Microsoft Discloses Critical Bugs Allowing Takeover of NETGEAR Routers

Cybersecurity researchers have detailed critical security vulnerabilities affecting NETGEAR DGN2200v1 series routers, which they say could be reliably abused as a jumping-off point to compromise a network's security and gain unfettered access. The three HTTPd authentication security weaknesses (CVSS scores: 7.1 – 9.4) impact routers running firmware versions prior to v1.0.0.60, and have since

Hacker Wanted in the U.S. for Spreading Gozi Virus Arrested in Colombia

Colombian authorities on Wednesday said they have arrested a Romanian hacker who is wanted in the U.S. for distributing a virus that infected more than a million computers from 2007 to 2012. Mihai Ionut Paunescu (aka "Virus"), the individual in question, was detained at the El Dorado airport in Bogotá, the Office of the Attorney General of Colombia said. <!--adsense--> Paunescu was previously

Authorities Seize DoubleVPN Service Used by Cybercriminals

A coordinated international law enforcement operation resulted in the takedown of a VPN service called DoubleVPN for providing a safe haven for cybercriminals to cover their tracks. "On 29th of June 2021, law enforcement took down DoubleVPN," the agencies said in a seizure notice splashed on the now-defunct site. "Law enforcement gained access to the servers of DoubleVPN and seized personal

[Webinar] How Cyber Attack Groups Are Spinning a Larger Ransomware Web

Organizations today already have an overwhelming number of dangers and threats to look out for, from spam to phishing attempts to new infiltration and ransomware tactics. There is no chance to rest, since attack groups are constantly looking for more effective means of infiltrating and infecting systems. Today, there are hundreds of groups devoted to infiltrating almost every industry,

Common Facebook scams and how to avoid them

Are you on Facebook? So are scammers. Here are some of the most common con jobs on Facebook you should watch out for and how you can tell if you’re being scammed.

The post Common Facebook scams and how to avoid them appeared first on WeLiveSecurity

Data for 700 million LinkedIn users up for grabs on hacker forum

Information scraped from LinkedIn user profiles includes full names, gender, email addresses and phone numbers

The post Data for 700 million LinkedIn users up for grabs on hacker forum appeared first on WeLiveSecurity

Universal XSS Vulnerability In Microsoft Edge

A serious universal cross-site scripting (XSS) vulnerability existed in the Microsoft Edge browser. Microsoft Edge…

Universal XSS Vulnerability In Microsoft Edge on Latest Hacking News.

What is HDFS? Its architecture and its features

Are you a Data Practitioner working in the Big Data space? Do you want to…

What is HDFS? Its architecture and its features on Latest Hacking News.

Researchers Leak PoC Exploit for a Critical Windows RCE Vulnerability

A proof-of-concept (PoC) exploit related to a remote code execution vulnerability affecting Windows Print Spooler and patched by Microsoft earlier this month was briefly published online before being taken down. Identified as CVE-2021-1675, the security issue could grant remote attackers full control of vulnerable systems. Print Spooler manages the printing process in Windows, including loading

GitHub Launches 'Copilot' — AI-Powered Code Completion Tool

GitHub on Tuesday launched a technical preview of a new AI-powered pair programming tool that aims to help software developers write better code across a variety of programming languages, including Python, JavaScript, TypeScript, Ruby, and Go. Copilot, as the code synthesizer is called, has been developed in collaboration with OpenAI, and leverages Codex, a new AI system that's trained on

Why Cloud-Based Phone Systems Are the Best Choice for Small Businesses

With the promise of seamless implementation, ease of remote access, cost-saving, and increased productivity, everything…

Why Cloud-Based Phone Systems Are the Best Choice for Small Businesses on Latest Hacking News.

A Legit Free Decryptor For Lorenz Ransomware

Researchers have come up with a fix for how to decrypt lorenz ransomware for free.…

A Legit Free Decryptor For Lorenz Ransomware on Latest Hacking News.

How to Recover Lost Files after Virus Attack

For computer users, the worst thing that can ever happen to them is a virus…

How to Recover Lost Files after Virus Attack on Latest Hacking News.

