bug

  • Blog
    digitpatrox3 days ago
    26

    ASUS Armoury Crate bug lets attackers get Windows admin privileges

    A high-severity vulnerability in ASUS Armoury Crate software could allow threat actors to escalate their privileges to SYSTEM level on Windows machines. The security issue is tracked as CVE-2025-3464 and received a severity score of 8.8 out of 10. It could be exploited to bypass authorization and affects the AsIO3.sys of the Armoury Crate system management software. Armoury Crate is the official system…

    Read More »
  • Blog
    digitpatrox4 days ago
    75

    Over 46,000 Grafana instances exposed to account takeover bug

    More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover. The flaw is tracked as CVE-2025-4123 and impacts multiple versions of the open-source platform used for monitoring and visualizing infrastructure and application metrics. The vulnerability was discovered by bug bounty hunter Alvaro Balada and was addressed in…

    Read More »
  • Blog
    digitpatrox1 week ago
    40

    DanaBot malware operators exposed via C2 bug added in 2022

    A vulnerability in the DanaBot malware operation introduced in June 2022 update led to the identification, indictment, and dismantling of their operations in a recent law enforcement action. DanaBot is a malware-as-a-service (MaaS) platform active from 2018 through 2025, used for banking fraud, credential theft, remote access, and distributed denial of service (DDoS) attacks. Zscaler’s ThreatLabz researchers who discovered the vulnerability, dubbed…

    Read More »
  • Blog
    digitpatrox1 week ago
    33

    Google patched bug leaking phone numbers tied to accounts

    A vulnerability allowed researchers to brute-force any Google account’s recovery phone number simply by knowing a their profile name and an easily retrieved partial phone number, creating a massive risk for phishing and SIM-swapping attacks. The attack method involves abusing a now-deprecated JavaScript-disabled version of the Google username recovery form, which lacked modern anti-abuse protections. The flaw was discovered by security…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    48

    Google patches new Chrome zero-day bug exploited in attacks

    Google has released an emergency security update to fix the third Chrome zero-day vulnerability exploited in attacks since the start of the year. “Google is aware that an exploit for CVE-2025-5419 exists in the wild,” the company warned in a security advisory published on Monday. This high-severity vulnerability is caused by an out-of-bounds read and write weakness in Chrome’s V8 JavaScript engine, reported one week ago by…

    Read More »
  • Blog
    digitpatroxMay 19, 2025
    63

    O2 UK patches bug leaking mobile user location from call metadata

    A flaw in O2 UK’s implementation of VoLTE and WiFi Calling technologies could allow anyone to expose the general location of a person and other identifiers by calling the target. The problem was discovered by security researcher Daniel Williams, who says the flaw existed on O2 UK’s network since March 27, 2017, and was resolved yesterday. O2 UK is a British…

    Read More »
  • Blog
    digitpatroxMay 18, 2025
    129

    CISA tags recently patched Chrome bug as actively exploited

    On Thursday, CISA warned U.S. federal agencies to secure their systems against ongoing attacks exploiting a high-severity vulnerability in the Chrome web browser. Solidlab security researcher Vsevolod Kokorin discovered the flaw (CVE-2025-4664) and shared technical details online on May 5th. Google released security updates to patch it on Wednesday. As Kokorin explained, the vulnerability is due to insufficient policy enforcement in Google Chrome’s…

    Read More »
  • Blog
    digitpatroxMay 4, 2025
    155

    Microsoft fixes Exchange Online bug flagging Gmail emails as spam

    ​Microsoft has resolved an issue with a machine learning model that mistakenly flagged emails from Gmail accounts as spam in Exchange Online. Tracked as EX1064599 in the Microsoft 365 admin center, the issue started impacting users on April 25 at 09:24 UTC, automatically moving emails erroneously tagged as malicious to the junk folder. “We’ve identified that our machine learning (ML)…

    Read More »
  • Blog
    digitpatroxApril 25, 2025
    78

    Microsoft fixes machine learning bug flagging Adobe emails as spam

    Microsoft says it mitigated a known issue in one of its machine learning (ML) models that mistakenly flagged Adobe emails in Exchange Online as spam. As the company revealed in an advisory on the Microsoft 365 admin center tagged as EX1061430, users had issues accessing alerts for Adobe URLs starting April 22 at 09:24 UTC while being warned that a…

    Read More »
  • Blog
    digitpatroxApril 22, 2025
    82

    Google Still Hasn’t Fixed This Dark Mode Bug on Pixel

    Dark mode has saved many of us from eye pain when using our smartphones at night. The difference between a black display with white text and a blinding white screen with black text is immeasurable when your phone is the only light source in the room—especially when you’re opening your eyes for the first time in a while. While many…

    Read More »
Load More
Back to top button
close