Security News – Brandefense

React2Shell — The Day 5 Reality Check

BRANDEFENSE — Wed, 10 Dec 2025 14:38:36 +0000

React2Shell (CVE-2025-55182) is a pre-auth RCE vulnerability in React Server Components with a CVSS 10.0 score. This blog examines the first five days after disclosure, how attackers weaponized it, and the urgent actions organizations must take to reduce exposure.

The post React2Shell — The Day 5 Reality Check appeared first on Brandefense.

Data Breach at Internet Archive Exposes 31 Million User Records

Brandefense — Fri, 11 Oct 2024 08:31:31 +0000

A recent cyber attack has resulted in a significant data breach at the Internet Archive, impacting 31 million users. The breach was made public after a JavaScript alert appeared on the website, confirming the compromise of the site’s authentication database. The stolen database includes sensitive user information such as email addresses, bcrypt-hashed passwords, and other...

The post Data Breach at Internet Archive Exposes 31 Million User Records appeared first on Brandefense.

CISA Warns of Active Exploitation in SonicWall, Linux Kernel, and ImageMagick Vulnerabilities

Brandefense — Thu, 12 Sep 2024 07:30:16 +0000

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding the active exploitation of three critical vulnerabilities, which have been added to its Known Exploited Vulnerabilities (KEV) catalog. This warning emphasizes the urgent need for Federal Civilian Executive Branch (FCEB) agencies to patch affected systems by September 30, 2024, to protect against...

The post CISA Warns of Active Exploitation in SonicWall, Linux Kernel, and ImageMagick Vulnerabilities appeared first on Brandefense.

CVE-2024-8105: Critical UEFI Vulnerability

Brandefense — Thu, 05 Sep 2024 07:01:14 +0000

CVE-2024-8105, also known as “PKfai,” is a significant vulnerability identified within the UEFI (Unified Extensible Firmware Interface) ecosystem. With a CVSS score of 8.2, this flaw weakens critical UEFI security mechanisms, making systems vulnerable to malicious attacks that can bypass fundamental protections like Secure Boot. Overview of UEFI and Its Role: UEFI is a vital...

The post CVE-2024-8105: Critical UEFI Vulnerability appeared first on Brandefense.

Actively Exploited Two New Zero-Day Vulnerabilities Hit Google Chrome

Brandefense — Wed, 28 Aug 2024 12:53:40 +0000

Google has recently confirmed that two zero-day vulnerabilities, CVE-2024-7965 and CVE-2024-7971, have been actively exploited in the wild, posing a significant threat to Chrome users. CVE-2024-7965, with a CVSS score of 8.8, affects the V8 JavaScript engine in Chrome. This flaw involves improper implementation within the engine, enabling remote attackers to exploit heap corruption through...

The post Actively Exploited Two New Zero-Day Vulnerabilities Hit Google Chrome appeared first on Brandefense.

CVE-2024-38193: Microsoft Patches Critical Zero-Day Exploit Used by North Korea’s Lazarus Group

Brandefense — Wed, 21 Aug 2024 14:59:42 +0000

A new vulnerability discovered in the Microsoft Windows operating system has been exploited as a zero-day attack by the Lazarus Group, a state-sponsored actor affiliated with North Korea. This vulnerability tracked as CVE-2024-38193, is identified as an elevation of a privilege bug in the Windows Ancillary Function Driver (AFD.sys) file for WinSock. The vulnerability was...

The post CVE-2024-38193: Microsoft Patches Critical Zero-Day Exploit Used by North Korea’s Lazarus Group appeared first on Brandefense.

August’24 Patch Tuesday: Six Actively Exploited Zero-Day Vulnerabilities

Brandefense — Wed, 14 Aug 2024 11:36:06 +0000

In its August 2024 Patch Tuesday release, Microsoft addressed 88 vulnerabilities, including seven critical flaws and ten zero-day vulnerabilities. Notably, six of these zero-day vulnerabilities are currently being actively exploited in the wild, underscoring the urgent need for organizations to implement patches without delay. Comprehensive Update Scope This extensive update affects a wide range of...

The post August’24 Patch Tuesday: Six Actively Exploited Zero-Day Vulnerabilities appeared first on Brandefense.

Critical Zero-Day Kernel Vulnerability Actively Exploited in Android Devices

Brandefense — Wed, 07 Aug 2024 11:46:41 +0000

Google’s recent Android security updates have revealed a critical zero-day vulnerability, CVE-2024-36971, which has been actively exploited in targeted attacks. This flaw, found in the network route management of the Linux kernel, is a use-after-free (UAF) vulnerability that can lead to memory corruption. If successfully exploited, this vulnerability could allow attackers to execute arbitrary code...

The post Critical Zero-Day Kernel Vulnerability Actively Exploited in Android Devices appeared first on Brandefense.

First Days, First Shots: Scammers Exploit Paris Olympics with 48GB Mobile Data

Brandefense — Mon, 29 Jul 2024 11:32:42 +0000

As the Paris Olympics are set to begin this weekend, threat actors are attempting to exploit the situation for their own gain. They have initiated fraudulent activities aimed at profiting from tickets and products related to the event. With approximately 15.3 million visitors expected in Paris, scammers are taking advantage of the excitement and enthusiasm...

The post First Days, First Shots: Scammers Exploit Paris Olympics with 48GB Mobile Data appeared first on Brandefense.

BlastRADIUS Vulnerability (CVE-2024-3596) Exposes RADIUS Protocol to Critical Network Security Risk

Brandefense — Wed, 10 Jul 2024 14:20:37 +0000

A newly identified vulnerability (CVE-2024-3596), dubbed “BlastRADIUS,” has been discovered in the RADIUS protocol, posing a critical risk to network security. Researchers from the University of California, San Diego, have published a practical exploit for this flaw, marking the first successful demonstration of an attack against the RADIUS protocol. The FreeRADIUS Server Project has promptly responded...

The post BlastRADIUS Vulnerability (CVE-2024-3596) Exposes RADIUS Protocol to Critical Network Security Risk appeared first on Brandefense.