A critical vulnerability (CVE-2024-28989) in SolarWinds’ Web Help Desk software allowed attackers to decrypt sensitive credentials due to weaknesses in AES-GCM implementation, including static encryption keys and nonce reuse. Patched in version 12.8.5, the flaw enabled practical decryption even without direct access. Organizations are urged to upgrade, restrict backup access, and implement robust key management practices.
Chrome Security Update Patches Critical Remote Code Execution Vulnerability
Google has issued an urgent security update for the Chrome browser on Windows, Mac, and Linux, addressing a critical vulnerability that could allow attackers to