Unpatched Virtual Machine Takeover Bug Affects Google Compute Engine

An unpatched security vulnerability affecting Google's Compute Engine platform could be abused by an attacker to take over virtual machines over the network. "This is done by impersonating the metadata server from the targeted virtual machine's point of view," security researcher Imre Rad said in an analysis published Friday. "By mounting this exploit, the attacker can grant access to themselves

In Memoriam: John McAfee

What was it like to work for, and be friends with, the larger-than-life technology entrepreneur back when he helped shape the computer security industry?

The post In Memoriam: John McAfee appeared first on WeLiveSecurity

New API Lets App Developers Authenticate Users via SIM Cards

Online account creation poses a challenge for engineers and system architects: if you put up too many barriers, you risk turning away genuine users. Make it too easy, and you risk fraud or fake accounts. The Problem with Identity Verification The traditional model of online identity – username/email and password – has long outlived its usefulness. This is how multi-factor or two-factor

Google now requires app developers to verify their address and use 2FA

Google on Monday announced new measures for the Play Store, including requiring developer accounts to turn on 2-Step Verification (2SV), provide an address, and verify their contact details later this year. The new identification and two-factor authentication requirements are a step towards strengthening account security and ensuring a safe and secure app marketplace, Google Play Trust and

Tips to Improve Cybersecurity Amidst Cyber Physical Attack

A cyber-physical attack is an example of a security breach in cyberspace that impacts the…

Tips to Improve Cybersecurity Amidst Cyber Physical Attack on Latest Hacking News.

Vulnerabilities In Dell SupportAssist Could Allow Flashing BIOS

Security vulnerabilities in the Dell SupportAssist program potentially risked millions of devices globally. Exploiting the…

Vulnerabilities In Dell SupportAssist Could Allow Flashing BIOS on Latest Hacking News.

Grupo Fleury Medical Facility, French Connect Fashion Brand Suffered Ransomware Attack

The largest medical diagnostic facility in Brazil, Grupo Fleury, has allegedly suffered a ransomware attack.…

Grupo Fleury Medical Facility, French Connect Fashion Brand Suffered Ransomware Attack on Latest Hacking News.

Microsoft Edge Bug Could've Let Hackers Steal Your Secrets for Any Site

Microsoft last week rolled out updates for the Edge browser with fixes for two security issues, one of which concerns a security bypass vulnerability that could be exploited to inject and execute arbitrary code in the context of any website. Tracked as CVE-2021-34506 (CVSS score: 5.4), the weakness stems from a universal cross-site scripting (UXSS) issue that's triggered when automatically

Surfshark Review: A Robust Online Privacy Solution

While having a VPN today is a must-have for all internet users, getting one without…

Surfshark Review: A Robust Online Privacy Solution on Latest Hacking News.

NordVPN Review – A Trusted Provider Offering The Best Speeds

Given the rising instances of cyber-attacks, increasing cyber-surveillance, and aggressive online tracking for data mining,…

NordVPN Review – A Trusted Provider Offering The Best Speeds on Latest Hacking News.

Poltergeist Attack Targets Self-Driving Cars, Blinding Them Via Audio Signals

Researchers have found another way to disrupt  autonomous vehicles. This time, the strategy is to…

Poltergeist Attack Targets Self-Driving Cars, Blinding Them Via Audio Signals on Latest Hacking News.

Hackers Trick Microsoft Into Signing Netfilter Driver Loaded With Rootkit Malware

Microsoft on Friday said it's investigating an incident wherein a driver signed by the company turned out to be a malicious Windows rootkit that was observed communicating with command-and-control (C2) servers located in China. The driver, called "Netfilter," is said to target gaming environments, specifically in the East Asian country, with the Redmond-based firm noting that "the actor's goal

DMARC: The First Line of Defense Against Ransomware

There has been a lot of buzz in the industry about ransomware lately. Almost every other day, it's making headlines. With businesses across the globe holding their breath, scared they might fall victim to the next major ransomware attack, it is now time to take action. The FBI IC3 report of 2020 classified Ransomware as the most financially damaging cybercrime of the year, with no major

Cisco ASA Flaw Under Active Attack After PoC Exploit Posted Online

A security vulnerability in Cisco Adaptive Security Appliance (ASA) that was addressed by the company last October and again earlier this April, has been subjected to active in-the-wild attacks following the release of proof-of-concept (PoC) exploit code. The PoC was published by researchers from cybersecurity firm Positive Technologies on June 24, following which reports emerged that attackers

