NFC Exploited to Steal Funds from ATMs and POS
NFC Technology Abused in Global ATM and POS Fraud Cybercriminals, mainly from Chinese underground networks, are using NFC (Near Field Communication) technology to carry out large-scale fraud at ATMs and [...]
TP-Link Router Vulnerabilities Enable Malicious SQL Execution
Cybersecurity researchers have found critical SQL injection vulnerabilities in four TP-Link router models, which could allow attackers to bypass authentication, execute malicious commands, and potentially take control of the devices. [...]
Impersonated Dev Tools on npm/PyPI Used for Credential Theft
The Socket Threat Research Team has discovered three malicious open-source packages—two on PyPI and one on npm—designed to steal sensitive cryptocurrency data like mnemonic seed phrases and private keys. These [...]
Hackers Leverage Cloudflare for RAT Deployment
Hackers have been using Cloudflare tunnels since February 2024 to host malware and spread remote access trojans like AsyncRAT, according to Sekoia TDR. Complex malware attacks are using phishing emails [...]
Infostealer Malware Surges 84% in Phishing Emails, IBM Warns
A recent report from IBM X-Force reveals that infostealer malware delivered through phishing emails has spiked by 84% week-over-week in 2024. This surge highlights a shift in cyberattack strategies, with [...]
KeyPlug Server Leak Reveals Fortinet Exploits
Cybersecurity researchers recently uncovered a server linked to the KeyPlug malware, used by the threat group RedGolf (also known as APT41). The server was accidentally exposed for less than 24 [...]
AnythingLLM Systems at Risk: Critical Remote Code Execution Vulnerability Discovered
A major security flaw (CVE-2024-13059) was found in the open-source AI tool AnythingLLM. Discovered in February 2025, the bug lets attackers with admin access run harmful code remotely, putting systems [...]
Server-Side Phishing Targets Portals for Logins
Attackers are now using server-side phishing to target employee and member login portals, making it harder to detect and analyze their tactics. Phishing Tactics Are Evolving Recent investigations reveal a [...]
Two Apple Zero-Days Under Active iOS Attack
Apple has released iOS 18.4.1 and iPadOS 18.4.1 to fix two zero-day vulnerabilities that were actively exploited in highly targeted and sophisticated attacks. Vulnerabilities Explained The issues were found in [...]
Critical Chrome Flaw Allowed Data Theft & Unauthorized Access
Google has released an urgent security update for its Chrome browser after two critical vulnerabilities were found, putting users at risk of data theft and unauthorized access. These vulnerabilities, labeled [...]
Key Security Awareness Metrics for CISOs
As companies shift to zero-trust security models, security awareness has become a key line of defense. CISOs now face pressure to show how training programs actually reduce risk. With human [...]
Microsoft Teams File Sharing Down Due to Outage
Many Microsoft Teams users around the world are currently facing issues with file sharing due to an unexpected outage. This disruption is affecting communication and collaboration across businesses, schools, and [...]
VMware ESXi 8.0 Update 3e Now Available for Free
VMware has announced the release of ESXi 8.0 Update 3e, the latest version of its industry-leading hypervisor. The update, released on April 10, 2025, includes several enhancements, important security fixes, [...]
Smishing Attack Targets Toll Road U Users
Cisco Talos researchers have found a major smishing campaign targeting U.S. toll road users. Active since October 2024, the scam tricks people with fake toll payment messages to steal personal [...]
BPFDoor Malware Leverages Reverse Shell for Network Control
A new wave of cyber espionage has highlighted BPFDoor, a stealthy malware used to secretly access and control networks. Trend Micro links BPFDoor to a state-backed APT group called Earth [...]
Stealthy ResolverRAT Employs Advanced In-Memory Execution
A new remote access trojan (RAT) called ResolverRAT is posing a serious threat to businesses around the world. It uses advanced in-memory execution and evasion methods to slip past traditional [...]
Microsoft Adds Antimalware Scan to Exchange & SharePoint Security
Microsoft has added a major security upgrade to Exchange Server and SharePoint Server by integrating them with Windows Antimalware Scan Interface (AMSI). This helps protect these important systems, which are [...]
Critical Dell PowerScale Vulnerabilities Allow Account Takeover
Dell Technologies has released a critical alert about serious flaws in PowerScale OneFS that could let attackers gain control of high-level user accounts. The most dangerous bug, rated 9.8 on [...]
