Google Quick Share Bug Bypasses Allow Zero-Click File Transfer

Google addresses patch bypasses for CVE-2024-38272 and CVE-2024-38271, part of the previously announced "QuickShell" silent RCE attack chain against Windows users.

Apr. 4, 2025 Signup

Daily Edition

Today’s news and insights for cybersecurity professionals

- Today's News and Features -

TOP STORY

Google Quick Share Bug Bypasses Allow Zero-Click File Transfer‎‎ Google addresses patch bypasses for CVE-2024-38272 and CVE-2024-38271, part of the previously announced "QuickShell" silent RCE attack chain against Windows users.‎‎ Keep Reading →

China-Linked Threat Group Exploits Ivanti Bug‎‎ The vendor had originally assessed the flaw as low risk but now says it is a critical issue that enables remote code execution.‎‎

Disclosure Drama Clouds CrushFTP Vulnerability Exploitation‎‎ CrushFTP CEO Ben Spink slammed several cybersecurity companies for creating confusion around a critical authentication bypass flaw that's currently under attack.‎‎

Counterfeit Phones Carrying Hidden Revamped Triada Malware‎‎ The malware, first discovered in 2016, has been updated over the years, and the latest version is now hiding in the firmware of counterfeit mobile phones.‎‎

THE EDGE

Emerging Risks Require IT/OT Collaboration to Secure Physical Systems‎ With an increase in cyber-physical attacks that can cause significant disruptions, financial fallout and safety concerns for victim organizations, IT and OT security teams cannot keep working in silos.‎

DR TECHNOLOGY

Runtime Ventures Launches New Fund for Seed, Pre-Seed Startups‎ Co-founders Michael Sutton and David Endler raised $32 million to invest in early stage cybersecurity startups as well as to provide mentoring support.‎

SPONSORED ARTICLE

Why Prevention Is the Silent P in ITDR‎‎ Don't ignore the "silent P" in ITDR: Prevention must be part of any ITDR strategy.‎‎

Read More →

- Commentary -

Opinions from thought leaders around the cybersecurity industry

Social Engineering Just Got Smarter‎‎ Polices that forbid employees from divulging company details are worthless if the same information can be obtained from sources employees have no control over.‎‎

How an Interdiction Mindset Can Help Win War on Cyberattacks‎‎ The US military and law enforcement learned to outthink insurgents. It's time for cybersecurity to learn to outsmart and outmaneuver threat actors with the same framework.‎‎

More Commentary →

- Upcoming Events -

Apr 4, 2025 Unifying Cloud Security: A Blueprint for Modern Threat Resilience

Apr 8, 2025 DPRK's Hidden Insider Workforce: Their Evolving Tactics + Your Strategy to Detect and Defend

Aug 2, 2025 [Conference] Black Hat USA - August 2-7 - Learn More

More Events →

- More Resources -

WHITE PAPER Solution Brief: Introducing the runZero Platform

WHITE PAPER The Definitive Guide to Container Security

WHITE PAPER Delivering Globally Consistent App Performance to the Hybrid Workforce

REPORT How Enterprises Assess Their Cyber-Risk

More Resources →

- Elsewhere in Cyber Today -

TECHTARGET SEARCH SECURITY

4 Ransomware Detection Techniques to Catch an Attack

MALWAREBYTES

QR Codes Sent in Attachments Are the New Favorite for Phishers

LEVELBLUE

CISO: Chief Cybersecurity Warrior Leader

TRUSTWAVE

Strengthening Healthcare Security: Navigating HIPAA’s Latest Cybersecurity Requirements

- Do You Find Today’s Newsletter Helpful? -

Yes Not sure No

You received this message because you are subscribed to Dark Reading's Daily newsletter. If a friend forwarded you this message, sign up here to get it in your inbox. Thoughts about this newsletter? Give us feedback.

Advertise With Us | Privacy Policy | Unsubscribe Copyright © 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. Operated by TechTarget, Inc. and its subsidiaries, 275 Grove Street, Newton, Massachusetts, 02466 US