SolarWinds Hackers Breach Microsoft Customer Support to Target its Customers

In yet another sign that the Russian hackers who breached SolarWinds network monitoring software to compromise a slew of entities never really went away, Microsoft said the threat actor behind the malicious cyber activities used password spraying and brute-force attacks in an attempt to guess passwords and gain access to its customer accounts. "This recent activity was mostly unsuccessful, and

No more hide and seek with the Magento 2 Elasticsearch module

What do you think the most important elements of an internet store are? This is,…

No more hide and seek with the Magento 2 Elasticsearch module on Latest Hacking News.

How to Do a Successful Reverse Phone Lookup?

Reverse phone lookup is a standard clause that allows anyone to look up their name,…

How to Do a Successful Reverse Phone Lookup? on Latest Hacking News.

The Common Reasons Behind Hacking-What Motivates them to do it?

It is expected that around 75 billion devices will be connected to the internet by…

The Common Reasons Behind Hacking-What Motivates them to do it? on Latest Hacking News.

How to Protect Yourself Online when Browsing the Dark Web?

If you are a modern-day Internet user, you must be aware of the difference between…

How to Protect Yourself Online when Browsing the Dark Web? on Latest Hacking News.

Brave Browser Launches a Beta Version of Their New Search Engine

The developers behind the popular privacy-focused browser Brave have now launched Brave Search. This search…

Brave Browser Launches a Beta Version of Their New Search Engine on Latest Hacking News.

Week in security with Tony Anscombe

Telling state-backed hackers apart from cybercriminals – How to check if a website is safe – Gaming firms plagued by cyberattacks amid the pandemic

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Google Extends Support for Tracking Party Cookies Until 2023

Google's sweeping proposals to deprecate third-party cookies in Chrome browser is going back to the drawing board after the company announced plans to delay the rollout from early 2022 to late 2023, pushing back the project by nearly two years. "While there's considerable progress with this initiative, it's become clear that more time is needed across the ecosystem to get this right," Chrome's

Gaming industry under siege from cyberattacks during pandemic

Cyberattacks targeting the gaming industry skyrocket, with web attacks more than tripling year-on-year in 2020

The post Gaming industry under siege from cyberattacks during pandemic appeared first on WeLiveSecurity

Watch Out! Zyxel Firewalls and VPNs Under Active Cyberattack

Taiwanese networking equipment company Zyxel is warning customers of an ongoing attack targeting a "small subset" of its security products such as firewall and VPN servers. Attributing the attacks to a "sophisticated threat actor," the firm noted that the attacks single out appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running

Crackonosh virus mined $2 million of Monero from 222,000 hacked computers

A previously undocumented Windows malware has infected over 222,000 systems worldwide since at least June 2018, yielding its developer no less than 9,000 Moneros ($2 million) in illegal profits. Dubbed "Crackonosh," the malware is distributed via illegal, cracked copies of popular software, only to disable antivirus programs installed in the machine and install a coin miner package called XMRig

FIN7 Supervisor Gets 7-Year Jail Term for Stealing Millions of Credit Cards

A Ukrainian national and a mid-​level supervisor of the hacking group known as FIN7 has been sentenced to seven years in prison for his role as a "pen tester" and perpetuating a criminal scheme that enabled the gang to compromise millions of customers debit and credit cards. Andrii Kolpakov, 33, was arrested in Spain on June 28, 2018, and subsequently extradited to the U.S. the following year on

Clop Gang Members Laundered $500 Million in Ransomware Payments

The cybercrime ring that was apprehended last week in connection with Clop (aka Cl0p) ransomware attacks against dozens of companies in the last few months helped launder money totaling $500 million for several malicious actors through a plethora of illegal activities. "The group — also known as FANCYCAT — has been running multiple criminal activities: distributing cyber attacks; operating a

A Weird Bug That Breaks iPhone WiFi Functionality

A strange vulnerability has surfaced online that affects Apple iPhones. This weird bug can disable…

A Weird Bug That Breaks iPhone WiFi Functionality on Latest Hacking News.