ViperSoftX Malware Hidden in Cracked Software
AhnLab Security Intelligence Center (ASEC) discovered a cyber attack targeting Korean users with ViperSoftX malware. ViperSoftX Malware The attackers, likely Arabic speakers, used cracked software and torrents to spread the [...]
New Email Attack Hits Office 365 Users and Delivers Malware
Cybersecurity experts have found a new phishing attack that steals Office 365 credentials and installs malware, putting many organizations at risk. The attack, discovered by Cofense Phishing Defense Center, uses [...]
Windows Active Directory Flaw Leads to Unauthorized Privilege Escalation
Microsoft has released an urgent patch for a serious security flaw—CVE-2025-29810—affecting Windows Active Directory Domain Services (AD DS). This vulnerability allows attackers to escalate privileges and potentially take full control [...]
Ivanti RCE flaw affects over 5,000 devices
More than 5,000 Ivanti Connect Secure devices remain exposed to a high-risk remote code execution (RCE) vulnerability, CVE-2025-22457, according to data from the Shadowserver Foundation. This flaw, caused by a [...]
CISA Warns of Active CrushFTP Authentication Bypass Exploit
CISA has issued a warning about a critical vulnerability (CVE-2025-31161) in CrushFTP that is being actively exploited. This flaw allows attackers to bypass authentication, putting systems at serious risk. The [...]
Lazarus Hides Malicious npm Code Using Hex Encoding
North Korea’s Lazarus Group has ramped up its Contagious Interview campaign by using new npm packages with hex-encoded strings to evade detection. These packages deliver BeaverTail infostealers and RAT loaders, [...]
NEPTUNE RAT: Windows Malware Steals Passwords from Over 270 Apps
A new cyber threat called Neptune RAT is raising concerns among Windows users, as it targets sensitive data and has advanced malicious features. Researchers at CYFIRMA have analyzed the latest [...]
New spyware tricks Android users for passwords
A new Android spyware app uses a password prompt to prevent uninstallation, making it difficult for users to remove without the installer's password. How the Spyware Works The spyware, which [...]
Oracle Confirms Data Breach, Begins Notifying Clients
Oracle confirmed a data breach affecting its older Gen 1 servers, its second incident in weeks, highlighting legacy system vulnerabilities and data security concerns. Oracle Breach Details Cyber Security News [...]
Qilin Ransomware Attack: Fake ScreenConnect Login for Admin Access
A ransomware attack targeted MSPs via phishing emails, deploying Qilin ransomware across customer environments. Ransomware Attack Targets MSPs via Phishing Campaign Victims of a recent ransomware attack were tricked into [...]
Trinda Malware: Android Attack Replaces Call Numbers
Kaspersky Lab has discovered a new version of the Triada Trojan targeting Android devices. This variant is pre-installed in counterfeit smartphones, often sold at discounted prices through unauthorized online stores. [...]
Cisco AnyConnect VPN Server Vulnerable to DoS Exploits
Cisco has revealed a critical flaw (CVE-2025-20212) in its AnyConnect VPN Server for Meraki MX and Z Series devices, enabling authenticated attackers to cause denial-of-service (DoS). The issue arises from [...]
Phishing Campaign Aims to Steal Investor Login Details
Symantec has discovered a sophisticated phishing campaign targeting Monex Securities (マネックス証券), a leading online securities firm in Japan. Formed through the merger of Monex, Inc. and Nikko Beans, Inc., the [...]
X (Twitter) Data Breach: 400GB Leak Exposes 2.8 Billion Records
A massive 400GB dataset with info from 2.87 billion X (formerly Twitter) users has appeared on hacker forums. Allegedly from January 2025, it's one of the biggest social media leaks [...]
IRS-themed attacks are on the rise, targeting taxpayers’ mobile devices
With the U.S. tax deadline nearing, scammers are ramping up IRS-themed attacks. McAfee Labs reports a rise in mobile scams using fake IRS texts and websites to steal personal and [...]
Critical HP Vulnerability Allows Remote Code Execution and Authentication Bypass
A newly disclosed flaw in HPE’s Insight CMU v8.2, CVE-2024-13804, allows attackers to bypass authentication and execute remote commands, posing a major risk to HPC clusters. All about HP Vulnerability [...]
