Google has released a new security update for Chrome browser 78.0.3904.87 for Windows, Mac and Linux. There are reports of one of those vulnerabilities CVE-2019-13720 being exploited in the wild.
A security researcher recently detected a zero-day CSRF vulnerability CVE-2019-12922 in phpMyAdmin 220.127.116.11, which allows the deletion of any server in the Setup page.
Microsoft issued the September 2019 Security Updates that include 79 unique vulnerability fixes, 17 of those rated critical. In addition, two of the patches address two 0-day Privileged Escalation vulnerabilities CVE-2019-1214 and CVE-2019-1215.
A group of hackers have been using compromised websites to launch watering hole attacks against iPhone users who visit the websites. The attacks also use five different exploit chains and exploit 0-day vulnerabilities that don't require any user interaction.
Mozilla has released a security update that fixes a critical vulnerability in Firefox 67.0.3 and Firefox ESR 60.7.1.
Security researchers at Google have disclosed zero-day vulnerabilities that impact Chrome and Windows 7 OS. Google has provided a patch for Chrome, but no update is yet available for Windows 7.
A security researcher going by the name of SandboxEscaper has published online a new proof-of-concept (POC) for a new zero-day vulnerability that impacts Windows systems.
Microsoft issued the November 2018 Security Updates that include 62 unique vulnerability fixes, 12 of them rated critical.
A security researcher released the details of a VirtualBox vulnerability that affects VirtualBox 5.2.20 and earlier versions.
A local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface of Windows task scheduler was discovered.