Brave launches its own, privacy‑focused search engine

The Brave Search engine takes on Google, promising to let users surf the web without leaving a trace

The post Brave launches its own, privacy‑focused search engine appeared first on WeLiveSecurity

BIOS Disconnect: New High-Severity Bugs Affect 128 Dell PC and Tablet Models

Cybersecurity researchers on Thursday disclosed a chain of vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS that could be abused by a privileged network adversary to gain arbitrary code execution at the BIOS/UEFI level of the affected device. "As the attacker has the ability to remotely execute code in the pre-boot environment, this can be used to subvert the operating

Reduce Business Risk By Fixing 3 Critical Endpoint-to-Cloud Security Requirements

Enterprise applications used to live securely in data centers and office employees connected to internal networks using company-managed laptops or desktops. And data was encircled by a walled perimeter to keep everything safe. All that changed in the last 18 months. Businesses and employees had to adapt quickly to cloud technology and remote work. The cloud gave businesses the agility to respond

One-Click Exploit Could Have Let Attackers Hijack Any Atlassian Account

Cybersecurity researchers on Wednesday disclosed critical flaws in the Atlassian project and software development platform that could be exploited to take over an account and control some of the apps connected through its single sign-on (SSO) capability. "With just one click, an attacker could have used the flaws to get access to Atlassian's publish Jira system and get sensitive information,

Multiple Critical Vulnerabilities Affected “My Lenovo” Digital Assets

Some critical security vulnerabilities existed in the “my Lenovo” digital assets. Exploiting these vulnerabilities could…

Multiple Critical Vulnerabilities Affected “My Lenovo” Digital Assets on Latest Hacking News.

Critical Auth Bypass Bug Affects VMware Carbon Black App Control

VMware has rolled out security updates to resolve a critical flaw affecting Carbon Black App Control that could be exploited to bypass authentication and take control of vulnerable systems. The vulnerability, identified as CVE-2021-21998, is rated 9.4 out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and affects App Control (AppC) versions 8.0.x, 8.1.x,

Antivirus Pioneer John McAfee Found Dead in Spanish Jail

Controversial mogul and antivirus pioneer John McAfee on Wednesday died by suicide in a jail cell in Barcelona, hours after reports that he would be extradited to face federal charges in the U.S. McAfee was 75. He is said to have died by hanging "as his nine months in prison brought him to despair," according to McAfee's lawyer Javier Villalba, Reuters reported. Security personnel at the Brians

Why People Use Traffic Monitoring Cameras And Why You Should Too

People drive on the road every day, but only a few realize exactly how road…

Why People Use Traffic Monitoring Cameras And Why You Should Too on Latest Hacking News.

What To Watch For When Choosing A VPN

A VPN is one way of protecting your privacy and data while on the internet…

What To Watch For When Choosing A VPN on Latest Hacking News.

Pakistan-linked hackers targeted Indian power company with ReverseRat

A threat actor with suspected ties to Pakistan has been striking government and energy organizations in the South and Central Asia regions to deploy a remote access trojan on compromised Windows systems, according to new research. "Most of the organizations that exhibited signs of compromise were in India, and a small number were in Afghanistan," Lumen's Black Lotus Labs said in a Tuesday

How to tell if a website is safe

It can be difficult to tell a legitimate website apart from an unsafe one – follow these steps to identify and protect yourself from bad websites

The post How to tell if a website is safe appeared first on WeLiveSecurity

[Whitepaper] Automate Your Security with Cynet to Protect from Ransomware

It seems like every new day brings with it a new ransomware news item – new attacks, methods, horror stories, and data being leaked. Ransomware attacks are on the rise, and they've become a major issue for organizations across industries. A recent report estimated that by 2031, ransomware attacks would cost the world over $260 billion. A new whitepaper from XDR provider Cynet demonstrates how

Patch Tor Browser Bug to Prevent Tracking of Your Online Activities

Open-source Tor browser has been updated to version 10.0.18 with fixes for multiple issues, including a privacy-defeating bug that could be used to uniquely fingerprint users across different browsers based on the apps installed on a computer. In addition to updating Tor to 0.4.5.9, the browser's Android version has been upgraded to Firefox to version 89.1.1, alongside incorporating patches

Russia Banned VyprVPN, Opera VPN Labeling Them “Threats” To The Russian Laws

Russia has recently banned the popular VPN services VyprVPN and Opera VPN, classifying them as…

Russia Banned VyprVPN, Opera VPN Labeling Them “Threats” To The Russian Laws on Latest Hacking News.

