Home 2017-08-28T17:57:09+05:30

CVE-2024-30052: RCE vulnerability in Visual Studio via dump files

A researcher identified a method to exploit Visual Studio by executing arbitrary code during the debugging of managed dump files, without needing memory corruption or specific PDB file components. By [...]

WarmCookie malware spreads via fake update campaign in France

FakeUpdate, a fake browser update scam, is now targeting users in France, aiming to deploy the WarmCookie backdoor malware. FakeUpdate Spreads WarmCookie as Chrome, Edge Updates Researchers at Gen Threat [...]

Perfctl malware targets millions of Linux servers

Perfctl, a stealthy malware, is actively targeting millions of Linux servers worldwide. Discovered by Aqua Nautilus researchers, it exploits over 20,000 different server misconfigurations. This campaign has been ongoing for [...]

Arc Browser Launches Bug Bounty Program After RCE Vulnerability

The Browser Company has launched a Bug Bounty Program for its Arc Browser after quickly resolving a remote code execution (RCE) vulnerability, as announced by CEO Josh, highlighting their commitment [...]

PoC exploit out for Microsoft Office 0-day, CVE-2024-38200

A PoC exploit for the Microsoft Office vulnerability CVE-2024-38200 has been released, allowing attackers to capture NTLMv2 hashes. This flaw affects Office 2016, 2019, LTSC 2021, and Microsoft 365 Apps [...]

By | October 4th, 2024|BOTNET, Compromised, Exploitation, Microsoft, vulnerability, Zero Day Attack|0 Comments

Chrome vulnerabilities enable attackers to run arbitrary code

Google released a Chrome update fixing critical vulnerabilities that could allow arbitrary code execution. Version 129.0.6668.89/.90 is now available for Windows, Mac, and Linux. All about the chrome vulnerabilities Three [...]

New XWorm variant spreads via Windows script files

XWorm is a malware known for its obfuscation techniques and ability to evade detection, posing a significant cybersecurity threat. NetSkope recently found a new variant delivered via a Windows script [...]

Hackers targeting Docker Swarm, Kubernetes, and SSH servers in large-scale attacks

Hackers are exploiting Docker Swarm, Kubernetes, and SSH servers, targeting Docker API vulnerabilities as the entry point in a widespread malware campaign, according to DataDog researchers. Large-Scale Server Exploits Threat [...]

Linux CUPS has multiple vulnerabilities that allow remote code execution

Developers of the Linux printing system CUPS recently disclosed several vulnerabilities that could allow attackers to execute arbitrary code. Although these flaws require specific conditions to be exploited, their high [...]

GorillaBot reigns as DDoS king with 300,000+ commands

The newly emerged Gorilla Botnet has launched over 300,000 DDoS attacks across 100+ countries from September 4 to 27. A modified version of Mirai, it supports multiple CPU architectures and [...]

North Korean Hackers Tried to Steal Military Data

Diehl Defence anti-aircraft missiles are successfully intercepting Russian attacks on Kyiv, with a 100% hit rate. Germany also plans to install these systems on three new government aircraft for missile [...]

HTML smuggling enables hackers to deliver convincing phishing attacks

Phishing attackers used an HTML smuggling technique to deliver malware. The attack began with a phishing email that looked like an American Express notification, leading to several redirects. The last [...]

NIST Recommends New Password Security Rules

NIST released new password security guidelines in Special Publication 800-63B, improving cybersecurity and user experience. One of the key changes in NIST’s guidelines is their view on password complexity. Instead [...]

By | September 27th, 2024|Internet Security, Security Advisory, Security Update, Tips|0 Comments

Watch out for fake “verify you’re human” prompts that can deliver malware

CAPTCHAs, or Completely Automated Public Turing tests, are used online to verify users are human, not bots. They usually present challenges like distorted text, image recognition tasks, or audio prompts [...]

TeamViewer Privilege Escalation Vulnerability

A critical vulnerability in TeamViewer’s Windows Remote client, CVE-2024-7479 and CVE-2024-7481, allows attackers to elevate privileges on affected systems across various versions. TeamViewer Vulnerability Flaw The vulnerability in TeamViewer arises [...]

Google Warns of North Korean IT Workers Infiltrating U.S. Workforce

Recently, Google alerted organizations about North Korean IT workers acting on behalf of hackers. Organizations today face rising cybersecurity threats that can cause major financial and reputational harm. Cybersecurity entails [...]

By | September 26th, 2024|google, Internet Security, Security Advisory, Security Update, Tips|0 Comments

0-day flaws in Automated Tank Gauge systems threaten critical infrastructure.

Researchers at BitSight TRACE found multiple 0-day vulnerabilities in ATG systems used to manage fuel storage tanks, posing risks to public safety and economic stability. These flaws could lead to [...]

Cisco Smart Licensing Vulnerability Allows Attackers to Control Devices

Cisco revealed a critical vulnerability, CVE-2024-20439, in its Smart Licensing Utility, allowing unauthorized access due to a hardcoded static password found by an independent researcher. CVE-2024-20439 This vulnerability mainly affects [...]

macOS Sequoia update disrupts multiple security tools

Apple’s macOS 15 Sequoia update has broken several key security tools, sparking user frustration across social media and Mac developer forums. macOS Sequoia Update The release of macOS Sequoia has [...]

By | September 24th, 2024|Internet Security, MacOS, Security Advisory, Security Update|0 Comments

Fake CAPTCHA sites install Lumma Stealer malware

A new malware campaign is gaining traction online, using fake CAPTCHA sites to trick users into installing Lumma Stealer (also known as Lumma C2). Users are asked to press specific [...]

Disney to End Use of Slack After Hack Exposes Company Data

The Walt Disney Company will stop using Slack for internal communication following a hack that leaked over a terabyte of company data. In a memo to employees, Disney CFO Hugh [...]

By | September 23rd, 2024|Compromised, Exploitation, Security Advisory, Security Update|0 Comments

MediaTek Wi-Fi Zero-Click RCE Vulnerability

A critical 0-click RCE vulnerability (CVE-2024-20017) in MediaTek Wi-Fi 6 chipsets, used by devices like Ubiquiti, Xiaomi, and Netgear, allows remote attacks without user interaction. CVE-2024-20017 The vulnerability is located [...]

By | September 23rd, 2024|RCE Flaw, Security Advisory, Security Update, vulnerability, Zero Day Attack|0 Comments

Hacker stole data from Federal Bank customers

A threat actor has allegedly claimed a breach of Federal Bank, exposing sensitive data of hundreds of thousands of customers. ThreatMon first reported the breach on X, quickly drawing attention [...]

New macOS malware allows attackers to control devices remotely

HZ RAT, a remote access trojan (RAT) that has targeted Windows devices since 2020, has recently been upgraded to also attack Mac users. A RAT allows attackers to gain remote [...]

Threat actors claim to have compromised Dell’s employee database

A hacking group has claimed responsibility for breaching the Dell employee database, asserting access to sensitive information of around 10,800 employees and partners on a prominent hacking forum. The breach [...]

By | September 20th, 2024|BOTNET, Compromised, Exploitation, Security Advisory, Security Update, Tips|0 Comments

CISA Issues Six Advisories for Industrial Control Systems

CISA has issued six advisories highlighting vulnerabilities in various industrial control systems. The advisories cover: Rockwell Automation’s RSLogix 5 and RSLogix 500 software, which are widely used for programming and [...]

By | September 20th, 2024|Internet Security, Security Advisory, Security Update, Tips, vulnerability|0 Comments

Researchers Uncover Raptor Train Botnet with 60,000+ Devices

Researchers discovered a large Chinese state-sponsored IoT botnet, "Raptor Train," which compromised over 200,000 SOHO and IoT devices. Operated by Flax Typhoon, the botnet uses a sophisticated control system called [...]

