Computerworld

NSS Labs offers reward money for fresh exploits

NSS Labs is sweetening the pot for its ExploitHub marketplace by offering rewards to security gurus who can write working exploits for a dozen “high-value” vulnerabilities. The company, which has set ...
CSOonline

Rise of zero-day exploits reshape security recommendations

Research from Rapid7 shows a spike in zero-days contributing to quicker exploit timelines, leaving IT security teams under strain with a greater need for post-incident response. With zero-day attacks ...
Hosted on MSN

iPhone 17’s Memory Integrity Enforcement Raises the Cost of Crypto Attacks

Might one silicon-level change render top-of-the-line spyware so costly to construct? Apple is wagering that it might, with its iPhone 17. Apple’s new Memory Integrity Enforcement (MIE) system, which ...
Bleeping Computer

New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems

A new speculative execution attack named "TIKTAG" targets ARM's Memory Tagging Extension (MTE) to leak data with over a 95% chance of success, allowing hackers to bypass the security feature. The ...

VMware ESXi zero-days likely exploited a year before disclosure

Chinese-speaking threat actors used a compromised SonicWall VPN appliance to deliver a VMware ESXi exploit toolkit that seems to have been developed more than a year before the targeted ...
The Hacker News

China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

Researchers found Chinese-linked attackers abused SonicWall VPN access and VMware ESXi zero-day flaws to escape VMs and gain ...