Home
» Risk & Exploitation
» Daily threat intelligence
» Jan 2, 2024
Jan 2, 2024 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
Spreadsheet::ParseExcel added to CISA KEV — confirmed in-the-wild exploitation.
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2023-7024
Google Chromium WebRTC Heap Buffer Overflow
Actively exploited (CISA KEV)
Listed on CISA KEV
Google Chromium WebRTC Buffer Overflow is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
CVE-2023-48418
Google Pixel Watch Firmware privilege escalation
CVSS 10
Potential privilege escalation to admin/root
New critical Google Pixel Watch Firmware privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2023-48419
Google Home Firmware privilege escalation
CVSS 10
Potential privilege escalation to admin/root
New critical Google Home Firmware privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Spreadsheet::ParseExcel Remote Code Execution
Google Chromium WebRTC Heap Buffer Overflow
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call.
Memory corruption in HLOS while running playready use-case.
Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.
An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the tru...
An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework.
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure...
An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege
Google Nest WiFi Pro root code-execution & user-data compromise
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ekol Informatics Website Template a...
OTCLient is an alternative tibia client for otserv.
View critical disclosures
cvelogic
Threat Intelligence