Threat Actor Claims to Be Selling Bharat Petroleum Database

A threat actor is reportedly selling a database from Bharat Petroleum Corporation Limited (BPCL). DarkWebInformer first reported this on X, raising serious cybersecurity concerns for the corporation and its stakeholders. [...]

By | September 18th, 2024|BOTNET, Compromised, Exploitation, Security Advisory, Security Update|0 Comments

Scams and Fake Websites during Amazon Prime Day

Amazon Prime Day scams refer to fraudulent schemes that exploit the retailer's sell-off day. While the event is a big opportunity for retailers, scammers also use it to target unsuspecting [...]

Apple releases iOS 18, fixing 32 security vulnerabilities

Apple has released iOS 18, fixing 32 security vulnerabilities. The update is available for iPhone XS and later, along with iPad Pro (13-inch, 12.9-inch 3rd gen and newer), iPad Pro [...]

By | September 18th, 2024|Apple, Security Advisory, Security Update|0 Comments

North Korean hackers spread RustDoor Malware on LinkedIn

North Korean hackers are targeting LinkedIn users with advanced malware called RustDoor. This highlights the growing use of social engineering by state-sponsored groups, particularly from North Korea, on professional networking [...]

By | September 17th, 2024|malicious cyber actors, Malware, Security Advisory, Security Update|0 Comments

Hackers leverage Selenium Grid for malicious activity

Threat actors are exploiting Selenium Grid's default lack of authentication in two active campaigns, deploying exploit kits, cryptominers, and proxyjackers. All about Selenium Grid Tool Selenium Grid's widespread adoption among [...]

Critical Vulnerabilities Impact Millions of D-Link Routers — Patch Now!

Millions of D-Link routers are vulnerable to critical security flaws. Urgent firmware updates have been released, and users are advised to patch their devices immediately to prevent exploitation. CVE-2024-45694-Stack-based Buffer [...]

Windows MSHTML zero-day actively exploited

Adobe's September 2024 updates fixed 28 vulnerabilities, including a critical ColdFusion flaw (CVSS 9.8). Other affected products include Photoshop, Illustrator, Premiere Pro, After Effects, Audition, and Media Encoder. These updates [...]

Apache Patches Critical OFBiz RCE Vulnerability

Hackers are exploiting a critical Apache OFBiz vulnerability (CVE-2024-45195) that allows unauthenticated remote code execution, threatening organizations using OFBiz. Apache OFBiz Flaw- CVE-2024-45195 The CVE-2024-45195 vulnerability results from missing view [...]

Kali Linux 2024.3 Launches with New Hacking Tools

Kali Linux 2024.3, the latest version of Offensive Security's Debian-based distribution for ethical hacking, has been released. This update introduces 11 new tools and includes key behind-the-scenes improvements. The Kali [...]

By | September 13th, 2024|Security Advisory, Security Update, Tips|0 Comments

New Loki Backdoor Targets macOS Systems

Cody Thomas created Apfell in 2018, an open-source macOS post-exploitation framework that later evolved into Mythic, a cross-platform framework addressing the limits of existing tools. Loki Backdoor Mythic offers a [...]

By | September 12th, 2024|Backdoor, Internet Security, MacOS, Malware, Security Advisory, Security Update|0 Comments

New Android Spyware Posing as TV Streaming App Steals Data

Recent research has uncovered new Android Spyware targeting mnemonic keys, vital for cryptocurrency wallet recovery. Disguised as legitimate apps, the malware scans devices for images containing mnemonic phrases and steals [...]

By | September 12th, 2024|Android malware, Malware, Security Advisory, Security Update, spyware|0 Comments

CosmicBeetle Targets SMBs Worldwide Using Old Vulnerabilities

Hackers target SMBs because they often have weaker security and lack cybersecurity awareness. Without regular security audits or incident response plans, SMBs become easy targets for attackers exploiting vulnerabilities. CosmicBeetle [...]

Zyxel NAS Devices Prone to Command Injection Attacks

Zyxel released critical hotfixes to fix a command injection vulnerability in two of its NAS products, NAS326 and NAS542. Although these devices are no longer supported for vulnerabilities, they remain [...]

By | September 10th, 2024|BOTNET, Internet Security, Security Advisory, Security Update, vulnerability|0 Comments

Hackers Exploit GeoServer RCE to Deploy Malware

Fortinet researchers found that hackers are exploiting the GeoServer RCE vulnerability, tracked as CVE-2024-36401, to deploy malware.CVE-2024-36401 is a critical flaw with a CVSS score of 9.8, caused by poor [...]

Vulnerabilities in IBM WebSphere Integration Server could let attackers execute commands.

Critical vulnerabilities have been found that could let attackers execute commands on systems. These issues, listed in the Common Vulnerabilities and Exposures (CVE) system, pose serious risks and need urgent [...]

By | September 9th, 2024|Tips, vulnerability|0 Comments

Akira Ransomware Targets SonicWall Firewall RCE Flaw

SonicWall revealed a critical RCE vulnerability (CVE-2024-40766) in SonicOS on August 22, 2024. Initially, no exploitation was reported, but by September 6, active attacks were detected. This flaw allows attackers [...]

By | September 9th, 2024|Ransomware, RCE Flaw, Security Advisory, Security Update, vulnerability|0 Comments

Predator Spyware leverages “one-click” and “zero-click” exploits

Recent research shows Predator spyware has resurfaced with improved evasion techniques, despite US sanctions. It's still active in countries like the DRC and Angola, targeting high-profile individuals with harder-to-track infrastructure, [...]

By | September 6th, 2024|Exploitation, Malware, Security Advisory, Security Update, spyware, vulnerability|0 Comments

Lazarus Hackers Targeting Job Seekers with JavaScript Malware

Lazarus Group, a notorious North Korean-linked hacker group active since 2010, has intensified its attacks in 2024. Group-IB researchers found Lazarus abusing Contagious Interview campaigns using BeaverTail malware and the [...]

ToddyCat APT Exploits SMB and IKEEXT RCE to Deploy ICMP Backdoor

ToddyCat is an APT group active since December 2020, targeting government and military entities in Europe and Asia. Known for sophisticated cyber-espionage, Kaspersky Lab found ToddyCat exploiting SMB, IKEEXT, and [...]

New Emansrepo Malware Targets Windows via HTML Files

Emansrepo, a Python infostealer, is spread through phishing emails with fake purchase orders. The attack has evolved, now involving multiple stages. Stolen data is zipped and sent to the attacker, [...]

RCE Vulnerability in D-Link WAP Allows Remote Access by Attackers

The D-Link DAP-2310 Wireless Access Point is vulnerable to remote code execution, allowing attackers to gain unauthorized remote access. Discovered by Dark Wolf Solutions, this guide covers the details of [...]

By | September 3rd, 2024|BOTNET, Exploitation, Security Advisory, Security Update, Tips, vulnerability|0 Comments

New ManticoraLoader Malware Targets Citrix Users for Data Theft

DeadXInject, the group behind AresLoader and AiDLocker ransomware, is now offering ManticoraLoader, a new Malware-as-a-Service (MaaS) targeting Windows systems. Available on underground forums and Telegram since August 8th, 2024, this [...]

Snake Keylogger Targets Windows via Malicious Excel Files

Researchers have identified a sophisticated phishing campaign using a .NET-based Snake Keylogger variant. This attack uses weaponized Excel files to compromise Windows systems, posing serious risks to data security. Snake [...]

Voldemort Hackers Exploit Google Sheets to Target Windows Users

Proofpoint researchers have uncovered a cyberattack campaign, "Voldemort," using Google Sheets as a C2 platform. Targeting Windows users, the campaign employs a unique attack chain with both common and rare [...]

