0day
-
Google security report reveals more than 60 0day used for commercial spyware
More than 60 zero-day vulnerabilities (0day) that have been made public since 2016 are associated with commercial spyware vendors for government agencies, and vulnerabilities exist in products from a number of companies, including Apple, Adobe, Google, and others, where they have been used for attack purposes including targeting journalists and political dissidents. The report notes that a large number of vulnerabilities are actively exploited in 2023.
-
HTTP/2 zero-day vulnerability (CVE-2023-44487) triggered the largest denial of service attack in history
Recently, Google announced the HTTP/2 protocol vulnerability CVE-2023-44487.
Attackers can use this vulnerability to launch low-cost and very large-scale attacks (http2-rapid-reset-ddos-attack). Attackers used this method to launch attacks on Google Cloud Platform customers starting in August. In one attack, the attacker issued up to 398 million requests in 1 second, which is also the highest number of requests per second on record. an attack. -
[Early Warning] Serious security vulnerabilities exposed in curl and libcurl libraries
Description: cURL is a widely used multi-functional open source command line tool that uses URL syntax to transmit data and supports a variety of network protocols including SSL, TLS, HTTP, FTP, and SMTP. libcurl is…
-
Predator software exploits Apple zero-day vulnerability to attack Egyptian government
A piece of spyware called Predator exploited Apple's new zero-day vulnerability to target a former Egyptian lawmaker. The discovery of this attack further emphasizes the importance of cybersecurity, especially for politicians and public figures.