Earth Alux Hackers Deploy VARGIET Malware to Attack Organizations
Recent cyberattacks by the APT group Earth Alux have exposed the use of advanced malware, including the VARGEIT backdoor, to breach critical industries. Active since 2023, the China-linked group has [...]
BlackSuit Ransomware: Fake Zoom Installer Warning
Cybersecurity analysts have identified a campaign using a fake Zoom installer to spread BlackSuit ransomware on Windows systems. DFIR experts report that attackers are tricking users into downloading malware disguised [...]
Microsoft tool fixes Windows boot issues
Microsoft Introduces "Quick Machine Recovery" to Simplify Boot Issue Fixes Microsoft has introduced Quick Machine Recovery, a new tool designed to automatically detect, diagnose, and resolve critical boot failures in [...]
Mozilla Patches Windows Vulnerability Following Chrome Zero-Day
Mozilla has released an urgent update for Firefox on Windows to fix a critical vulnerability. This follows a similar issue found in Google Chrome, emphasizing the need for quick action. [...]
Tor Browser 14.0.8: Urgent Windows Release
The Tor Project has quickly released an emergency update, Tor Browser 14.0.8, available only for Windows users. It can be downloaded from the Tor Browser download page and the Tor [...]
Detecting Deep Learning Backdoors: The DeBackdoor Approach
Researchers from Qatar Computing Research Institute and Mohamed bin Zayed University developed DeBackdoor, a framework to detect hidden backdoor attacks in deep learning models used in critical systems like self-driving [...]
SHELBY malware: GitHub C2, data theft
Elastic Security Labs has discovered a complex malware campaign, REF8685, targeting Iraq's telecom sector. The campaign uses a new malware family, SHELBY, which exploits GitHub for command-and-control (C2), data exfiltration, [...]
Fake Snow White downloads spread malware to viewers
With no official streaming release for the new Snow White, many users are resorting to piracy, making them vulnerable to cyber threats. Veriti researchers uncovered a campaign where attackers distribute [...]
46 flaws: solar inverters open to attack
Forescout Vedere Labs found 46 vulnerabilities in solar inverters from Sungrow, Growatt, and SMA. Exploiting these flaws could disrupt power grids and compromise user privacy. Over 80% of solar vulnerabilities [...]
Cloudflare: password error, outage
Cloudflare's 1-hour outage, affecting services like R2 storage and Cache Reserve, was caused by a faulty credential rotation in the R2 Gateway service. All about the outage The outage occurred [...]
CrushFTP warns: unauthorized access via HTTP(S)
CrushFTP and Next.js face critical vulnerabilities, raising security concerns. Rapid7 warns these flaws could lead to data breaches and unauthorized access. All about the Vulnerability Next.js Vulnerability (CVE-2025-29927) A critical [...]
Malicious AI tools up 200%, ChatGPT jailbreaks +52%
In 2024, AI-related threats grew as cybercriminals increasingly targeted large language models (LLMs). KELA’s “State of Cybercrime” report found a 94% rise in discussions on exploiting LLMs like ChatGPT, Copilot, [...]
Banking malware hits 248,000 mobile users via social engineering
In 2024, mobile banking malware affected nearly 248,000 users, a 3.6x jump from 69,000 the previous year. The surge was most significant in the year's second half, highlighting growing threats [...]
WordPress plugin vulnerability exposes websites to SQL injection
A critical vulnerability in the popular WordPress plugin GamiPress, identified as CVE-2024-13496, allows unauthenticated SQL injection attacks and carries a high CVSS 3.1 score of 7.5, highlighting its serious risk. [...]
Chinese ‘Web Shell Whisperer’ exploits shells and tunnels for stealthy access
Sygnia uncovered a cyber espionage operation by a China-linked group, “Weaver Ant.” The group targeted a major Asian telecom company, using web shells and tunnels for persistent access and espionage. [...]
A recent update’s code error caused the Outlook Web outage, Microsoft reports
Microsoft experienced a major outage on March 19, 2025, affecting Outlook on the web. The issue was caused by a code error in a recent update, preventing many users from [...]
Dragon RaaS leads crimeware with new attack tactics
Dragon RaaS, a ransomware group blending hacktivism and cybercrime, has become a key player in the “Five Families” syndicate, alongside ThreatSec, GhostSec, Blackforums, and SiegedSec. Emerging in July 2024 as [...]