Watch Out for Fake Palo Alto Tool Spreading Advanced Malware

A sophisticated malware is threatening organizations in the Middle East by disguising itself as the legitimate Palo Alto GlobalProtect tool. It uses a two-stage infection process and advanced command-and-control (C&C) [...]

Critical Vulnerability in Perl Installer Enables Traffic Interception

A critical vulnerability in App::cpanminus (cpanm), a popular tool for installing Perl modules, has been identified. Known as CVE-2024-45321, it allows attackers to intercept and manipulate traffic during module installation, [...]

Research Uncovers Eight Android and iOS Apps Leaking Users’ Sensitive Data

The eight Android and iOS apps fail to protect user data by transmitting sensitive information, such as device details, geolocation, and credentials, over HTTP instead of HTTPS. This exposes data [...]

EDR Killer Malware Disables Security Tools on Windows Machines

Attackers can exploit Windows drivers to bypass security by exploiting vulnerabilities or using stolen signatures to load malicious drivers into the kernel, disabling protections. While Microsoft enforces driver signature rules, [...]

Apache Vulnerability Exposed Unix Systems to Data Theft

A recently disclosed vulnerability in the Apache Portable Runtime (APR) library, identified as CVE-2023-49582, could expose sensitive application data on Unix platforms. Apache Vulnerability The flaw results from insufficient permissions [...]

Microsoft 365 Flags Image Emails as Malware

Microsoft 365 users report emails with images being wrongly flagged as malware and quarantined, identified as Issue ID: EX873252. This issue has raised significant concerns among businesses and individual users [...]

By | August 27th, 2024|Internet Security, Malware, Microsoft, Security Advisory, Security Update|0 Comments

Ransomware Hits Patelco Credit Union, Steals Customer and Employee Data

Patelco Credit Union revealed a ransomware attack compromising member and employee data, raising concerns about security and privacy. All about the Ransomware Patelco Credit Union detected a ransomware attack on [...]

BeaverTail Malware Hits Windows Users via Games

Researchers discovered a new malware campaign called BeaverTail, targeting job seekers in a North Korean cyber espionage operation. BeaverTail Malware Initially identified as a JavaScript-based info stealer, BeaverTail has evolved [...]

Active Exploitation of Chrome Zero-Day Vulnerability

Google has released Chrome 128 (128.0.6613.84 for Linux and 128.0.6613.84/.85 for Windows and Mac) to address a critical zero-day vulnerability actively exploited in the wild. The update includes 38 security [...]

Caution: Malicious Slack Ads Deliver Harmful Payloads

Cybercriminals are using Google search ads to distribute malware disguised as legitimate ads for Slack. This advanced tactic shows how threat actors are getting better at avoiding security measures and [...]

Ngate malware steals card funds on Android devices

ESET researchers recently identified new Android malware called “Ngate” that allows hackers to withdraw money from victims’ payment cards. Ngate malware NGate Android malware, identified in November 2023, represents a [...]

Log4j Vulnerability Exploited Again to Deploy Crypto-Mining Malware

Recent Log4j attacks use obfuscated LDAP requests to execute malicious scripts, establish persistence, and exfiltrate data. Multiple backdoors and encrypted channels maintain control, emphasizing the ongoing threat of the Log4j [...]

Backdoor in MIFARE Smart Cards Reveals User-Defined Keys

Researchers uncover new attack vectors in MIFARE Classic cards by analyzing the CRYPTO-1 algorithm and vulnerabilities, demonstrating how to extract data, clone cards, and compromise both new and old card [...]

New UULoader Malware Spreads Gh0st RAT and Mimikatz

UULoader malware delivers payloads like Gh0st RAT and Mimikatz, targeting Korean and Chinese speakers through malicious installers. UULoader Malware Discovered by the Cyberint Research Team, the malware includes Chinese strings [...]

Dell SupportAssist Vulnerability Enables Privilege Escalation on PCs

A critical security vulnerability affects Dell SupportAssist for Home PCs, specifically in installer version 4.0.3. Dell SupportAssist Vulnerability CVE-2024-38305 lets local low-privileged attackers escalate their privileges and run arbitrary code [...]

Unauthenticated RCE in WordPress Plugin Exposes 100K Sites

A critical vulnerability (CVE-2024-5932) in the GiveWP plugin exposes over 100,000 WordPress sites to remote code execution (RCE) attacks, as disclosed by researcher villu164 through the Wordfence Bug Bounty Program. [...]

MegaMedusa: A Powerful Web DDoS Tool Used by Hackers

RipperSec, a pro-Palestinian Malaysian hacktivist group that started on Telegram in June 2023, has quickly grown to over 2,000 members. They carry out cyberattacks like data breaches, defacements, and DDoS [...]

Urgent: Windows TCP/IP Vulnerability Discovered, Update Now

A critical vulnerability in the Windows TCP/IP stack enables unauthenticated remote code execution (RCE) through specially crafted IPv6 packets. This flaw affects all supported versions of Windows and Windows Server, [...]

Vulnerability in Microsoft Apps Let Hackers Spy on Mac Users

A critical vulnerability in Microsoft apps for macOS allowed hackers to surreptitiously spy on Mac users' activities. Security researchers from Cisco Talos revealed how attackers could exploit this flaw to [...]

By | August 20th, 2024|MacOS, Malware, Microsoft, Security Advisory, Security Update, vulnerability|0 Comments

New Styx Stealer Targets Users to Steal Login Passwords

A new threat called Styx Stealer has emerged, targeting users by stealing sensitive data like saved passwords, cookies, and autofill details from popular web browsers. Styx Stealer This malware targets [...]

Google Pixel Devices Shipped with Flawed App

Recent research revealed a vulnerability in the Android package of many Google Pixel smartphones. Devices shipped globally since September 2017 could be at risk of malware due to a pre-installed [...]

Lazarus Group Exploited Windows Zero-day

The notorious Lazarus hacker group exploited a zero-day vulnerability in Microsoft Windows, targeting the Ancillary Function Driver for WinSock (AFD.sys), identified as CVE-2024-38193. Discovered by researchers Luigino Camastra and Milanek [...]

New Exploit BYOVDLL Bypasses LSASS Protection

In July 2022, Microsoft patched a PPL bypass flaw, but a new exploit called "BYOVDLL" has been discovered, allowing attackers to bypass LSASS protection. All about BYOVDLL In October 2022, [...]

Malspam Targets AnyDesk and Microsoft Teams

Cybersecurity researchers have uncovered a sophisticated malspam campaign targeting users via email and phone. Attackers are exploiting AnyDesk and Microsoft Teams to gain unauthorized access to victims' computers, highlighting evolving [...]

By | August 16th, 2024|malicious cyber actors, Malware, Security Advisory, Security Update, Spam|0 Comments

Ransomware Group Introduces New EDR Killer Tool

A ransomware group, RansomHub, has introduced EDRKillShifter, a tool designed to disable EDR systems. This advancement highlights the group's evolving tactics to bypass security measures and execute attacks. Although a [...]

By | August 16th, 2024|BOTNET, Compromised, Exploitation, malicious cyber actors, Malware, Ransomware|0 Comments

Critical IBM QRadar Flaws Enable Remote Arbitrary Code Execution

IBM recently revealed critical vulnerabilities in QRadar Suite Software and IBM Cloud Pak for Security. Exploitation of these flaws could let attackers execute arbitrary code remotely, posing serious security risks. [...]

0.0.0.0 Day – 18-Year-Old Flaw Bypasses Browser Security

Threat actors frequently exploit browser flaws to gain unauthorized access and conduct various illicit activities. Recently, Oligo Security discovered a critical 18-year-old vulnerability, dubbed "0.0.0.0 day," which bypasses all browser [...]

Update Now: Critical SAP Auth Bypass and SSRF Vulnerabilities Fixed

SAP has issued a major security update addressing critical authentication bypass and server-side request forgery vulnerabilities, with CVSS scores of 9.8 and 9.1. The company advises all users to install [...]

