On the Zero-Day Market
New paper: “Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market“: Abstract: Spyware makes surveillance simple. The last ten...
Microsoft: Gift Card Fraud Rising, Costing Businesses up to $100,000 a Day
Microsoft has warned of surging gift card fraud and sophisticated approaches from the group Storm-0539 Read More
Fake Pegasus Spyware Strains Populate Clear and Dark Web
Actors in the clear and dark web are distributing fake source codes of the Pegasus spyware for financial gain Read More
A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution
A vulnerability has been discovered in Google Chrome that could allow for arbitrary code execution. Google Chrome is a web browser used to access the...
ZDI-24-504: Ivanti Avalanche FileStoreConfig Unrestricted File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The ZDI has...
ZDI-24-505: Ivanti Endpoint Manager RecordGoodApp SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The...
ZDI-24-506: Ivanti Endpoint Manager GetDBVulnerabilities SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The...
ZDI-24-507: Ivanti Endpoint Manager RecordGoodApp SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The...
ZDI-24-508: Ivanti Endpoint Manager RecordBrokenApp SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The...
ZDI-24-509: Ivanti Endpoint Manager GetDBPatches SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The...