0day

More than 60 zero-day vulnerabilities (0day) that have been made public since 2016 are associated with commercial spyware vendors for government agencies, and vulnerabilities exist in products from a number of companies, including Apple, Adobe, Google, and others, where they have been used for attack purposes including targeting journalists and political dissidents. The report notes that a large number of vulnerabilities are actively exploited in 2023.

Recently, Google announced the HTTP/2 protocol vulnerability CVE-2023-44487.
Attackers can use this vulnerability to launch low-cost and very large-scale attacks (http2-rapid-reset-ddos-attack). Attackers used this method to launch attacks on Google Cloud Platform customers starting in August. In one attack, the attacker issued up to 398 million requests in 1 second, which is also the highest number of requests per second on record. an attack.

Description: cURL is a widely used multi-functional open source command line tool that uses URL syntax to transmit data and supports a variety of network protocols including SSL, TLS, HTTP, FTP, and SMTP. libcurl is…

A piece of spyware called Predator exploited Apple's new zero-day vulnerability to target a former Egyptian lawmaker. The discovery of this attack further emphasizes the importance of cybersecurity, especially for politicians and public figures.