1Password macOS Vulnerability Leads to Credentials Leak

A critical vulnerability in 1Password for macOS allows attackers to bypass security measures and access vault items. This issue affects every version of the macOS app. A patch is now [...]

Apache OFBiz RCE Vulnerability Found, Patch Immediately

A vulnerability, CVE-2024-38856, has been found in Apache OFBiz, allowing unauthenticated remote code execution. A patch is available, and developers strongly recommend installing it immediately due to the high risk [...]

By | August 6th, 2024|Security Advisory, Security Update, Tips, vulnerability|0 Comments

New Spyware Targeting Android Users

Cybersecurity experts have uncovered sophisticated Android spyware, LianSpy, targeting users to steal sensitive data. It uses advanced evasion techniques, posing a significant threat to Android users globally. All about LianSpy [...]

Russia-linked APT used a car ad to phish diplomats with Headlace malware.

A Russia-linked threat actor used a car ad to phish diplomats and deliver the HeadLace backdoor, likely starting in March 2024, according to Palo Alto Networks Unit 42. They attribute [...]

Critical Flaw in Voice Over Wi-Fi Allows Eavesdropping

Voice Over Wi-Fi (VoWiFi) is commonly used for making voice calls over Wi-Fi, improving call quality and reliability. Recently, cybersecurity researchers discovered a vulnerability in VoWiFi that allows attackers to [...]

Ubiquiti G4 Vulnerability Discovered, Enabling DDoS Attacks

Researchers found a flaw in Ubiquiti G4 Wi-Fi cameras that exposes critical data. They believe a similar vulnerability was used in 2019 for DoS attacks on many cameras. Despite Ubiquiti's [...]

Hackers Exploit WordPress Plugin File Upload Flaw

Hackers are exploiting a critical vulnerability (CVE-2024-6220) in the WordPress plugin 简数采集器 (Keydatas) that allows unauthenticated users to upload arbitrary files, risking remote code execution and full site takeover. On [...]

Microsoft Patches Critical Edge Flaw Enabling Code Execution

Microsoft has patched critical vulnerabilities in Edge. Users should update to the latest version to ensure security. Asec Ahnlab identified these flaws in Edge versions 127.0.6533.88 and 127.0.6533.89. All about [...]

Hackers Exploiting GeoServer RCE Flaw, 6,635 Servers at Risk

A critical flaw in GeoServer, an open-source Java software, exposes thousands of servers to risk. The vulnerability, CVE-2024-36401, allows unauthenticated remote code execution, threatening global geospatial data infrastructures. A recent [...]

Phishing Campaign Exploited Proofpoint for Email Spoofing

Guardio Labs recently identified "EchoSpoofing," a critical vulnerability in Proofpoint's email protection service used by 87% of Fortune 100 companies. This flaw allows hackers to exploit phishing emails, tricking recipients [...]

New Specula Tool Turns Outlook into a C2 Server via Registry Exploit

Cybersecurity firm TrustedSec has introduced a new tool named Specula, which leverages a longstanding vulnerability in Microsoft Outlook to turn it into a Command and Control (C2) server. This discovery [...]

Microsoft 365 and Azure Outage Disrupts Multiple Services

Microsoft is investigating a global outage affecting access to some Microsoft 365 and Azure services. Microsoft 365 and Azure Outage Currently, the incident affects users worldwide and only a subset [...]

By | July 31st, 2024|Internet Security, Security Advisory, Security Update, Tips|0 Comments

Chinese Users Targeted by Gh0st RAT Malware Through Fake Chrome Page

Attackers are using Gh0stGambit to spread Gh0st RAT malware to Chinese users via a fake Google Chrome download page, mimicking the legitimate site. GH0ST RAT Trojan Targets Chinese Windows Users [...]

Progress Patches New Privilege Escalation Flaw in MOVEit File Transfer

Progress, the company behind MOVEit Transfer, has issued a critical security alert for a newly discovered vulnerability in its product. The flaw, CVE-2024-6576, is classified as high-severity with a CVSS [...]

Malicious Python Package Targets macOS Developers for Google Cloud Login Theft

Hackers exploit malicious Python packages to attack developer environments, inject harmful code, and steal sensitive information or install malware. This method leverages popular repositories for broad impact with minimal effort. [...]

RaspAP Vulnerability Allows Hackers to Gain Privileges on Raspberry Pi Devices

A critical local privilege escalation vulnerability (CVE-2024-41637) was found in RaspAP, an open-source project for turning Raspberry Pi devices into wireless access points or routers. Rated 9.9 (Critical) on the [...]

Phishing Attack Hits Indian Mobile Users via India Post Scams

Indian iPhone users are inundated with SMS phishing scams posing as India Post delivery notifications, aimed at stealing credentials for future scams. Fraudsters Pose as India Post in SMS Phishing [...]

Threat Actors Claim Leak of 250M IOC Data; CrowdStrike Responds

The hacktivist group USDoD claims to have leaked CrowdStrike's "entire threat actor list" and an "entire IOC list" with over 250 million data points. Details of the Alleged Leak: On [...]

By | July 26th, 2024|BOTNET, Compromised, Exploitation, Security Advisory, Security Update|0 Comments

Google Chrome Issues Warnings for Malicious Downloads

Google Chrome now has a new download system with alerts for potentially harmful files, enhancing user security. Last year, Google Chrome introduced a revamped downloads interface on desktops, making it [...]

Jellyfish Loader Malware Discovered, Poses Threat to 2024 Olympics

A new threat, Jellyfish Loader, has been identified as a .NET-based shellcode downloader disguised as a Windows shortcut. Despite its unusual features suggesting it may still be in development, it [...]

Alert: Krampus Loader Gaining Popularity on the Dark Web

"Krampus," a new malware loader, is gaining popularity on the dark web, according to MonThreat on X (formerly Twitter). What is Krampus Loader Krampus Loader is a type of malware [...]

Watch Out for Malicious Python Packages That Steal Sensitive Data

Malicious Python packages uploaded by "dsfsdfds" to PyPI stole sensitive data from user systems and sent it to a Telegram bot likely associated with Iraqi cybercriminals. Active since 2022, the [...]

By | July 24th, 2024|BOTNET, Compromised, Exploitation, Security Advisory, Security Update|0 Comments

Attackers Exploit Swap File to Steal Credit Card Information

Researchers at Sucuri recently discovered that website swap files can be exploited to install a persistent credit card skimmer on Magento e-commerce platforms. Swap files, which store overflow data from [...]

Flaw in Cisco VPN routers enables remote code execution by attackers

Cisco disclosed a significant flaw in the upload module of RV340 and RV345 VPN routers, allowing remote, authenticated attackers to run arbitrary code. Tracked as CVE-2024-20416 with a CVSS score [...]

Watch out for fake browser updates installing malicious BOINC software.

Since July 4, 2024, SocGholish (FakeUpdates) has shown new behavior. The infection chain starts with a compromised website prompting a fake browser update. Downloading the update triggers malicious code that [...]

SonicOS IPSec VPN Vulnerability Allows Attackers to Cause DoS Condition

SonicWall has disclosed a critical heap-based buffer overflow vulnerability in SonicOS IPSec VPN, identified as CVE-2024-40764, which can allow remote attackers to cause a DoS condition. The vulnerability has a [...]

BadPack Malware for Android Infects APK Installers

New research reveals a novel approach to hiding malware in APK installers. Adversaries manipulate the file header to circumvent protection and make analysis much more difficult. The peak usage of [...]

By | July 21st, 2024|Android malware, BOTNET, Compromised, Malware, Tips|0 Comments

Hackers Claim Dettol Data Breach Affects 453,646 Users

Threat actor ‘Hana’ claims to have breached Dettol India, affecting 453,646 users, according to a FalconFeedsio post on X. Dettol Data Breach The post reveals that the breach exposed user [...]

