Type Confusion - Geek Feed

Critical SolarWinds Serv-U flaws offer root access to servers

February 28, 2026February 28, 2026 geekfeed0Tagged IDOR, root, Serv-U, SolarWinds, Type Confusion, vulnerability

SolarWinds has released security updates to patch four critical Serv-U remote code execution vulnerabilities that could grant attackers root access to unpatched servers. Serv-U is the company’s self-hosted Windows and Linux file transfer software that comes with both Managed File Transfer (MFT) and FTP server capabilities, enabling organizations to securely exchange files via FTP, FTPS, […]

2 mins read

Grafana releases critical security update for Image Renderer plugin

July 7, 2025July 7, 2025 geekfeed0Tagged Chromium, CVE-2025-5959, CVE-2025-6191, CVE-2025-6192, CVE-2025-6554, Grafana, Grafana Labs, Security Update, Type Confusion, Use After Free, vulnerability

Grafana Labs has addressed four Chromium vulnerabilities in critical security updates for the Grafana Image Renderer plugin and Synthetic Monitoring Agent. Although the issues impact Chromium and were fixed by the open-source project two weeks ago, Grafana received a bug bounty submission from security researcher Alex Chapman proving their exploitability in the Grafana components. Grafana […]

3 mins read

Google fixes fourth actively exploited Chrome zero-day of 2025

July 4, 2025July 4, 2025 geekfeed0Tagged Actively Exploited, CVE-2025-2783, CVE-2025-4664, CVE-2025-6554, google, google chrome, Type Confusion, Zero-Day

Google has released emergency updates to patch another Chrome zero-day vulnerability exploited in attacks, marking the fourth such flaw fixed since the start of the year. “Google is aware that an exploit for CVE-2025-6554 exists in the wild,” the browser vendor said in a security advisory issued on Monday. “This issue was mitigated on 2025-06-26 by a […]

3 mins read

Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day

October 24, 2024October 24, 2024 geekfeed0Tagged 0day, CryptoCurrency, gaming, google chrome, hackers, Lazarus, Lazarus Group, NFT, Type Confusion, Zero-Day

The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. Kaspersky discovered the attacks on May 13, 2024, and reported the Chrome zero-day flaw to Google. Google issued a fix for CVE-2024-4947 on May 25, with Chrome version 125.0.6422.60/.61. Lazarus tank games […]

3 mins read

Google tags a tenth Chrome zero-day as exploited this year

August 27, 2024August 27, 2024 geekfeed0Tagged Actively Exploited, CVE-2024-0519, CVE-2024-2886, CVE-2024-2887, CVE-2024-3159, CVE-2024-4671, CVE-2024-4761, CVE-2024-4947, CVE-2024-5274, google chrome, Type Confusion, Zero-Day

Today, Google revealed that it patched the tenth zero-day exploited in the wild in 2024 by attackers or security researchers during hacking contests. Tracked as CVE-2024-7965 and reported by a security researcher known only as TheDog, the now-patched high-severity vulnerability is caused by a bug in the compiler backend when selecting the instructions to generate for just-in-time (JIT) compilation. Google […]

3 mins read

Google fixes ninth Chrome zero-day exploited in attacks this year

August 22, 2024August 22, 2024 geekfeed0Tagged Actively Exploited, CVE-2024-0519, CVE-2024-2886, CVE-2024-2887, CVE-2024-3159, CVE-2024-4671, CVE-2024-4761, CVE-2024-4947, CVE-2024-5274, google chrome, Type Confusion, Zero-Day

Today, Google released a new Chrome emergency security update to patch a zero-day vulnerability tagged as exploited in attacks. “Google is aware that an exploit for CVE-2024-7971 exists in the wild,” the company said in an advisory published on Wednesday. This high-severity zero-day vulnerability is caused by a type confusion weakness in Chrome’s V8 JavaScript engine. Security researchers with […]

3 mins read