SonicWall Left a VPN Flaw Partially Unpatched Amidst 0-Day Attacks

A critical vulnerability in SonicWall VPN appliances that was believed to have been patched last year has been now found to be "botched," with the company leaving a memory leak flaw unaddressed, until now, that could permit a remote attacker to gain access to sensitive information. The shortcoming was rectified in an update rolled out to SonicOS on June 22.  Tracked as CVE-2021-20019 (CVSS score

Unpatched Supply-Chain Flaw Affects 'Pling Store' Platforms for Linux Users

Cybersecurity researchers have disclosed a critical unpatched vulnerability affecting Pling-based free and open-source software (FOSS) marketplaces for Linux platform that could be potentially abused to stage supply chain attacks and achieve remote code execution (RCE). "Linux marketplaces that are based on the Pling platform are vulnerable to a wormable [cross-site scripting] with potential for

Serious XSS Vulnerability In Wire App Could Allow Account Takeover

A serious security vulnerability could have affected Wire messenger users. Reportedly a cross-site scripting (XSS)…

Serious XSS Vulnerability In Wire App Could Allow Account Takeover on Latest Hacking News.

New MASQ Tool Spoofs Device Fingerprints Allowing Attackers To Bypass Security Checks

A new hacking tool may threaten security approaches as it lands on the dark web.…

New MASQ Tool Spoofs Device Fingerprints Allowing Attackers To Bypass Security Checks on Latest Hacking News.

Wormable DarkRadiation Ransomware Targets Linux and Docker Instances

Cybersecurity researchers have disclosed a new ransomware strain called "DarkRadiation" that's implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control (C2) communications. "The ransomware is written in Bash script and targets Red Hat/CentOS and Debian Linux distributions," researchers from Trend Micro said in

NVIDIA Jetson Chipsets Found Vulnerable to High-severity Flaws

U.S. graphics chip specialist NVIDIA has released software updates to address a total of 26 vulnerabilities impacting its Jetson system-on-module (SOM) series that could be abused by adversaries to escalate privileges and even lead to denial-of-service and information disclosure. <!--adsense--> Tracked from CVE‑2021‑34372 through CVE‑2021‑34397, the flaws affect products Jetson TX1, TX2 series,

Google Launched End-to-End Encryption To Android Messages App For All Users

Google has recently rolled out end-to-end encryption to all the users of the Android Messages…

Google Launched End-to-End Encryption To Android Messages App For All Users on Latest Hacking News.

5 Critical Steps to Recovering From a Ransomware Attack

Hackers are increasingly using ransomware as an effective tool to disrupt businesses and fund malicious activities. A recent analysis by cybersecurity company Group-IB revealed ransomware attacks doubled in 2020, while Cybersecurity Venture predicts that a ransomware attack will occur every 11 seconds in 2021. Businesses must prepare for the possibility of a ransomware attack affecting their

Tips to Strengthen Cybersecurity when Living in a Condo

As we advance into a world where technology is essential to our daily lives, we…

Tips to Strengthen Cybersecurity when Living in a Condo on Latest Hacking News.

State‑sponsored or financially motivated: Is there any difference anymore?

What does the increasingly fuzzy line between traditional cybercrime and attacks attributed to state-backed groups mean for the future of the threat landscape?

The post State‑sponsored or financially motivated: Is there any difference anymore? appeared first on WeLiveSecurity

DroidMorph Shows Popular Android Antivirus Fail to Detect Cloned Malicious Apps

A new research published by a group of academics has found that anti-virus programs for Android continue to remain vulnerable against different permutations of malware, in what could pose a serious risk as malicious actors evolve their toolsets to better evade analysis. "Malware writers use stealthy mutations (morphing/obfuscations) to continuously develop malware clones, thwarting detection by

Peloton Bike+ Vulnerability Could Allow Full Device Control To An Attacker

Heads up, Peloton customers! A security vulnerability in the Peloton Bike+ could allow an attacker…

Peloton Bike+ Vulnerability Could Allow Full Device Control To An Attacker on Latest Hacking News.