CrowdStrike Update Leads to Widespread Windows BSOD Crashes

A recent CrowdStrike update has caused widespread Blue Screen of Death (BSOD) errors on Windows machines. The issue affects multiple versions of the company’s sensor software, prompting an urgent investigation [...]

By | July 19th, 2024|Internet Security, Security Advisory, Security Update, windows|0 Comments

New TE.0 HTTP Request Smuggling Vulnerability Affects Google Cloud Websites

HTTP Request Smuggling exploits differences in how web servers and intermediaries handle HTTP request sequences. Attackers craft malicious requests to manipulate the processing order, potentially leading to unauthorized access, security [...]

ShadowRoot Ransomware Targets Businesses with Weaponized PDFs

X-Labs identified ransomware targeting Turkish businesses through PDF attachments in emails from the internet[.]ru domain. These PDFs contain links that download exe payloads, encrypting files with the ".shadowroot" extension. This [...]

By | July 17th, 2024|Ransomware, Security Advisory, Security Update, Tips|0 Comments

Poco RAT uses 7zip files via Google Drive for attacks

In early 2024, Cofense researchers discovered Poco RAT, a malware specifically targeting Spanish-speaking individuals in the mining industry. It spreads through Google Drive-hosted 7zip archives, effectively masking its malicious activities. [...]

HardBit Ransomware Evades Detection with Passphrase Protection

In 2022, HardBit Ransomware 4.0 emerged, differing from typical groups by avoiding leak sites and double extortion. Their tactics include data theft, encryption, and ransom demands with additional threats. Cybereason [...]

By | July 17th, 2024|Ransomware, Security Advisory, Security Update, Tips|0 Comments

Pinterest Data Leak: Hackers Claim Access to 60M Records

Pinterest, with over 518 million users, faces a potential data leak. Hacker "Tchao1337" claims to have leaked 60 million rows of user data on a forum. The 1.59 GB database [...]

Juniper Junos Flaw Allows Full ‘Root’ Access to Attackers

Hackers target Juniper Junos due to its extensive use in business networking, making it a prime target for accessing valuable systems. Its prominence in large organizations means successful breaches can [...]

FishXProxy amplifies phishing attacks with cunning and deceptive tactics

Imagine receiving an email that appears completely legitimate. This is the deceptive capability of the new FishXProxy Phishing Kit, an advanced toolkit emerging from underground cybercrime circles. FishXProxy bypasses traditional [...]

Hackers Using ClickFix Tactics to Deploy Malware

McAfee Labs researchers have identified a sophisticated malware delivery method, "ClickFix," using advanced social engineering to trick users into executing malicious scripts, leading to severe security breaches. This article explores [...]

Microsoft Patches 3 Critical Vulnerabilities in July Update

Microsoft's July security update addresses 142 vulnerabilities, including one already being exploited. This update is part of Microsoft's regular "Patch Tuesday" release. MICROSOFT FIXES 3 CRITICAL FLAWS IN PATCH TUESDAY [...]

Chinese APT40 Exploits New Vulnerabilities Within Hours

International cybersecurity agencies have issued a warning about APT40, a PRC state-sponsored cyber group linked to the Ministry of State Security. Based in Hainan Province, APT40 has targeted global organizations, [...]

By | July 10th, 2024|Security Advisory, Security Update, Tips, vulnerability|0 Comments

Eldorado Ransomware Targets Windows and Linux Systems

Ransomware-as-a-service (RaaS) has evolved into a sophisticated, enterprise-like model. From 2022 to 2023, ransomware ads on the dark web increased by 50%, with 27 identified ads. The RAMP forum became [...]

Jenkins Script Console used for cryptocurrency mining attacks by hackers

Researchers discovered that attackers can exploit improperly configured Jenkins Script Console for criminal activities like cryptocurrency mining. "Misconfigurations, such as weak authentication settings, expose the '/script' endpoint," noted Trend Micro's [...]

Ghostscript Rendering Platform Flaw Enables Remote Code Execution

A critical vulnerability, CVE-2024-29510, has been discovered in the Ghostscript rendering platform. This format string flaw affects versions up to 10.03.0, allowing attackers to bypass the -dSAFER sandbox and execute [...]

By | July 9th, 2024|RCE Flaw, Security Advisory, Security Update, vulnerability|0 Comments

Info-Stealing Malware Posing as Accessibility Tools and Chrome Extensions

The first half of 2024 has witnessed a notable surge in info-stealing malware masquerading as AI tools and Chrome extensions. This trend underscores cybercriminals' growing sophistication and adaptability, leveraging emerging [...]

Orcinius Trojan Targets Users Through Dropbox & Google Docs

A new multi-stage trojan, "Orcinius," exploits Dropbox and Google Docs. It starts with an Excel spreadsheet containing a 'VBA stomping' macro. When executed, this macro hooks into Windows, enabling the [...]

ScreenConnect Remote Access Client Exploited by Hackers to Deploy AsyncRAT

eSentire’s Threat Response Unit (TRU) has uncovered a sophisticated campaign in which threat actors exploit the ScreenConnect remote access client to deliver the AsyncRAT trojan, revealing the evolving tactics of [...]

Hackers Exploit Twilio API to Verify MFA Phone Numbers

A vulnerability in an unauthenticated endpoint allowed threat actors to identify phone numbers associated with Authy accounts. The endpoint has since been secured to prevent unauthorized access. Although there is [...]

FakeBat Malware Targets AnyDesk, Zoom, Teams & Chrome

Hackers are targeting and weaponizing AnyDesk, Zoom, Teams, and Chrome due to their widespread use across multiple sectors, providing access to sensitive information. Cybersecurity researchers at Sekoia have identified FakeBat [...]

RegreSSHion OpenSSH Vulnerability Enables RCE

A newly discovered OpenSSH vulnerability, dubbed regreSSHion, allows remote attackers to gain root privileges on Linux systems using the glibc library. This flaw lets unauthenticated attackers execute arbitrary code and [...]

CapraRAT Mimics Popular Apps to Attack Android Users

Transparent Tribe (aka APT36), active since 2016, uses social engineering to target Indian government and military personnel. Recently, their CapraRAT has been mimicking popular Android apps to attack Android users, [...]

Google Offers $250,000 for Full VM Escape Zero-Day Vulnerability

Google has launched kvmCTF, a new vulnerability reward program targeting the Kernel-based Virtual Machine (KVM) hypervisor. Announced in October 2023, this initiative underscores Google's commitment to securing key technologies like [...]

Malware Spreading via Binance Smart Contracts Blockchain

Cybercriminals are exploiting Binance smart contracts as intermediary C2 servers, favoring them due to their resilience against takedowns. Initially used for deploying infostealers, these smart contracts have potential applications for [...]

New GrimResource Attack Technique Exploits MMC and DLL Flaw

A new malicious code execution technique, GrimResource, targets Microsoft Management Console. Attackers exploit an old cross-site scripting vulnerability to bypass defenses and deploy malware to endpoints. GrimResource Attack Technique On [...]

Critical OpenSSH Flaw Puts Millions of Linux Servers at Risk

A critical vulnerability in OpenSSH, affecting versions 8.5p1 to 9.7p1, has been discovered, potentially exposing millions of Linux systems to arbitrary code execution attacks. This flaw in the sshd(8) component [...]

Beware of the “TRANSLATEXT” Chrome Extension from North Korean Hackers

Hackers exploit Chrome extensions to embed malware, gather personal data, display pop-ups, change URLs, and manipulate the browser. Zscaler ThreatLabz detected new activity by Kimsuky, a North Korean state-sponsored APT [...]

Xeno RAT is actively targeting users via GitHub repositories and .gg domains.

