Tag

Exploits

All articles tagged with #exploits

technology2 days ago•3 min saved

Diablo 4 Patch 3.0.3 Ends Infinite Loot Goblins and Fixes Quest Blockers

Blizzard’s Diablo 4 patch 3.0.3 clamps several exploits (notably War Plans abuse that spawns infinite loot goblins and the Amalgam of Rage), fixes quest blockers and endgame issues, and makes quality-of-life adjustments (Obols drops on higher Torment, Artificer’s Obelisk spawning, and restoring the Ball Lightning Core tag). It also notes Season 14 should make War Plans more co‑op friendly. The update went live May 26, with a May 28 developer Q&A scheduled in the Diablo Discord.

via PCGamesN|

#diablo-4 #exploits #loot-goblins

technology1 month ago•1 min saved

Threat Actors Exploit Three Defender Zero-Days; Two Remain Unpatched

Huntress warns that three Microsoft Defender zero-days—BlueHammer, RedSun, and UnDefend—are being actively exploited to gain elevated access and disrupt definition updates. BlueHammer has a fix (CVE-2026-33825) included in Patch Tuesday, while RedSun and UnDefend remain unpatched. Exploitation has been observed since April 10–16, 2026 with hands-on-keyboard activity; affected networks have been isolated to prevent further post-exploitation.

via The Hacker News|

#exploits #huntress #microsoft-defender

technology2 months ago•3 min saved

Leaked government toolkit weaponizes 23 iPhone flaws to hack devices

Google warns of Coruna—a suspected leaked US government tool—that uses 23 iPhone vulnerabilities to hijack devices, potentially via malicious Safari links; the spyware can spread globally through cybercriminals and affects iPhones on iOS versions 13 through 17.2.1, with guidance to update iOS or enable Lockdown Mode for protection.

via New York Post|

#cybersecurity #exploits #ios

gaming3 months ago•7 min saved

Embark Studios cracks down on Arc Raiders exploiters after glitches

Embark Studios has completed a review of Arc Raiders exploits, deploying patches and outlining penalties for offenders: warnings for low-severity cases, deletion of coins gained through glitches, and suspensions for severe violations, as it continues investigations into how the exploits occurred and how to prevent them, ahead of the Shrouded Sky content update, and urging players to report findings on the official Discord to help restore balance.

via Eurogamer|

#arc-raiders #embark-studios #exploits

gaming3 months ago•2 min saved

ARC Raiders: Investigation Findings Prompt Targeted Enforcement to Restore Balance

ARC Raiders concluded its investigation into recent exploits, attributing them to a design flaw and outlining a measured enforcement plan based on severity, intent, and impact—including warnings, removal of coins tied to exploits, and suspensions in severe cases. The team has improved detection and safeguards, will continue monitoring, and asks players to report issues via Discord to help maintain fair play.

via ARC Raiders|

#arc-raiders #enforcement-actions #exploits

cybersecurity5 months ago•21 min saved

Apple and Google Release Urgent Security Patches for Zero-Day Vulnerabilities

This weekly cybersecurity recap highlights active exploits and critical vulnerabilities in popular software like Apple, WinRAR, and .NET, along with emerging threats such as OAuth scams, sophisticated phishing campaigns, and state-sponsored cyber espionage, emphasizing the urgent need for timely security updates and vigilance.

via The Hacker News|

#cyber-threats #cybersecurity #exploits

technology7 months ago•1 min saved

Apple Boosts Bug Bounty to $2 Million for Zero-Click Exploit Chains

Apple has increased its bug bounty reward to $2 million for the most dangerous exploits that could be used for spyware, with the potential total reward reaching $5 million including bonuses, as part of its ongoing efforts to improve security and combat the spyware industry.

via WIRED|

#apple #bug-bounty #cybersecurity

security10 months ago•2 min saved

Microsoft Investigates SharePoint Vulnerabilities Exploited in Ransomware Attacks

A China-based hacking group, Storm-2603, is exploiting vulnerabilities in Microsoft SharePoint servers to deploy Warlock ransomware, affecting over 420 servers globally and targeting various U.S. government agencies and organizations, with Microsoft urging immediate security updates.