Zero-Hour Phishing Attacks Increase by 130%
Menlo Security's annual Browser Security Report reveals a 130% increase in zero-hour phishing attacks and growing use of generative AI in cybercrime. The report analyzed over 752,000 browser-based phishing attacks, [...]
New malware uses JPEG files to hide and spread infostealers
A new cyber threat hides malware in JPEG images to steal credentials. Users download seemingly harmless images, which extract sensitive data from browsers, emails, and FTP apps. The malware then [...]
Threat Actors Steal 3.2 Billion Credentials, Infect 23 Million Devices
Flashpoint's 2024 report reveals a sharp rise in cyber threats, with 3.2 billion stolen credentials — a 33% increase from last year — driving ransomware and data breaches. Around 2.1 [...]
VPN Vulnerabilities Emerge as Key Target for Cyber Attacks on Organizations
VPN vulnerabilities have become a major threat to organizations worldwide. Cybercriminals and state-sponsored hackers are increasingly exploiting these flaws to access sensitive networks. Key vulnerabilities like CVE-2018-13379 and CVE-2022-40684 are [...]
Warning: Malware Found in Free Word-to-PDF Converters
The FBI warns that free file conversion tools are being used to spread malware. The FBI’s Denver Field Office calls this scam “rampant,” targeting users looking to convert files like [...]
Millions of RSA keys exposed: major flaws
A recent study revealed a major vulnerability in RSA keys, especially in IoT devices. Researchers found that about 1 in 172 keys share a factor with another, making them vulnerable [...]
Wazuh SIEM vulnerability enables remote code execution
A critical vulnerability, CVE-2025-24016, has been found in the Wazuh SIEM platform, affecting versions 4.4.0 to 4.9.0. Wazuh SIEM vulnerability It allows attackers with API access to remotely execute arbitrary [...]
RansomHub via SocGholish, compromised sites
Threat actors behind SocGholish are now using hacked websites to spread RansomHub ransomware. The attack starts with compromised sites delivering malicious JavaScript to visitors. RansomHub via SocGholish SocGholish, a JavaScript-based [...]
SSRF Vulnerabilities Targeted by 400+ IPs in Coordinated Attack
GreyNoise has reported a coordinated wave of attacks exploiting Server-Side Request Forgery (SSRF) vulnerabilities across various platforms. According to the firm, over 400 IP addresses were identified actively targeting multiple [...]
Juniper Junos OS Vulnerability Exploited, CISA Warns
CISA has warned about a Junos OS vulnerability (CVE-2025-21590) in Juniper Networks. This flaw allows high-privileged local attackers to inject code, risking system compromise. It stems from weak security restrictions [...]
DCRat Malware Uses YouTube for Credential Theft
In 2025, a new wave of DCRat backdoor attacks has emerged, using the Malware-as-a-Service (MaaS) model. Cybercriminals behind this campaign distribute the malware and offer technical support and infrastructure for [...]
PHP XXE Vulnerability Exposes Config Files and Private Keys
A newly discovered XML External Entity (XXE) injection vulnerability in PHP allows attackers to bypass security measures and access sensitive configuration files and private keys. PHP XXE Vulnerability Web security [...]
CISA Warns of Windows Win32 Kernel Vulnerability
CISA has warned about a critical Windows Win32 kernel vulnerability, identified as CVE-2025-24983. This use-after-free flaw in the Win32k component could let authorized attackers gain elevated privileges. It falls under [...]
Android Zygote Flaw Enables Code Execution and Privilege Escalation
A major vulnerability, CVE-2024-31317, has been discovered in Android, allowing attackers to exploit the Zygote process for system-wide code execution and privilege escalation. This flaw affects devices running Android 11 [...]
New Rust Code in Linux Kernel Addresses Memory Bugs
Rust in the Linux kernel enhances memory safety, a key focus in development. Launched in 2021 by Miguel Ojeda, Rust for Linux aims to reduce vulnerabilities in new drivers and [...]
iOS 18.4 Beta 3: New Features
Apple released iOS 18.4 Beta 3 on March 10, 2025, for developers (build number 22E5222f). While no major new features are reported, this update likely focuses on bug fixes and [...]
Critical Flaw in Microsoft’s Time Travel Debugging Tool Hides Attacker Activity
Microsoft’s Time Travel Debugging (TTD) tool, used to record and replay Windows programs, has critical bugs in how it handles CPU instructions, according to Mandiant. These flaws can weaken security [...]
