Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution

May 8, 2024, 4 p.m. | Jonathan Munshaw

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence blog.talosintelligence.com

Two vulnerabilities in this group — one in the Tinyroxy HTTP proxy daemon and another in the stb_vorbis.c file library — could lead to arbitrary code execution, earning both issues a CVSS score of 9.8 out of 10.

arbitrary code arbitrary code execution code code execution cvss cvss score daemon earning file http library proxy score talos vulnerabilities vulnerability roundup zero-day zero-day vulnerabilities

Visit resource

More from blog.talosintelligence.com / Cisco Talos Intelligence Group - Comprehensive Threat Intelligence

The sliding doors of misinformation that come with AI-generated search results 3 days, 3 hours ago | blog.talosintelligence.com

change generated integration internet +5

DarkGate switches up its tactics with new payload, email templates 4 days, 9 hours ago | blog.talosintelligence.com

attachment campaigns cisco cisco talos +19

New banking trojan “CarnavalHeist” targets Brazil with overlay attacks 1 week, 2 days ago | blog.talosintelligence.com

attacks banking banking trojan banking trojans +19

Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks 1 week, 3 days ago | blog.talosintelligence.com

attackers attacks drivers equally +17

LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader 1 week, 3 days ago | blog.talosintelligence.com

apt apt groups bear campaign +7

New Generative AI category added to Talos reputation services 1 week, 4 days ago | blog.talosintelligence.com

announcements artificial artificial intelligence audio +11

Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level … 1 week, 4 days ago | blog.talosintelligence.com

acrobat adobe adobe acrobat application +14

Apple and Google are taking steps to curb the abuse of location-tracking devices — but … 2 weeks, 3 days ago | blog.talosintelligence.com

abuse adversaries airtag apple +16

From trust to trickery: Brand impersonation over the email attack vector 2 weeks, 4 days ago | blog.talosintelligence.com

adversaries attack attack vector brand +10

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Senior Security Researcher - Linux MacOS EDR (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel

View on infosec-jobs.com

Sr. Manager, NetSec GTM Programs

@ Palo Alto Networks | Santa Clara, CA, United States

View on infosec-jobs.com

SOC Analyst I

@ Fortress Security Risk Management | Cleveland, OH, United States

View on infosec-jobs.com

all InfoSec news

Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution

More from blog.talosintelligence.com / Cisco Talos Intelligence Group - Comprehensive Threat Intelligence

Jobs in InfoSec / Cybersecurity

CyberSOC Technical Lead

Cyber Security Strategy Consultant

Cyber Security Senior Consultant

Senior Security Researcher - Linux MacOS EDR (Cortex)

Sr. Manager, NetSec GTM Programs

SOC Analyst I