Exploit for Integer Overflow or Wraparound in Qualcomm Sm7675P_Firmware

CVE-2026-21385 Scanner Languages / Idiomas: Englishen...

CVE-2026-20700

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this...

EUVD-2025-25409

Malicious code in bioql PyPI...

Android Security Alert: Google Patches 120 Flaws, Including Two Zero-Days Under Attack

Google has shipped security updates to address 120 security flaws in its Android operating system as part of its monthly fixes for September 2025, including two issues that it said have been exploited in targeted attacks. The vulnerabilities are listed below - CVE-2025-38352 CVSS score: 7.4 - A...

Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities

Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild. The two high-severity vulnerabilities are listed below - CVE-2024-53150 CVSS score: 7.8 - An out-of-bounds flaw in the USB sub-component of Kernel that could result in information disclosure...

Nearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scan Campaign

Cybersecurity researchers are warning of a spike in suspicious login scanning activity targeting Palo Alto Networks PAN-OS GlobalProtect gateways, with nearly 24,000 unique IP addresses attempting to access these portals. "This pattern suggests a coordinated effort to probe network defenses and...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Included in this update are updates to closed-source components from Qualcomm, Imagination Technologies and MediaTek. Samsung has fixed vulnerabilities in Samsung Mobile that are relevant to Samsung mobile devices. A malicious party can exploit the...

Pixel Update Bulletin—April 2024Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2024-04-05 or later address all issues in this bulletin and all issues in the April 2024 Android Securi...

Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation

Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity. "There are...

Arm Issues Patch for Mali GPU Kernel Driver Vulnerability Amidst Ongoing Exploitation

Arm has released security patches to contain a security flaw in the Mali GPU Kernel Driver that has come under active exploitation in the wild. Tracked as CVE-2023-4211, the shortcoming impacts the following driver versions - Midgard GPU Kernel Driver: All versions from r12p0 - r32p0 Bifrost GPU...

ZeroDay vulnerability fixed in Apple macOS

Apple has fixed a ZeroDay vulnerability in macOS. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code as a user. For successful exploitation, the malicious party must trick the victim into opening a rogue image. Apple reports having reports that the...

Vulnerabilities fixed in Rarlab WinRAR

Rarlab has fixed vulnerabilities in WinRAR. A malicious person could exploit the vulnerabilities to execute arbitrary execute arbitrary code with user privileges. The vulnerability with reference CVE-2023-40477 is located in the way How WinRAR handles Recovery Volumes. A malicious party can creat...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to cause a denial-of-service, to gain access to system data, or to execute arbitrary code in the context of the browser of the victim. To do this, the malicious party must trick the victim into openin...

The art and science behind Microsoft threat hunting: Part 1

At Microsoft, we define threat hunting as the practice of actively looking for cyberthreats that have covertly or not so covertly penetrated an environment. This involves looking beyond the known alerts or malicious threats to discover new potential threats and vulnerabilities. Why do incident...

WARNING: A New Android Zero-Day Vulnerability Is Under Active Attack

Google has disclosed that a now-patched vulnerability affecting Android devices that use Qualcomm chipsets is being weaponized by adversaries to launch targeted attacks. Tracked as CVE-2020-11261 CVSS score 8.4, the flaw concerns an "improper input validation" issue in Qualcomm's Graphics compone...

PT-2020-5848 · Qualcomm +1 · Qualcomm Snapdragon Wearables +8

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon Auto versions prior to the fixed version Qualcomm Snapdragon Compute versions prior to the fixed version Qualcomm Snapdragon Connectivity versions prior to the fixed version Qualcomm Snapdragon Consumer IOT versions prior ...

DNS Poisoning Attacks Made Easy: Judas DNS

DNS Poisoning Attacks Made Easy A DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation. Judas works by proxying all DNS queries to the legitimate nameservers for a domain. The magic comes with Judas’s rule configurations which allow you to...

JudasDNS - Nameserver DNS poisoning attacks made easy

A DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation. Judas works by proxying all DNS queries to the legitimate nameservers for a domain. The magic comes with Judas's rule configurations which allow you to change DNS responses depending on...

Zero Day Fixed in Microsoft November 2013 Patch Tuesday

Microsoft today issued eight bulletins addressing 19 separate vulnerabilities in its Windows operating system, Internet Explorer Web browser, Office, and other products. Microsoft gave three of the bulletins its highest “critical” rating, while the remaining five received the second-most-severe...