Google Launches Vanir: An open-source tool for validating security patches
Google has launched Vanir, an open-source tool to simplify and automate security patch validation. First previewed at the Android Bootcamp in April, Vanir helps Android developers and OEMs quickly adopt [...]
SonicWall Flaws Enable Remote Code Execution
SonicWall warns of critical flaws in SMA 100 series appliances, enabling remote code execution, authentication bypass, and system compromise. SonicWall advises users to update their SMA 200, 210, 400, 410, [...]
HCL DevOps Deploy & Launch Vulnerable to HTML Injection
A newly discovered vulnerability in HCL Software's DevOps Deploy and Launch platforms, CVE-2024-42195, allows attackers to insert arbitrary HTML tags into the web UI, which could expose sensitive information. CVE-2024-42195 [...]
ChatGPT Next Web Vulnerability Allows SSRF Exploits via Endpoint
Researchers reported CVE-2023-49785, a critical ChatGPT Next Web (NextChat) vulnerability, raising cybersecurity concerns over its SSRF exploitation potential. NextChat is a web interface for large language models (LLMs) like ChatGPT, [...]
ElizaRAT Uses Google, Telegram, & Slack for C2 Communications
APT36, a Pakistani cyber-espionage group, now uses ElizaRAT, a Windows RAT with advanced evasion and C2 features, to target Indian government, diplomats, and military. APT36 uses Windows, Linux, and Android [...]
FHN 
