PT-2026-5123

Microsoft has issued an emergency patch for a zero-day vulnerability CVE-2021-21509 in Office, allowing attackers to bypass OLE mitigations and execute malware. CISA has included the flaw in their KEV catalog. Microsoft Office SecurityPatch ZeroDayVulnerability https://t.co/WMeToNOuIK...

A week in security (August 19 – August 25)

Last week on Malwarebytes Labs: Millennials’ sense of privacy uniquely tested in romantic relationships Hacked GPS tracker reveals location data of customers "We will hold them accountable": General Motors sued for selling customer driving data to third parties Why you need to know about ransomwa...

A week in security (January 22 – January 28)

Last week on Malwarebytes Labs: 10 things to do to improve your online privacy Ring curtails law enforcement’s access to footage Malicious ads for restricted messaging applications target Chinese users Malwarebytes wins every MRG Effitas award for 2 years in a row AI likely to boost ransomware,...

Patch now! Fortra GoAnywhere MFT vulnerability exploit available

On January 22, 2024, software company Fortra warned customers about a new authentication bypass vulnerability impacting GoAnywhere MFT Managed File Transfer that allows an attacker to create a new admin user. Fortra GoAnywhere MFT is a file transfer solution that organizations use to exchange the...

A week in security (December 12 - 18)

Last week on Malwarebytes Labs: Indiana sues TikTok, describes it as "Chinese Trojan Horse" Iranian hacking group uses compromised email accounts to distribute MSP remote access tool Electronic Sales Suppression Tools are cooking the books Silence is golden partner for Truebot and Cl0p ransomware...

Apple Releases iOS, iPadOS, macOS Updates to Patch Actively Exploited Zero-Day Flaw

Apple on Thursday released security updates for iOS, iPadOS, macOS, and Safari to address a new WebKit flaw that it said may have been actively exploited in the wild, making it the company's third zero-day patch since the start of the year. Tracked as CVE-2022-22620, the issue concerns a...

A week in security (March 1 – 7)

Last week on Malwarebytes Labs, our podcast featured Eva Galperin who talked to us about defending online anonymity and speech. We wrote about how Ryuk ransomware has developed a worm-like capability, how Exchange servers are attacked by Hafnium zero-days, 21 million free VPN users’ data was...

foramnagaidhlig.net Cross Site Scripting vulnerability OBB-1451929

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Google October Android Security Update Fixes Critical RCE Flaws

UPDATE Google has released fixes for three critical-severity vulnerabilities in the Media framework of its Android operating system, which if exploited could allow a remote attacker to execute code. The remote code execution RCE flaws are part of Google’s October 2019 Android Security Bulletin,...