Microsoft Warns Silk Typhoon Hackers Target IT Supply Chain via Cloud
Microsoft says Silk Typhoon is now targeting remote management tools and cloud apps for access, showing a wide and fast exploitation strategy. Since late 2024, Silk Typhoon has been using [...]
LummaStealer Threat Hidden in Fake CAPTCHAs: Silent Installation Alert
Cybersecurity researchers at G DATA have discovered a new malware campaign using fake booking websites to spread LummaStealer malware via fake CAPTCHA prompts. This shift in distribution, found in January [...]
Cisco Webex for BroadWorks Flaw Could Expose User Credentials
Cisco has disclosed a vulnerability in Webex for BroadWorks that could let attackers intercept user credentials and data in certain setups. The issue, tracked as CSCwo20742, affects Release 45.2 on [...]
10,000+ WordPress sites exposed by donation plugin vulnerability
A serious flaw in the popular GiveWP Donation Plugin has put over 10,000 WordPress sites at risk of remote code execution since March 3, 2025. Known as CVE-2025-0912, this bug [...]
Google’s Email Shield hides your real email from apps
Google is developing Shielded Email, a tool that creates disposable email aliases to protect users’ real Gmail addresses when signing up for apps and services, helping to reduce spam. Discovered [...]
Android Phones Unlocked via Cellebrite Zero-Day Exploit
Amnesty International’s Security Lab discovered a cyber-espionage campaign in Serbia, where authorities used a zero-day exploit chain from Cellebrite to unlock a student activist's Android phone. Cellebrite Zero-Day Exploit The [...]
Chinese Hackers Exploit Check Point VPN Zero-Day
Chinese hackers exploited a patched Check Point VPN flaw (CVE-2024-24919) to target organizations in Europe, Africa, and the Americas, researchers say. All about the attack The attacks, from June 2024 [...]
Hackers Can Break Into Car Cameras in Minutes by Exploiting Security Flaws
At Black Hat Asia 2025, experts will reveal a major flaw in modern dashcams, showing how hackers can use these devices to steal data and invade privacy. The talk, DriveThru [...]
Pass-the-Cookie attacks bypass MFA, granting full account access
Pass-the-Cookie attacks let hackers bypass MFA using stolen browser cookies, putting corporate accounts at risk across Office 365, Azure, and more. MFA works by verifying users through multiple factors, but [...]
Cisco Nexus Vulnerability Allows Malicious Command Injection
Cisco has released a critical advisory for a command injection vulnerability (CVE-2025-20161) affecting its Nexus 3000 and 9000 Series switches running in standalone NX-OS mode. Cisco Nexus Vulnerability This flaw [...]
The SafetyCore app from Google scans photos on Android devices
Recent reports show Google’s SafetyCore service, which scans content on devices, has been quietly installed on Android 9 and newer devices since October 2024. SafetyCore app The app, named com.google.android.safetycore, [...]
WordPress Plugin Flaw Exposes Millions to Script Injection
A critical flaw in the Essential Addons for Elementor plugin, affecting over 2 million WordPress sites, exposes them to script injection attacks through malicious URL parameters. WordPress Plugin Flaw The [...]
GRUB2 Vulnerabilities Put Millions of Linux Devices at Risk
GRUB2 vulnerabilities expose millions of Linux devices to secure boot bypass and remote code execution. Discovered during a security audit, these flaws impact filesystem parsing, memory management, and network settings. [...]
Updated TgToxic Malware Now Steals Login Credentials
The TgToxic Android malware, first found in July 2022, has been updated to better steal login credentials and financial data. Initially targeting Southeast Asia through phishing and fake apps, it [...]
Linux Systems Under Attack: New Auto-Color Malware Grants Remote Access
Palo Alto Networks researchers have discovered a new Linux malware, "Auto-Color," which poses a serious threat due to its advanced evasion methods and ability to give attackers full remote access [...]
Google Warns of Phishing Attacks on Higher Education Institutions
Google and Mandiant warn of rising phishing attacks on U.S. higher education, exploiting academic schedules and institutional trust since August 2024. All about the attack These phishing attacks, active since [...]
Sliver C2 Server Flaw Enables TCP Hijacking and Data Interception
A critical flaw (CVE-2025-27090) in the Sliver C2 server allows attackers to hijack TCP connections using SSRF, enabling traffic interception and manipulation. Sliver C2 Server Flaw The vulnerability impacts Sliver [...]
