• Skip to primary navigation
  • Skip to main content
GreyKeep Security logo

GreyKeep Security

Expert security for an evolving digital age

  • Services
  • Our Approach
  • Blog
  • About
  • Contact Us
  • Show Search
Hide Search

Google Issues Maximum-Severity libwebp Vulnerability

greykeep · September 26, 2023 ·

Neon Google logo on industrial wall
Photo by Mitchell Luo

Google has submitted a new CVE for a vulnerability identified in libwebp, an open-source library for handling images in WebP format. WebP allows for smaller image sizes, reducing download times and improving website performance, and is supported by popular web browsers.

Google initially reported the issue as a flaw in Google Chrome (CVE-2023-4863) with a severity rating of 8.8 (High), but the company subsequently issued the WebP vulnerability under CVE-2023-5129 assigning the maximum severity rating possible – 10/10 (Critical).

[Read more…] about Google Issues Maximum-Severity libwebp Vulnerability

Weekly Malware Roundup – September 25, 2023

greykeep · September 26, 2023 ·

GreyKeep Security Malware Roundup - September 5, 2023

This is the GreyKeep Security Malware Roundup for September 25, 2023. Here’s a summary of what’s in this week’s edition:

Targets

Android
WinRAR
GitHub
GitLab
Azure
Redis
Free Download Manager

Organizations

Azerbaijan
City of Dallas
Middle East telecom
U.S. banks
Latin American banks
Ukrainian Military
Israeli organizations
Political activists/journalists
(Middle East)

Threat Actors

Earth Lusca (China)
Transparent Tribe (Pakistan)
OilRig (Iran)
Stealth Falcon
[Read more…] about Weekly Malware Roundup – September 25, 2023

Cybersecurity Daily: September 20, 2023

greykeep · September 20, 2023 ·

GreyKeep Security Cybersecurity Daily News

Your daily dose of relevant cybersecurity advisories, industry news, and product updates for September 20, 2023.

Advisories

  • Microsoft reveals memory corruption bugs in ‘ncurses’ library
  • Thousands of Juniper devices vulnerable to unauthenticated RCE flaw
  • Payment Card-Skimming Campaign Now Targeting Websites in North America
  • New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services
  • APT36 state hackers infect Android devices using YouTube app clones
  • Trend Micro addresses actively exploited zero-day in Apex One and other security Products
  • GitLab Patches Critical Pipeline Execution Vulnerability
  • Qatar Cyber Chiefs Warn on Mozilla RCE Bugs
  • Hackers backdoor telecom providers with new HTTPSnoop malware
  • Critical Security Flaws Exposed in Nagios XI Network Monitoring Software
  • Fortinet FortiOS Flaw Let Attacker Execute Malicious JavaScript Code
  • Atos Unify Vulnerabilities Could Allow Hackers to Backdoor Systems
  • Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys
[Read more…] about Cybersecurity Daily: September 20, 2023

Weekly Malware Roundup – September 18, 2023

greykeep · September 18, 2023 ·

GreyKeep Security Malware Roundup - September 5, 2023

This is the GreyKeep Security Malware Roundup for September 18, 2023. Here’s a summary of what’s in this week’s edition:

Targets

Amazon Web Services
(Amplify, Fargate, SageMaker)
Microsoft Windows
Apple MacOS
Facebook Messenger
Google Chrome
Adobe Acrobat
GitHub
Free Download Manager
Webdav

Organizations

MGM Resorts International
Defense
Satellite
Pharmaceutical
Asian power grid
Android banking apps

Threat Actors

Earth Lusca (China)
ALPHV
Cuba (ransomeware group)
Peach Sandstorm (Iran)
Winnti Group/Redfly (China)
Lazarus (N. Korea)
[Read more…] about Weekly Malware Roundup – September 18, 2023

Cybersecurity Daily: September 14, 2023

greykeep · September 14, 2023 ·

GreyKeep Security Cybersecurity Daily News

Your daily dose of relevant cybersecurity advisories, industry news, and product updates for September 14, 2023.

Advisories

  • Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild – Update Now
  • Cybercriminals Using PowerShell to Steal NTLMv2 Hashes from Compromised Windows
  • Microsoft Patches a Pair of Actively Exploited Zero-Days
  • Windows 11 ‘ThemeBleed’ RCE bug gets proof-of-concept exploit
  • Azure HDInsight Flaws Allowed Data Access, Session Hijacking, Payload Delivery
  • Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks
  • New Kubernetes vulnerability allows privilege escalation in Windows
  • Cisco IOS Verification Flaw Let Attackers Execute Arbitrary Code
  • Adobe fixed actively exploited zero-day in Acrobat and Reader
  • N-Able’s Take Control Agent Vulnerability Exposes Windows Systems to Privilege Escalation
  • SolarWinds Platform Vulnerability Let Attackers Execute Arbitrary Commands
  • A new Repojacking attack exposed over 4,000 GitHub repositories to hack
  • Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger
  • Microsoft Warns of New Phishing Campaign Targeting Corporations via Teams Messages
[Read more…] about Cybersecurity Daily: September 14, 2023
  • « Go to Previous Page
  • Page 1
  • Page 2
  • Page 3
  • Page 4
  • Page 5
  • Interim pages omitted …
  • Page 9
  • Go to Next Page »

How can we help you become more secure? Contact Us

GreyKeep Security

© 2025 GreyKeep Security LLC · All Rights Reserved

  • Services
  • Our Approach
  • GreyKeep Security Blog
  • About Us
  • Contact Us