Threat actors leverage RATs for sustained access to compromised systems, facilitating prolonged espionage and exploitation. North Korean hackers and other threat actors targeting the gaming community are distributing XenoRAT via [...]

PoC Released for SQL Injection in Fortra FileCatalyst

A PoC exploit for the SQL Injection vulnerability CVE-2024-5276 in Fortra FileCatalyst Workflow has been released, affecting versions up to 5.1.6 Build 135. CVE-2024-5276 The SQL Injection vulnerability, discovered on [...]

Critical Vulnerability in MOVEit Transfer Allowed Hackers to Access Files

A critical vulnerability, CVE-2024-5806, in MOVEit Transfer software poses severe risks to organizations relying on it for secure data transfers. This flaw, found in versions 2023.0.0 to 2023.0.10, 2023.1.0 to [...]

Threat Actor Claims Zero-Day Sandbox Escape and RCE in Chrome Browser

A threat actor has publicly claimed a zero-day vulnerability in the widely-used Google Chrome browser. The account MonThreat, known for credible cybersecurity disclosures, made this claim via a tweet. All [...]

Linux LPE Zero-Day Exploit via GRUB Bootloader

A new threat actor has surfaced, claiming a zero-day vulnerability in the Linux GRUB bootloader for local privilege escalation (LPE). This has sparked considerable concern in the cybersecurity community, with [...]

SneakyChef and SugarGhost, newly identified RAT malware strains

Talos Intelligence has uncovered a sophisticated cyber campaign orchestrated by the threat actor SneakyChef. This operation utilizes the SugarGh0st RAT and other malware to target government agencies, research institutions, and [...]

Microsoft Power BI Vulnerability Exposes Organizations’ Sensitive Data

A Microsoft Power BI vulnerability allows unauthorized access to sensitive data in reports, affecting tens of thousands of organizations and exposing employee, customer, and confidential information. Attackers can exploit this [...]

New Linux Variant of RansomHub Targets ESXi Systems

Hackers frequently target ESXi systems due to their extensive use in managing enterprise virtualized infrastructure, making them attractive targets. Exploiting security flaws in ESXi, threat actors can deploy ransomware and [...]

New Security Flaw Enables Access to Microsoft Corporate Email Accounts

A new security flaw allows attackers to impersonate Microsoft corporate email accounts, increasing phishing risks. Discovered by researcher Vsevolod Kokorin (Slonser), the bug remains unpatched by Microsoft. Kokorin revealed the [...]

Hackers Use Progressive Web Apps to Steal Passwords

Hackers are increasingly exploiting Progressive Web Apps (PWAs) for sophisticated phishing attacks to steal user credentials, as highlighted by security researcher mr.d0x. PWAs, built using HTML, CSS, and JavaScript, offer [...]

Hackers Use Windows Installer (MSI) Files to Spread Malware

Cybersecurity researchers have uncovered a sophisticated malware campaign by the Void Arachne group, targeting Chinese-speaking users with malicious Windows Installer (MSI) files. Void Arachne targets Chinese-speaking users using SEO poisoning [...]

Chrome Security Update: Fixes for Six Vulnerabilities

Google has released a new Chrome browser update, version 126.0.6478.114/115 for Windows and Mac, and 126.0.6478.114 for Linux. This update, rolling out over the coming days and weeks, addresses multiple [...]

Hackers are using new techniques to target Docker API

The Spinning YARN attackers have initiated a fresh cryptojacking campaign, focusing on publicly exposed Docker Engine hosts. They utilize new binaries like chkstart for remote access with payload execution, exeremo [...]

Hidden Backdoor in D-Link Routers Lets Attackers Log in as Admin

A critical vulnerability in several D-Link wireless router models allows unauthenticated attackers to gain administrative access. The CVE-2024-6045 vulnerability has a high severity CVSS score of 8.8. All about the [...]

Lumma Stealer Spreads Through Fake Browser Updates Using ClearFake

Recent research uncovered websites deploying Lumma Stealer disguised as browser updates. These sites, posing as tutorial pages with legitimate-looking guides, open a malicious JS iframe using the ClearFake framework. Some [...]

Microsoft Patches Critical MSMQ Flaw

On Patch Tuesday, June 11, 2024, Microsoft fixed numerous flaws, including a remote code execution vulnerability in Microsoft Message Queuing (MSMQ) affecting various Windows and Windows Server versions, even those [...]

By | June 14th, 2024|BOTNET, Exploitation, Microsoft, vulnerability|0 Comments

Beware: WARMCOOKIE Backdoor Knocking at Your Inbox

WARMCOOKIE is a new Windows backdoor delivered via a phishing campaign called REF6127. It can take screenshots, deliver additional payloads, and fingerprint systems. "This malware is a serious threat, enabling [...]

0-Day Vulnerability in 10,000 Web Apps Exploited with XSS Payloads

A significant vulnerability, CVE-2024-37629, has been discovered in SummerNote 0.8.18, allowing Cross-Site Scripting (XSS) via the Code View function. Summernote is a JavaScript library for creating WYSIWYG editors online. An [...]

Hackers Exploit Linux SSH Services to Deploy Malware

SSH and RDP provide remote server access (Linux and Windows respectively) for administration. Both protocols are vulnerable to brute-force attacks if strong passwords and access controls are not used. Attackers [...]

Critical Flaw in Apple Ecosystems Allows Unauthorized Access

Hackers target Apple due to its large user base and wealthy customers, including business people and managers with important information. Despite strong security measures, Apple remains a target because valuable [...]

SSLoad Malware Utilizes MSI Installer to Initiate Delivery Chain

Malware distributors exploit MSI installers because Windows OS inherently trusts them to run with administrative rights, bypassing security controls. This makes MSI files a convenient method for disseminating ransomware, spyware, [...]

Biometric Terminal Exposed to QR Code SQL Injection Vulnerability

A popular ZKTeco biometric terminal has critical vulnerabilities, including an SQL injection flaw via QR codes. This discovery raises serious concerns about the security of widely used biometric access control [...]

EmailGPT Vulnerability Exposes Sensitive Data to Attackers

A new prompt injection vulnerability, CVE-2024-5184, has been found in EmailGPT, the service and Chrome plugin that assists Gmail users in composing emails with OpenAI's GPT model. This vulnerability allows [...]

PoC Exploit Released for Veeam Authentication Bypass Flaw

A PoC exploit has been released for the critical Veeam Backup Enterprise Manager authentication bypass vulnerability, CVE-2024-29849, with a CVSS score of 9.8. This article explores the vulnerability, exploit, and [...]

Muhstik Malware Attacks Apache RocketMQ for Remote Code Execution

Apache RocketMQ, a widely used messaging system for handling high volumes of data and critical operations, often attracts hackers. Exploiting RocketMQ vulnerabilities allows attackers to disrupt communications, access sensitive information, [...]

Fog Ransomware Targets Windows Servers Admins for RDP Logins

The new 'Fog' ransomware targets US education and recreation businesses. Attackers used compromised VPN credentials from two different providers to access victim environments. They employed pass-the-hash attacks on administrator accounts [...]

Cisco Webex Meetings Flaw Enables Unauthorized Access

Cisco disclosed a major security vulnerability in its Webex Meetings platform, affecting some customers in its Frankfurt data center since early May 2024. The vulnerability in Cisco Webex Meetings, found [...]

Caution: Phishing Emails Urging Execution via Paste (CTRL+V)

Phishing attackers distribute email attachments with malicious HTML files designed to exploit users into running the code by prompting them to paste and execute it, leveraging social engineering. A phishing [...]

Security Vulnerability in Zyxel NAS Devices Enables Remote System Takeover

Zyxel has identified and released security patches for critical vulnerabilities affecting their NAS326 and NAS542 devices. These vulnerabilities, known as command injection and remote code execution, could allow attackers to [...]