via BleepingComputer|

#cyberattack #exploits #ransomware

technology10 months ago•2 min saved

Google and Microsoft Warn of Chinese Hackers Exploiting SharePoint Zero-Day

Google and Microsoft have identified Chinese-backed hacking groups exploiting a zero-day vulnerability in Microsoft SharePoint to steal data and plant malware, prompting urgent patching efforts worldwide, with multiple organizations already compromised.

via TechCrunch|

#china-backed-hackers #cybersecurity #exploits

technology1 year ago•1 min saved

Elon Musk Claims Top Spot in Diablo 4, Sparking Skepticism

Elon Musk's recent claim of setting a world record in Diablo IV by clearing a challenging dungeon in under two minutes is under scrutiny. Fans suspect Musk exploited a known bug that drastically increased health points, allowing for excessive damage output. This aligns with Musk's history of exploiting loopholes and obfuscating details, raising doubts about the legitimacy of his gaming achievement.

via Futurism|

#blizzard #diablo-iv #elon-musk

vulnerability-data-protection1 year ago•2 min saved

"Urgent: Patch SolarWinds Serv-U Vulnerability Amid Active Exploits"

A high-severity directory traversal vulnerability in SolarWinds Serv-U file transfer software (CVE-2024-28995) is being actively exploited, allowing attackers to read sensitive files. The flaw affects all versions up to Serv-U 15.4.2 HF 1 and has been patched in version 15.4.2 HF 2. Users are urged to update immediately to mitigate potential threats, as public proof-of-concept exploits make it easy for attackers to leverage this vulnerability.

via The Hacker News|

#cve-2024-28995 #cybersecurity #exploits

cybersecurity2 years ago•2 min saved

CISA Warns of Active Exploits in Apache Flink and NextGen Healthcare Flaws

A three-year-old improper access control bug in Apache Flink, CVE-2020-17519, is being actively exploited, prompting the US government to add it to the Known Exploited Vulnerabilities Catalog. Federal agencies must patch or stop using the software by June 13, and all users should ensure they are updated and check for potential compromises. The flaw allows attackers to read any file on the JobManager's local filesystem via the REST interface, and its exploitation underscores the critical need for timely software updates.

via The Register|

#apache-flink #cve-2020-17519 #cybersecurity

cybersecurity2 years ago•4 min saved

"Raspberry Robin Malware Expands Arsenal with Windows Exploits and Discord Spread"

The Raspberry Robin malware has evolved to include one-day exploits targeting vulnerabilities in Windows systems, indicating that the malware operator has access to exploit code or sources. The malware has also implemented new evasion techniques and distribution methods, including the use of Discord to drop malicious files onto targets. Check Point reports an increase in Raspberry Robin's operations, with large attack waves targeting systems worldwide. The malware now leverages exploits for CVE-2023-36802 and CVE-2023-29360 to elevate privileges on infected devices, and it has added new evasion mechanisms to evade security tools and OS defenses. The malware's operators are likely connected to a developer that provides exploit code, and Check Point provides indicators of compromise for identifying Raspberry Robin.

via BleepingComputer|

#check-point #cybersecurity #exploits

cybersecurity2 years ago•2 min saved

"Urgent Patch Released for Critical Jenkins RCE Vulnerability"

Multiple proof-of-concept exploits have been released for a critical Jenkins vulnerability, allowing unauthenticated attackers to read arbitrary files and execute arbitrary CLI commands. SonarSource researchers discovered two flaws, one enabling data access and the other allowing arbitrary command execution. Jenkins has released fixes for the flaws, but researchers have already reproduced attack scenarios and created working PoC exploits, with reports of hackers actively exploiting the vulnerabilities in the wild.

via BleepingComputer|

#cybersecurity #exploits #jenkins

cybersecurity2 years ago•2 min saved

"Massive Exploitation of Critical Atlassian Confluence RCE Vulnerability"

More than 600 IP addresses are launching thousands of exploit attempts against a critical bug in out-of-date versions of Atlassian Confluence Data Center and Server, which can allow unauthenticated remote code execution (RCE) attacks. Despite Atlassian urging customers to update immediately, over 11,000 instances remain exposed on the internet, with more than 39,000 RCE attempts seen since January 19. Organizations with vulnerable instances are advised to assume a breach, patch, and take precautions, as this follows a string of critical flaws that have plagued the company in recent months.

via The Register|

#atlassian #cve-2023-22527 #cybersecurity