-40684 (CVSS score: 9.6) in FortiGate firewalls and FortiProxy web proxies has been released online. The vulnerability impacts FortiOS versions from 7.0.0 to 7.0.6 and from […] | Vulnerability | ||
|
2022-10-10 20:47:43 | (Déjà vu) CVE-2022-40684 flaw in Fortinet products is being exploited in the wild (lien direct) | >Fortinet has confirmed that the recently disclosed critical authentication bypass issue (CVE-2022-40684) is being exploited in the wild. Last week, Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies. An attacker can exploit the vulnerability to log into vulnerable devices. “An authentication bypass using an alternate […] | Vulnerability | ||
|
2022-10-08 13:17:46 | Unpatched remote code execution flaw in Zimbra Collaboration Suite actively exploited (lien direct) | >Threat actors are exploiting an unpatched severe remote code execution vulnerability in the Zimbra collaboration platform. Researchers from Rapid7 are warning of the exploitation of unpatched zero-day remote code execution vulnerability, tracked as CVE-2022-41352, in the Zimbra Collaboration Suite. Rapid7 has published technical details, including a proof-of-concept (PoC) code and indicators of compromise (IoCs) regarding […] | Vulnerability | ||
|
2022-10-07 22:03:12 | VMware fixed a high-severity bug in vCenter Server (lien direct) | >VMware this week addressed a severe vulnerability in vCenter Server that could lead to arbitrary code execution. VMware on Thursday released security patches to address a code execution vulnerability, tracked as CVE-2022-31680 (CVSS score of 7.2), in vCenter Server. The security issue is an unsafe deserialization vulnerability that resides in the platform services controller (PSC). […] | Vulnerability Guideline | ||
|
2022-10-07 14:37:59 | Fortinet urges customers to immediately fix a critical authentication bypass flaw in FortiGate and FortiProxy (lien direct) | >Fortinet addressed a critical authentication bypass vulnerability that impacted FortiGate firewalls and FortiProxy web proxies. Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies. An attacker can exploit the vulnerability to log into vulnerable devices. “An authentication bypass using an alternate path or channel [CWE-88] in […] | Vulnerability | ||
|
2022-10-04 20:19:23 | A flaw in the Packagist PHP repository could have allowed supply chain attacks (lien direct) | >Experts disclosed a flaw in the PHP software package repository Packagist that could have been exploited to carry out supply chain attacks. SonarSource Researchers disclosed details about a now-fixed vulnerability (CVE-2022-24828) in PHP software package repository Packagist,, that could have been exploited to carry out supply chain attacks. The issue was addressed within hours by […] | Vulnerability | ||
|
2022-10-01 17:02:02 | (Déjà vu) CISA adds Atlassian Bitbucket Server flaw to its Known Exploited Vulnerabilities Catalog (lien direct) | >CISA added a recently disclosed flaw in Atlassian Bitbucket Server, tracked as CVE-2022-36804, to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added a recently disclosed critical vulnerability in Atlassian’s Bitbucket Server and Data Center to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant […] | Vulnerability | ||
|
2022-09-30 15:44:10 | US DoD announced the results of the Hack US bug bounty challenge (lien direct) | >The US Department of Defense (DoD) shared the results of the Hack US bug bounty program that took place in July. On July 4, 2022, the US Department of Defense (DoD) and HackerOne started the Hack US, a one-week bug bounty challenge, which is considered part of DoD's vulnerability disclosure program (VDP). The challenge was launched Chief […] | Hack Vulnerability | ||
|
2022-09-23 21:43:32 | Sophos warns of a new actively exploited flaw in Firewall product (lien direct) | >Sophos warns that a critical code injection security vulnerability in its Firewall product is actively exploited in the wild. Sophos warns of a critical code injection security vulnerability, tracked as CVE-2022-3236, affecting its Firewall product which is being exploited in the wild. The CVE-2022-3236 flaw resides in the User Portal and Webadmin of Sophos Firewall, […] | Vulnerability | ||
|
2022-09-23 13:54:46 | Surge in Magento 2 template attacks exploiting the CVE-2022-24086 flaw (lien direct) | >Sansec researchers warn of a surge in hacking attempts targeting a critical Magento 2 vulnerability tracked as CVE-2022-24086. Sansec researchers are warning of a hacking campaign targeting the CVE-2022-24086 Magento 2 vulnerability. Magento is a popular open-source e-commerce platform owned by Adobe, which is used by hundreds of thousands of e-stores worldwide. In February, Adobe […] | Vulnerability | ||
|
2022-09-22 21:10:33 | AttachMe: a critical flaw affects Oracle Cloud Infrastructure (OCI) (lien direct) | >A critical vulnerability in Oracle Cloud Infrastructure (OCI) could be exploited to access the virtual disks of other Oracle customers. Wiz researchers discovered a critical flaw in Oracle Cloud Infrastructure (OCI) that could be exploited by users to access the virtual disks of other Oracle customers. An attacker can trigger the flaw to exfiltrate sensitive […] | Vulnerability | ||
|
2022-09-22 13:27:22 | A 15-Year-Old Unpatched Python bug potentially impacts over 350,000 projects (lien direct) | >More than 350,000 open source projects can be potentially affected by a 15-Year-Old unpatched Python vulnerability More than 350,000 open source projects can be potentially affected by an unpatched Python vulnerability, tracked as CVE-2007-4559 (CVSS score: 6.8), that was discovered 15 years ago. The issue is a Directory traversal vulnerability that resides in the ‘extract’ […] | Vulnerability | ||
