🚀 Medial Secures Investment on Shark Tank India - Fueling the Future of Professional Social Networking. 🔥

Startup Showcase

Premium Content

Try our Valuation Calculator →

News on Medial

Critical vulnerability affecting most Linux distros allows for bootkits

Arstechnica

Arstechnica · 1y ago

Critical vulnerability affecting most Linux distros allows for bootkits

Linux developers are working on patching a high-severity vulnerability that enables the installation of firmware-level malware, granting deep-level access to an infected device. The vulnerability exists in shim, a component that runs in the firmware during the early boot process. Successful exploitation allows attackers to execute malicious firmware before the operating system starts, neutralizing the secure boot mechanism. The flaw, named CVE-2023-40547, is a buffer overflow that can be exploited through compromised devices or servers. Physical access to a device or administrative control could also be used to exploit the vulnerability.

Related News

Federal agency warns critical Linux vulnerability being actively exploited

Arstechnica

Arstechnica · 1y ago

Federal agency warns critical Linux vulnerability being actively exploited

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security bug in Linux to its list of actively exploited vulnerabilities. The vulnerability, identified as CVE-2024-1086, allows attackers with existing access to affected systems to escalate their privileges. It is a result of a use-after-free error in the Linux kernel versions 5.14 through 6.6. The bug was patched in January, but some production systems have yet to install the update. CISA advises organizations to apply the patch promptly. There are currently no known details about the active exploitation of this vulnerability.

Google quietly corrects previously submitted disclosure for critical webp 0-day

Arstechnica

Arstechnica · 1y ago

Google quietly corrects previously submitted disclosure for critical webp 0-day

Google has resubmitted a disclosure of a critical code-execution vulnerability affecting not just the Chrome browser but also thousands of individual apps and software frameworks. The vulnerability is found in the libwebp code library, created by Google in 2010, which is used for rendering webp images. The vulnerability allows attackers to execute malicious code through a booby-trapped webp image. Google initially failed to note that other code using libwebp was also vulnerable, causing delays in patching the vulnerability. Microsoft Teams and Visual Studio Code remain unpatched.

Actively exploited Cisco 0-day with maximum 10 severity gives full network control

Arstechnica

Arstechnica · 1y ago

Actively exploited Cisco 0-day with maximum 10 severity gives full network control

Cisco has warned its customers about a critical zero-day vulnerability that is actively being exploited to gain full control over networks. The vulnerability, tracked as CVE-2023-20198, affects Cisco IOS XE software and allows attackers to create an account with admin privileges, enabling unauthorized activities. The exploit has been under exploitation for at least four weeks, affecting potentially 80,000 Internet-connected devices. Cisco advises affected entities to implement its recommended steps immediately to protect their devices. The vulnerability is easy to exploit and poses a significant risk to infected networks.

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux

Arstechnica

Arstechnica · 1y ago

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux

Researchers have discovered a critical vulnerability in the OpenSSH networking utility that could allow attackers to gain complete control over Linux and Unix servers without the need for authentication. The vulnerability, known as CVE-2024-6387, enables remote code execution with root system rights on Linux systems that use glibc. This vulnerability, resulting from a regression introduced in 2020, could lead to system compromise, malware installation, data manipulation, and the creation of backdoors. While the severity of the threat is significant, factors such as the attack's time-consuming nature and limitations on OS versions make mass exploitation unlikely. However, targeted attacks may still be possible.

Apple patches 0-day exploited in “extremely sophisticated attack”

Arstechnica

Arstechnica · 6m ago

Apple patches 0-day exploited in “extremely sophisticated attack”

Apple has patched a critical zero-day vulnerability affecting most supported iPhones and iPads, prompted by a sophisticated exploit targeting specific individuals on older iOS versions. This flaw, tracked as CVE-2025-24201, involves a Webkit bug allowing malicious web content to breach security. Affected devices include iPhone XS and later, various iPads, with users advised to upgrade to iOS and iPadOS 18.3.2 promptly, especially if they are potential targets of advanced cyber threats.

Google Chrome vulnerabilities expose millions — What should you do

Economic Times

Economic Times · 3m ago

Google Chrome vulnerabilities expose millions — What should you do

The Indian Computer Emergency Response Team (CERT-In) has warned about multiple vulnerabilities in Google Chrome, affecting Windows, MacOS, and Linux users. These vulnerabilities could allow remote attackers to execute code on users' systems. The specific vulnerabilities involve insufficient policy enforcement in Loader and incorrect handling in Mojo. The CVE-2025-4664 vulnerability is actively being exploited. Users are urged to update their Chrome versions to safeguard against these security issues.

Google Releases Chrome Update to Address Actively Exploited Vulnerability

Business Bytes

Business Bytes · 1y ago

Google Releases Chrome Update to Address Actively Exploited Vulnerability

Google Releases Chrome Update to Address Actively Exploited Vulnerability Google has issued a critical update for its Chrome web browser across all supported PC operating systems. This emergency update aims to address a security vulnerability that is currently being actively exploited. While specific details regarding the vulnerability are undisclosed at this point, what is known is that the issue extends beyond Chrome, affecting browsers and internet clients developed by other companies as well. In this article, we delve into the importance of this security patch and its implications for online security.

Apple patches 0-day exploited in “extremely sophisticated attack”

Arstechnica

Arstechnica · 6m ago

Apple patches 0-day exploited in “extremely sophisticated attack”

Apple has patched a critical zero-day vulnerability in Webkit affecting iPhones and iPads, potentially exploited in a sophisticated attack targeting specific individuals. This vulnerability allowed malicious web content to escape the security sandbox. It impacts several iPhone and iPad models, requiring users to update to iOS and iPadOS 18.3.2. While there’s no indication of widespread exploitation, targets of entities like law enforcement or nation-state spies should update immediately for security.

SAP warns of high-severity vulnerabilities in multiple products

Arstechnica

Arstechnica · 10h ago

SAP warns of high-severity vulnerabilities in multiple products

SAP has identified critical vulnerabilities in its NetWeaver platform and other products, urging immediate patches. The most severe, CVE-2025-42944, allows unauthorized command execution via open ports. Other high-severity flaws include a deserialization issue and vulnerabilities in various SAP products, with ratings up to 9.9. Previously, SecurityBridge reported an exploited vulnerability in SAP S/4HANA, highlighting potential risks like data theft and espionage. Users are advised to prioritize updates to safeguard their systems.

“This vulnerability is now under mass exploitation.” Citrix Bleed bug bites hard

Arstechnica

Arstechnica · 1y ago

“This vulnerability is now under mass exploitation.” Citrix Bleed bug bites hard

A critical vulnerability in Citrix hardware, known as Citrix Bleed, is being exploited by ransomware hackers despite a patch being available for three weeks. The vulnerability allows attackers to bypass multifactor authentication (MFA) and gain access to enterprise networks. Session tokens, including those used for MFA, can be disclosed through this vulnerability. Security researcher Kevin Beaumont has reported at least 20,000 instances of exploited Citrix devices. It is recommended that organizations patch their devices, rotate credentials, and check for signs of compromise.

Trackers

Active Indian VC’s

OG Capital Email

With a hands-on approach, OG Capital aims to invest in over 20 promising...

Accel Partners Email

Early and growth-stage investments in disruptive technology companies with...

Early-stage venture capital firm investing in technology startups in India. Focus on...

Access All Trackers

Startup Showcase Winners

Aug 2025

Build. Comply. Fund. Fly.

Crypto to INR payments app for Indians

Your CV, Done Right.

Enter Ongoing Startup Showcase

Top Users

Trending News on Medial

Download the medial app to read full posts, comements and news.