Google Patches Pair of Exploited Vulnerabilities in Android
Google on Monday announced fixes for more than 40 vulnerabilities in Android, warning that two of the issues are actively exploited in the wild. The exploited flaws include CVE-2024-43093, a bypass of a file path filter in the Framework component that could lead to privilege escalation, and CVE-2024-50302, a zero-initialize issue with the report buffer in Linux kernel that could lead to memory leaks. READ MORE...
Vulnerabilities Patched in Qualcomm, Mediatek Chipsets
Chip makers Qualcomm and Mediatek on Monday announced patches for many vulnerabilities, including five issues that were resolved with the latest Android fixes. Qualcomm's March 2025 security bulletin details 14 security defects impacting proprietary software used in tens of chipset models, including seven issues rated 'critical severity'. All critical flaws are described as memory corruption issues. READ MORE...
Broadcom fixes three VMware zero-days exploited in attacks
Broadcom warned customers today about three VMware zero-days, tagged as exploited in attacks and reported by the Microsoft Threat Intelligence Center. The vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) impact VMware ESX products, including VMware ESXi, vSphere, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform. Attackers with privileged administrator or root access can chain these flaws to escape the virtual machine's sandbox. READ MORE...
Microsoft-signed driver used in ransomware attacks
A zero-day vulnerability in a Microsoft-signed driver from Paragon Software is being exploited in ransomware attacks. CERT Coordination Center on Friday warned in a security advisory that five vulnerabilities were discovered in Paragon Partition Manager's BioNTdrv.sys driver. Threat actors have already exploited one of the flaws in what are known as "bring your own vulnerable driver" (BYOVD) attacks, in which attackers use signed drivers to compromise systems and evade detection. READ MORE...
CISA refutes claims it has been ordered to stop monitoring Russian cyber threats
It's been a confusing few days in the world of American cybersecurity. At the end of last week, it was reported that US Cyber Command had been ordered by Defense Secretary Pete Hegseth to pause its offensive operations against Russia. The news was swiftly followed by reports that staff at the US Cybersecurity and Infrastructure Security Agency (CISA) had been given similar instructions to turn a blind eye to hacks directed against United States that might be linked to Russia. READ MORE...
How Google tracks Android device users before they've even opened an app
Research from a leading academic shows Android users have advertising cookies and other gizmos working to build profiles on them even before they open their first app. Doug Leith, professor and chair of computer systems at Trinity College Dublin, who carried out the research, claims in his write up that no consent is sought for the various identifiers and there is no way of opting out from having them run. READ MORE...
CISA tags Windows, Cisco vulnerabilities as actively exploited
CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems. While the cybersecurity agency has tagged these flaws as actively exploited in the wild, it has yet to provide specific details regarding this malicious activity and who is behind it. The first flaw (tracked as CVE-2023-20118) enables attackers to execute arbitrary commands on RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers. READ MORE...
Android security update contains 2 actively exploited vulnerabilities
Google addressed 43 vulnerabilities affecting Android devices in its March security update, including a pair of software defects reportedly under active exploitation. Google said the two vulnerabilities - CVE-2024-43093 and CVE-2024-50302 - "may be under limited, targeted exploitation." The most severe of the flaws under active exploitation, CVE-2024-43093, carries a CVSS score of 7.8 and was added to CISA's known exploited vulnerabilities catalog in November. READ MORE...
- ...in 1745, Revolutionary War general Casimir Pulaski, recognized as "the father of the American cavalry", is born in Warsaw, Poland.
- ...in 1789, the first Congress of the United States meets, putting the US Constitution into effect for the first time.
- ...in 1922, F.W. Murnau's silent horror film "Nosferatu" (an early unauthorized adaptation of Bram Stoker's "Dracula") premieres in Berlin.
- ...in 1977, the first ever CRAY 1 supercomputer is shipped to Los Alamos Laboratories in New Mexico.