Hackers Use Cracked MS Office Versions to Deliver Malware

In South Korea, attackers distribute malware disguised as cracked software, including RATs and crypto miners, and register themselves with the Task Scheduler for persistence. Even after initial removal, the Task [...]

FlyingYeti Uses WinRAR Flaw for Malware Attacks

Since Russia's invasion of Ukraine on February 24, 2022, tensions have been high globally. Following the invasion, Ukraine imposed a moratorium on utility service evictions and terminations for unpaid debt, [...]

Citrix Workspace App Lets Attackers Elevate Privileges from User to Root

A critical vulnerability in the Citrix Workspace app for Mac, tracked as CVE-2024-5027, could allow attackers to elevate privileges from a local authenticated user to root. This poses a significant [...]

Cybercriminals are Using Microsoft Office Documents to Spread Malware in Business Environments

Microsoft Office provides tools for creating professional reports, college essays, CVs, and notes on Office 365. It offers text and data editing features, including macros and Python scripting in Excel, [...]

Foxit PDF Reader and Editor Flaw Enables Privilege Escalation

A new privilege escalation vulnerability (CVE-2024-29072, severity 8.2 High) has been discovered in multiple versions of Foxit PDF Reader for Windows. Foxit has fixed the issue and published a security [...]

New Embargo Ransomware Discovered, Potential ALPHV Rebirth

A new ransomware strain called Embargo, written in Rust, has surfaced with its Darknet infrastructure. Using double extortion tactics, it resembles the recently seized ALPHV group. The novice gang already [...]

TP-Link Archer C5400X Router Flaw Allows Remote Hacking

Hackers frequently target routers, the gateways connecting devices and networks to the internet, because they are often neglected for security updates. Cybersecurity researchers at OneKey recently discovered a flaw in [...]

Hackers Can Exploit Apple’s Wi-Fi Positioning System to Track Users Globally

A recent study by University of Maryland security researchers revealed a major privacy vulnerability in Apple’s Wi-Fi Positioning System (WPS). This flaw allows hackers to globally track Wi-Fi access points [...]

PoC Exploit Out for Critical Git RCE Vulnerability

A critical vulnerability in Git, known as CVE-2024-32002, has recently emerged, posing substantial risks to users of this popular version control system. This vulnerability facilitates remote code execution (RCE) during [...]

GHOSTENGINE Malware Exploits Drivers to Terminate EDR Agents

Researchers discovered REF4578, an intrusion set that exploits vulnerable drivers to disable EDRs for crypto mining and deploys the GHOSTENGINE malware. GHOSTENGINE manages the machine’s modules, primarily using HTTP to [...]

Microsoft Reveals New Windows 11 Features for Enhanced Security

Microsoft is focusing on security in Windows, introducing Secured-Core PCs against hardware to cloud attacks and expanding passwordless options with passkeys for better identity protection. Passkeys are safeguarded by Windows [...]

Zabbix SQL Injection Vulnerability Leads to Remote Code Execution

Zabbix, a widely used network monitoring tool in corporate IT infrastructure globally, is susceptible to SQL injection attacks. The vulnerability, identified as CVE-2024-22120, affects all versions from 6.0 onwards and [...]

Recent Linux Backdoor Targets Linux Users

Recently, cybersecurity researchers at Symantec uncovered a fresh Linux backdoor actively targeting users through installation packages. All about Linux Backdoor Symantec revealed a new Linux backdoor dubbed Linux.Gomir, attributed to [...]

Apple Safari Zero-Day Flaw Exploited at Pwn2Own: Urgent Patch Required

Apple has rolled out security updates to tackle a zero-day vulnerability in its Safari web browser, exploited during this year's Pwn2Own Vancouver hacking contest. Known as CVE-2024-27834, this issue has [...]

Wireshark 4.2.5 Release: What’s New!

Wireshark, the leading network protocol analyzer, has just released version 4.2.5, introducing numerous new features and enhancements. This update aims to elevate user experience and offer more robust tools for [...]

Millions of IoT Devices Vulnerable to Attacks, Posing Risk of Full Takeover

Researchers have uncovered four significant vulnerabilities in the ThroughTek Kalay Platform, utilized by 100 million IoT-enabled devices. ThroughTek Kalay's widespread influence underscores the need to safeguard homes, businesses, and integrators. [...]

New Google Chrome Zero-day Being Exploited in the Wild—Patch Immediately!

Google has released a critical security update for its Chrome browser upon uncovering a zero-day vulnerability actively exploited by attackers. Tracked as CVE-2024-4761, the flaw impacts the V8 JavaScript engine, [...]

Hackers Utilize Word Files to Distribute DanaBot Malware

Recent email campaigns distribute DanaBot malware through two document types: those exploiting equation editor and those with external links. Attackers send emails disguised as job applications with a malicious Word [...]

iTunes for Windows Vulnerability Enables Malicious Code Execution

iTunes has an arbitrary code execution vulnerability, potentially enabling attackers to execute malicious code. Apple has issued a security advisory to address this. The company stated it won't discuss or [...]

Proof-of-Concept (PoC) Released for Critical PuTTY Private Key Recovery Vulnerability

Security researchers have published a Proof-of-Concept (PoC) exploit for a critical vulnerability in the widely used PuTTY SSH and Telnet client. The flaw, CVE-2024-31497, permits attackers to recover private keys [...]

Microsoft Edge Zero-Day Exploit Detected in Live Attacks

A zero-day vulnerability in Microsoft Edge, identified as CVE-2024-4671, has been actively exploited by malicious organizations, as reported. This security flaw originates from the Chromium engine, which powers the browser. [...]

Critical Cacti Vulnerability Enables Remote Code Execution by Attackers

Cacti, a widely used network monitoring tool, has released a critical security update addressing various vulnerabilities, notably CVE-2024-25641, rated with a high severity score of 9.1 on the CVSS scale, [...]

New F5 Next-Gen Manager Vulnerability Enables Attackers to Obtain Full Admin Control

Two critical vulnerabilities in F5 Next-Gen Big IP have been uncovered, enabling threat actors to attain full administrative control of the device and establish accounts on any F5 assets. These [...]

Dell Breached: Attackers Acquire Personal Information of 49 Million Customers

Dell Technologies recently disclosed a data breach involving a company portal containing limited customer information related to purchases, exposing names, physical addresses, and detailed order information such as service tags, [...]

CrushFTP vulnerability exploited in the wild to execute remote code

A critical vulnerability, CVE-2024-4040, has been actively exploited in the wild in CrushFTP. This flaw permits attackers to execute unauthenticated remote code on vulnerable servers. Versions of CrushFTP prior to [...]

Cyber attackers use weaponized shortcut files to distribute CHM malware

Hackers exploit weaponized shortcut files because they can execute malicious code without targeting specific users. Given their widespread usage and familiarity, shortcut files offer an effective platform for deploying malware. [...]

MorLock Ransomware Targets Organizations, Stealing Business Data

The MorLock ransomware group has escalated its assaults on Russian businesses, resulting in disruptions and financial setbacks. Identified at the start of 2024, this group has already infiltrated nine medium [...]

XSS Vulnerability in Yoast SEO Plugin Endangers Over 5 Million WordPress Websites

Security researcher Bassem Essam uncovered a critical cross-site scripting (XSS) vulnerability in the widely-used Yoast SEO WordPress plugin, potentially jeopardizing over 5 million websites. XSS Vulnerability in Yoast SEO Plugin [...]

Trend Micro Antivirus One Allowed Malicious Code Injection by Attackers

A major update for Trend Micro's Antivirus One software has been launched. This update tackles a critical vulnerability that could have allowed attackers to inject malicious code. The vulnerability, named [...]