Cybercriminals Deploy XLoader Malware Using Eclipse Jarsigner in ZIP Archives
A malware campaign spreading XLoader malware uses DLL side-loading by exploiting a legitimate Eclipse Foundation tool, jarsigner, which is part of the IDE package. The malware is distributed via ZIP [...]
Phishing targets CEOs, CTOs, and top decision-makers
A recent phishing campaign by Hackmosphere exposed vulnerabilities among top decision-makers, like CEOs and CTOs. The study highlights how cybercriminals use social engineering tactics to target high-ranking executives, stressing the [...]
Fake Chrome Update Drops DriverEasy Malware via Dropbox
Researchers discovered that the malware, disguised as a Chrome update, uses Dropbox’s API to steal credentials and is linked to North Korea’s “Contagious Interview” cyber-espionage campaign. Fake Chrome Update Installs [...]
PoC exploit released for vulnerabilities in Ivanti Endpoint Manager
Researchers found four critical Ivanti EPM vulnerabilities allowing unauthenticated attackers to exploit machine credentials for relay attacks. Patched in January 2025 after discovery in October 2024. All about the Ivanti [...]
New LLM Vulnerability Puts AI Models Like ChatGPT at Risk
A newly discovered vulnerability in LLMs like ChatGPT raises concerns about adversarial attacks, where techniques like prompt injection can manipulate outputs or expose sensitive data. All about LLM Vulnerability Prompt [...]
Researchers Seek to Strengthen MITRE ATT&CK Against New Threats
A recent study from the National University of Singapore and NCS Cyber Special Ops R&D examines how to improve the MITRE ATT&CK framework to address evolving cyber threats, based on [...]
Obfuscated .NET sectopRAT mimics a Chrome extension
SectopRAT (Arechclient2) is a highly obfuscated .NET-based Remote Access Trojan (RAT). Researchers recently found it posing as a fake Google Docs Chrome extension, enhancing its stealth and data-theft capabilities. Obfuscated [...]
Malware on WordPress sites lets hackers run remote code
Researchers found malware targeting WordPress sites, using backdoors for remote code execution. The attacks exploit vulnerabilities, highlighting the need for better security. WordPress Vulnerabilities Attackers placed malicious scripts in the [...]
RansomHub Now Targets Windows, ESXi, Linux, and FreeBSD
RansomHub has rapidly emerged as a major cybercrime syndicate in 2024–2025, expanding its arsenal to target Windows, VMware ESXi, Linux, and FreeBSD in global attacks. The group employs advanced evasion [...]
Burp Suite 2025.2 Released with AI Integration
PortSwigger released Burp Suite 2025.2, adding AI integration to the Montoya API for smarter, AI-powered extensions. Bug Fixes and Browser Updates: A bug fix corrects the display of source IP [...]
Chinese APT Group Actively Exploiting New Windows UI 0-Day Vulnerability
ClearSky Cyber Security has identified a UI vulnerability in Microsoft Windows exploited by Mustang Panda, a threat actor linked to Chinese state interests. The flaw manipulates file visibility during RAR [...]
WordPress Plugin Flaw Allowed Hackers to Target 30,000 Websites
A subgroup of Russia’s state-backed hacker group Seashell Blizzard (Sandworm) has ramped up cyberattacks under a campaign called BadPilot. This long-running operation now targets critical infrastructure worldwide, expanding beyond Ukraine [...]
OpenAI Creating Its Own Chip to Cut Nvidia Dependence
OpenAI is advancing its efforts to reduce reliance on Nvidia by developing its first in-house AI chip. The company is finalizing the chip’s design, which will soon be sent to [...]
New York Bans DeepSeek Due to Potential Data Risks
New York Governor Kathy Hochul announced a ban on the use of the China-based AI startup DeepSeek on government devices and networks. The decision comes amid rising concerns over potential [...]
Microsoft Patch Tuesday (Feb 2025): 61 Vulnerabilities, 25 RCE, 3 Zero-Day
Microsoft’s February 2025 Patch Tuesday fixes multiple vulnerabilities, including critical RCE and privilege escalation flaws. Users and organizations should update immediately to stay protected. All about the vulnerability The February [...]
Fortinet Zero-Day Exploited to Hijack Firewall & Gain Super Admin
Fortinet has issued an urgent warning about a critical zero-day vulnerability (CVE-2025-24472) in FortiOS and FortiProxy. The flaw allows remote attackers to bypass authentication and gain super-admin privileges by exploiting [...]