|
2022-09-16 07:22:27 | Uber hacked, internal systems and confidential documents were allegedly compromised (lien direct) | >Uber on Thursday disclosed a security breach, threat actors gained access to its network, and stole internal documents. Uber on Thursday suffered a cyberattack, the attackers were able to penetrate its internal network and access internal documents, including vulnerability reports. According to the New York Times, the threat actors hacked an employee’s Slack account and […] | Vulnerability Threat | Uber Uber | |
|
2022-09-14 05:21:01 | Threat actors are actively exploiting a zero-day in WPGateway WordPress plugin (lien direct) | >Threat actors are actively exploiting a zero-day vulnerability in the WPGateway premium plugin to target WordPress websites. The Wordfence Threat Intelligence team reported that threat actors are actively exploiting a zero-day vulnerability (CVE-2022-3180) in the WPGateway premium plugin in attacks aimed at WordPress sites. The WPGateway plugin is a premium plugin that allows users of […] | Vulnerability Threat | ||
|
2022-09-12 20:21:09 | Apple fixed the eighth actively exploited zero-day this year (lien direct) | >Apple has addressed the eighth zero-day vulnerability that is actively exploited in attacks against iPhones and Macs since January. Apple has released security updates to fix a zero-day vulnerability, tracked as CVE-2022-32917, which is actively exploited in attacks against iPhone and Mac devices. This is the eighth zero-day vulnerability fixed by the IT giant since […] | Vulnerability | ||
|
2022-09-09 11:50:31 | Experts warn of attacks exploiting zero-day in WordPress BackupBuddy plugin (lien direct) | >Threat actors are exploiting a zero-day vulnerability in a WordPress plugin called BackupBuddy, Wordfence researchers warned. On September 6, 2022, the Wordfence Threat Intelligence team was informed of a vulnerability being actively exploited in the BackupBuddy WordPress plugin. This plugin allows users to back up an entire WordPress installation, including theme files, pages, posts, widgets, users, and […] | Vulnerability Threat | ||
|
2022-09-08 11:24:22 | Cisco will not fix the authentication bypass flaw in EoL routers (lien direct) | >Cisco fixed new security flaws affecting its products, including a recently disclosed high-severity issue in NVIDIA Data Plane Development Kit. The most severe issues fixed by Cisco are an unauthenticated Access to Messaging Services Vulnerability affecting Cisco SD-WAN vManage software and a vulnerability in NVIDIA Data Plane Development Kit. The two issues have been tracked as CVE-2022-20696 […] | Vulnerability | ||
|
2022-09-07 08:53:00 | Zyxel addressed a critical RCE flaw in its NAS devices (lien direct) | >Networking equipment vendor Zyxel addressed a critical vulnerability impacting its network-attached storage (NAS) devices. Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747, impacting its network-attached storage (NAS) devices. The CVE-2022-34747 (CVSS score: 9.8) flaw is classified as a format string vulnerability that resides in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. An attacker can exploit […] | Vulnerability | ||
|
2022-09-05 20:43:48 | QNAP warns new Deadbolt ransomware attacks exploiting zero-day (lien direct) | >QNAP warns customers of ongoing DeadBolt ransomware attacks that are exploiting a zero-day vulnerability in Photo Station. QNAP warns customers of an ongoing wave of DeadBolt ransomware attacks, threat actors are exploiting a zero-day vulnerability in Photo Station. The attacks started on Saturday meantime the Taiwanese vendor has addressed the vulnerability. “QNAP Systems, Inc. today […] | Ransomware Vulnerability Threat | ||
|
2022-09-03 15:37:55 | Google rolled out emergency fixes to address actively exploited Chrome zero-day (lien direct) | >Google rolled out emergency fixes to address a vulnerability in the Chrome web browser that is being actively exploited in the wild. Google on Friday released emergency fixes to address a vulnerability, tracked as CVE-2022-3075, in the Chrome web browser that is being actively exploited in the wild. The CVE-2022-3075 flaw is caused by insufficient data […] | Vulnerability | ||
|
2022-09-02 10:48:48 | Google Chrome issue allows overwriting the clipboard content (lien direct) | >A security issue in the Google Chrome browser could allow malicious web pages to automatically overwrite clipboard content. A vulnerability in the Google Chrome browser, as well as Chromium-based browsers, could allow malicious web pages to automatically overwrite the clipboard content without any user interaction and consent simply visiting them. According to a blog post […] | Vulnerability | ||
|
2022-08-31 22:31:33 | A flaw in TikTok Android app could have allowed the hijacking of users\' accounts (lien direct) | Microsoft discovered a vulnerability in the TikTok app for Android that could lead to one-click account hijacking. Microsoft researchers discovered a high-severity flaw (CVE-2022-28799) in the TikTok Android app, which could have allowed attackers to hijack users' accounts with a single click. The experts state that the vulnerability would have required the chaining with other […] | Vulnerability Guideline |
To see everything:
Our RSS (filtrered)