MITRE Exposes Chinese Hackers’ Employment of ROOTROT Webshell in Network Breach

The MITRE Corporation, a non-profit organization managing research and development centers for the U.S. government, has revealed a recent infiltration by sophisticated nation-state hackers into one of its internal research [...]

By | May 7th, 2024|BOTNET, Compromised, malicious cyber actors, Tips, vulnerability|0 Comments

A novel Cuckoo malware strain is targeting macOS users

Researchers have unveiled a new malware strain named "Cuckoo," combining features of spyware and infostealers, designed to target both Intel and ARM-based Macs, employing advanced methods to extract sensitive data. [...]

ShadowSyndicate hackers exploit Aiohttp vulnerability for sensitive data theft

A directory traversal vulnerability (CVE-2024-23334) in aiohttp versions before 3.9.2 permits remote attackers to access sensitive files on the server by bypassing file reading validation within the root directory when [...]

ArubaOS Critical Vulnerability Allows Remote Code Execution by Attackers

Multiple vulnerabilities in ArubaOS affect HPE Aruba Networking devices, including Mobility Conductor, Mobility Controllers WLAN Gateways, and SD-WAN Gateways managed by Aruba Central. These vulnerabilities involve Unauthenticated Buffer Overflow (CVE-2024-26305, [...]

‘Cuttlefish’ Zero-Click Malware Pilfers Private Cloud Data

Cuttlefish is a recently discovered malware platform that has been active since at least July 2023. It specifically targets networking equipment such as enterprise-grade small office/home office routers. The latest [...]

Gemini 1.5 Pro: Your Exclusive New AI Malware Analyst

Gemini 1.5 Pro represents the latest iteration of the Gemini AI malware analysis platform, poised to revolutionize the cybersecurity landscape. Boasting innovative features, it empowers security teams to detect, investigate, [...]

New Android Malware Mimics Social Media Apps to Steal Sensitive Data

A new RAT malware targeting Android devices has been discovered, capable of executing additional commands compared to other RAT malware. It can also conduct phishing attacks by masquerading as legitimate [...]

Darkgate Malware Utilizes Autohotkey to Track Teams

Researchers have discovered a new infection chain linked to the DarkGate malware. This Remote Access Trojan (RAT), created with Borland Delphi, has been advertised as a Malware-as-a-Service (MaaS) product on [...]

LightSpy Malware Targets MacOS Devices

BlackBerry initially reported a new iOS LightSpy malware, but Huntress researchers discovered it as a macOS variant targeting Intel or Apple Silicon with Rosetta 2-enabled devices. This led to media [...]

New Android Trojan executes malicious commands on your phone

XLab researchers uncover "Wpeeper," a new Android malware infiltrating systems to execute various malicious commands, posing a serious threat to users. All about the new android trojan Wpeeper's distribution is [...]

Grafana Tool Vulnerability Enables SQL Injection by Attackers

A severe SQL injection vulnerability has been discovered in Grafana, a popular open-source platform extensively used for monitoring and observability. This flaw enables attackers with valid user credentials to execute [...]

PlugX USB Worm Infects Over 2.5 Million Devices

A new threat has surfaced, impacting millions of devices globally. The PlugX USB worm, a sophisticated malware, has infected over 2.5 million devices, posing a significant cybersecurity threat worldwide. The [...]

SSLoad Malware Combined with Tools Hijacks Entire Network Domain

The FROZEN#SHADOW attack campaign employs SSLoad malware alongside Cobalt Strike Implants to seize control of the entire network. Additionally, threat actors utilize Remote Monitoring and Management (RMM) software like ScreenConnect [...]

Cactus Ransomware Exploits Vulnerability in Qlik Servers

Since November 2023, the Cactus ransomware gang has been exploiting vulnerable Qlik Sense servers, leveraging multiple vulnerabilities including CVE-2023-41266 (Path Traversal), CVE-2023-41265 (HTTP Request Tunneling), and CVE-2023-48365 (Unauthenticated Remote Code [...]

Hackers exploit Autodesk Drive to host weaponized PDF files

Autodesk Drive serves as a cloud-based data-sharing platform for organizations, facilitating document and file sharing. It accommodates various file formats, including 2D and 3D data files such as PDFs, accessible [...]

GuptiMiner Exploits eScan to Distribute Miners and Backdoors

Avast researchers recently uncovered GuptiMiner, an aged malware. It leverages the eScan antivirus update system to surreptitiously implant backdoors and cryptocurrency mining software into users’ computers and extensive corporate networks. [...]

By | April 25th, 2024|BOTNET, Compromised, Exploitation, IOC's, malicious cyber actors|0 Comments

CrushFTP Zero-Day Enables Attackers to Gain Complete Server Access

CrushFTP disclosed a zero-day vulnerability (CVE-2024-4040) affecting versions below 10.7.1 and 11.1.0, allowing remote attackers with low privileges to bypass the VFS sandbox and read arbitrary files on the underlying [...]

Critical Oracle VirtualBox vulnerability now has a PoC exploit released

Oracle VirtualBox had a critical vulnerability (CVE-2024-21111) allowing Privilege Escalation and Arbitrary File Move/Delete, rated 7.8 (High). Oracle promptly patched it and issued a security advisory. Oracle released a security [...]

Watch Out for Weaponized Zip Files Distributing WINELOADER Malware

Russian threat group APT29 targeted German political parties with a new backdoor, WINELOADER, via spear-phishing emails containing malicious links to ZIP files on compromised websites. These ZIP files deployed an [...]

PyPI Package Malware Targets Discord Users for Credential Theft

Hackers frequently exploit PyPI packages to inject malicious code into widely-used Python libraries, seeking vulnerabilities. Recently, FortiGuard Labs cybersecurity researchers uncovered a malicious PyPI package, "discordpy_bypass-1.7," targeting Discord users for [...]

Cerber Linux Ransomware Targets Atlassian Servers

Cybercriminals frequently deploy Linux ransomware in server environments, targeting organizations with critical data for potentially higher payouts. Cado Security Labs' cybersecurity analysts recently examined the Linux version of Cerber ransomware, [...]

Active Directory Security: 5 Critical Vulnerabilities to Monitor

Microsoft’s Active Directory (AD) acts as the backbone of your organization's network, regulating access to network and database sections to authorized users. A well-structured AD is crucial for safeguarding the [...]

Tor Browser 13.0: What’s New

Tor Browser 13.0.14 is now available, featuring crucial security enhancements for the widely-used privacy-centric web browser. Tor Browser is a web browser that focuses on privacy and anonymity by routing [...]

Surge in Zero-click Vulnerabilities: The Rise of ‘Mobile NotPetya’

The cybersecurity community warns of the rising threat of a "mobile NotPetya" event, a self-propagating mobile malware outbreak with potentially devastating consequences. This concern is fueled by the significant increase [...]

Hackers Customize LockBit 3.0 Ransomware for Global Organization Attacks

Hackers exploit LockBit 3.0 ransomware for its advanced encryption, successfully locking victims' files for ransom. Its stealthiness aids in unauthorized system access, enhancing deployment chances. Kaspersky Labs' cybersecurity researchers uncovered [...]

Recent SharePoint Method Enables Hackers to Evade Security Measures

Two recently discovered SharePoint techniques empower malicious actors to circumvent conventional security measures and extract sensitive data covertly, evading detection mechanisms. These techniques involve disguising illicit file downloads as innocuous [...]

LightSpy: Malware Threatening Android and iOS Users

A recently discovered malware dubbed LightSpy has been found to target both Android and iOS users. LightSpy, a modular malware implant, is engineered to penetrate mobile devices, posing a substantial [...]

Critical PAN-OS Command Injection Vulnerability Exploited

Palo Alto Networks alerts customers to a critical command injection vulnerability in PAN-OS GlobalProtect feature, scoring the maximum 10/10 on CVSS. Fixes are underway, the company reports. PAN-OS COMMAND INJECTION [...]