Multiple flaws in system software that causes errors in packet handling could allow an attacker to consume memory and crash devices.
An attacker could pose as a company employee, invite customers or partners to meetings, then use socially engineered conversation to extract sensitive information.
Researchers said that the issue is only exploitable on Windows 7 and earlier.
The botnet can be used to mount different kinds of attacks, including code-execution and DDoS.
The zero-day vulnerability tracked as CVE-2020-9859 is exploited by the “Uncover” jailbreak tool released last week.
A pre-auth SQL injection bug leading to remote code execution is at the heart of a data-stealing campaign against XG firewalls, using the Asnarok trojan.
Alleged Windows flaw allows for remote code execution and is being flogged for $500,000.
Mozilla Foundation rushes patches to fix bugs in its browser that could allow for remote code execution.
Over 16 security flaws, including multiple backdoors and hardcoded SSH server keys, plague the software.
A Zoho zero day vulnerability and proof of concept (PoC) exploit code was disclosed on Twitter.