8 matches found
CVE-2026-41431
Zen Browser ships a MAR updater (org.mozilla.updater) with signature verification removed, leaving MAR files unsigned and the updater without verification code. Prior to version 1.19.9b, this enables arbitrary unsigned updates if the update server or GitHub release pipeline is compromised. The is...
Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages
Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was uncovered by JFrog late last month,...
PT-2022-25421
FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker suitably positioned on the network could intercept the update request and deliver a...
Google Pulls Adware Extensions from Chrome Store
Two Chrome extensions went from legitimate browsing ad-ons to adware-spewing nuisances in the blink of a legitimate transaction. Google recently took action against the Add to Feedly and Tweet this Page extensions, removing both from the Chrome Store after they were sold to adware brokers and fou...
Firefox 12 Debuts With Silent Update Mechanism
Mozilla has released version 12 of Firefox and the big change in the popular browser is the inclusion of a new update mechanism that will allow users to enable automatic updates that won’t require user interaction. The mechanism is similar to what Google Chrome has and is part of a trend toward...
[MATTA-2011-003] Restorepoint Remote root command execution vulnerability - CVE-2011-4201 CVE-2011-4202
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matta Consulting - Matta Advisory https://www.trustmatta.com Restorepoint Remote root command execution vulnerability Advisory ID: MATTA-2011-003 CVE reference: CVE-2011-4201 - Code injection vulnerability CVE-2011-4202 - Privilege escalation through...
Restorepoint 3.2-Evaluation Remote Root Command Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matta Consulting - Matta Advisory https://www.trustmatta.com Restorepoint Remote root command execution vulnerability Advisory ID: MATTA-2011-003 CVE reference: CVE-2011-4201 - Code injection vulnerability CVE-2011-4202 - Privilege escalation through...
Adobe to Patch Flash Zero Day on Windows, Mac on Friday
Adobe is planning to patch the recently disclosed Flash Player vulnerability on Friday for users on Windows, Mac OS X and Linux. The vulnerability is being used in targeted attacks right now that use malicious Word documents. Adobe said on Wednesday night that it plans to push out the Flash Playe...