An Instagram Vulnerability Could Allow Viewing Users’ Private, Archived Posts

A serious security vulnerability in the Instagram platform potentially exposed users’ private posts and stories…

An Instagram Vulnerability Could Allow Viewing Users’ Private, Archived Posts on Latest Hacking News.

Beware! Connecting to This Wireless Network Can Break Your iPhone's Wi-Fi Feature

A wireless network naming bug has been discovered in Apple's iOS operating system that effectively disables an iPhone's ability to connect to a Wi-Fi network. The issue was spotted by security researcher Carl Schou, who found that the phone's Wi-Fi functionality gets permanently disabled after joining a Wi-Fi network with the unusual name "%p%s%s%s%s%n" even after rebooting the phone or changing

Week in security with Tony Anscombe

5 steps to take to minimize damage from a ransomware attack – The double-edged sword of OSINT – Watch out for vishing scams

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

North Korea Exploited VPN Flaw to Hack South's Nuclear Research Institute

South Korea's state-run Korea Atomic Energy Research Institute (KAERI) on Friday disclosed that its internal network was infiltrated by suspected attackers operating out of its northern counterpart. The intrusion is said to have taken place on May 14 through a vulnerability in an unnamed virtual private network (VPN) vendor and involved a total of 13 IP addresses, one of which — "27.102.114[.]89

Cyber espionage by Chinese hackers in neighbouring nations is on the rise

A string of cyber espionage campaigns dating all the way back to 2014 and focused on gathering military intelligence from neighbouring countries have been linked to a Chinese military-intelligence apparatus. In a wide-ranging report published by Massachusetts-headquartered Recorded Future this week, the cybersecurity firm's Insikt Group said it identified ties between a group it tracks as "

Russia bans VyprVPN, Opera VPN services for not complying with blacklist request

Russia's telecommunications and media regulator Roskomnadzor (RKN) on Thursday introduced restrictions on the operation of VyprVPN and Opera VPN services in the country. "In accordance with the regulation on responding to threats to circumvent restrictions on access to child pornography, suicidal, pro-narcotic and other prohibited content, restrictions on the use of VPN services VyprVPN and

Apple Patched Two WebKit Zero-Day Bugs In Out-of-Band Updates

Apple has recently fixed two zero-day bugs affecting its WebKit component. Exploiting the vulnerabilities could…

Apple Patched Two WebKit Zero-Day Bugs In Out-of-Band Updates on Latest Hacking News.

5 essential things to do before ransomware strikes

By failing to prepare you are preparing to fail – here’s what you can do today to minimize the impact of a potential ransomware attack in the future

The post 5 essential things to do before ransomware strikes appeared first on WeLiveSecurity

FUJIFILM Ransomware Attack Update: Company Confirms Normal Service Restoration

Following a disruptive ransomware attack, FUJIFILM confirms service restoration for customers and business partners. The…

FUJIFILM Ransomware Attack Update: Company Confirms Normal Service Restoration on Latest Hacking News.

Google Releases New Framework to Prevent Software Supply Chain Attacks

As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications.  Called "Supply chain Levels for Software Artifacts" (SLSA, and pronounced "salsa"), the end-to-end framework aims to secure the software development and

[eBook] 7 Signs You Might Need a New Detection and Response Tool

It's natural to get complacent with the status quo when things seem to be working. The familiar is comfortable, and even if something better comes along, it brings with it many unknowns. In cybersecurity, this tendency is countered by the fast pace of innovation and how quickly technology becomes obsolete, often overnight. This combination usually results in one of two things – organizations

Update‌ ‌Your Chrome Browser to Patch Yet Another 0-Day Exploit‌ed ‌in‌-the‌-Wild

Google has rolled out yet another update to Chrome browser for Windows, Mac, and Linux to fix four security vulnerabilities, including one zero-day flaw that's being exploited in the wild. Tracked as CVE-2021-30554, the high severity flaw concerns a use after free vulnerability in WebGL (aka Web Graphics Library), a JavaScript API for rendering interactive 2D and 3D graphics within the browser.