Microsoft SharePoint Connector flaw enables credential theft
A critical SSRF flaw in Microsoft Power Platform’s SharePoint connector let attackers steal credentials and impersonate users across multiple services. The patched vulnerability posed major risks to organizations using SharePoint. [...]
Apple 0-Day Vulnerability Exploited in Highly Sophisticated Attacks
Apple released iOS 18.3.1 and iPadOS 18.3.1 to fix a zero-day vulnerability exploited in targeted attacks by bypassing USB Restricted Mode. This feature blocks unauthorized USB access when a device [...]
Hackers are brute-forcing web login pages of popular firewalls
ShadowServer reports a surge in brute-force attacks on edge device logins, with up to 2.8 million IPs daily, mainly from Brazil, targeting firewalls, VPNs, and IoT systems from major vendors. [...]
New Malware Targets Indian Bank Users for Aadhar, PAN, and PIN Theft
A recent cybersecurity threat in India targets users of various banks with a sophisticated malware campaign. Discovered by the zLabs research team, the campaign includes nearly 900 malware samples aimed [...]
MacOS password-stealing malware is spreading rapidly
MacOS users are seeing a sharp rise in password-stealing malware, spread through fake apps and ads. Leading threats include “Atomic Stealer,” “Poseidon Stealer,” and “Cthulhu Stealer,” each using unique tactics, [...]
Critical IBM Cloud Pak Vulnerabilities Expose Systems to Remote Code Execution
IBM released critical updates for Cloud Pak for Business Automation, fixing vulnerabilities that could expose sensitive data, disrupt operations, or compromise systems. The updates apply to versions 21.0.3 and 24.0.0, [...]
Zero-Day Flaws in Sysinternals Enable DLL Injection on Windows
A zero-day vulnerability in Microsoft Sysinternals tools exposes Windows systems to DLL injection attacks, allowing attackers to execute malicious code and potentially compromise the system. Zero-Day Flaws in Sysinternals Enable [...]
BADBOX Botnet Infects 190,000+ Android Devices
The BADBOX botnet has infected over 192,000 Android devices worldwide, expanding from low-cost brands to major ones like Yandex TVs and Hisense phones, exposing supply chain risks. BADBOX Botnet BADBOX [...]
1-Click RCE Flaw in Voyager PHP Lets Attackers Run Arbitrary Code
A newly found flaw in Voyager PHP, a Laravel management tool, risks RCE on affected servers. Discovered via SonarQube Cloud scans, it lets authenticated users execute code by clicking a [...]
Android Update Fixes Linux Kernel RCE Flaw
On February 3, 2025, Google released the February Android Security Bulletin, fixing 47 vulnerabilities. One major flaw, CVE-2024-53104, in the Linux kernel’s UVC driver, could let attackers execute remote code [...]
Hackers Leverage AWS and Microsoft Azure for Massive Cyber Attacks
Silent Push coined “infrastructure laundering” to describe cybercriminals exploiting cloud services for illegal activities. They rent IPs from AWS and Azure, then link them to criminal sites via CDNs like [...]
Phishing Attack Hijacks X Accounts to Promote Scams
A new phishing campaign is targeting high-profile X (formerly Twitter) accounts. SentinelLABS found that attackers aim to hijack accounts of U.S. political figures, journalists, X employees, and cryptocurrency groups. Hackers [...]
Cybercriminals Use GitHub to Distribute Lumma Stealer
Trend Micro’s Managed XDR team recently uncovered a malware campaign using GitHub’s release infrastructure to spread Lumma Stealer, SectopRAT, Vidar, and Cobeacon malware. This highlights how attackers are using trusted [...]
DeepSeek’s rise fuels more fraud and phishing attacks
DeepSeek, a fast-growing Chinese AI company, has shaken up the industry and caught cybercriminals' attention. After its AI Assistant app became the top free iOS app in January 2025, surpassing [...]
Google blocked 2.28 million malicious apps from the Play Store
Google announced it blocked a record 2.28 million policy-violating apps from the Play Store in 2023. It used advanced machine learning, stricter developer checks, and industry collaborations to fight cyber [...]
New Apple SLAP & FLOP Attacks Can Steal Browser Login Details
Researchers from Georgia Tech and Ruhr University Bochum discovered two new speculative execution attacks, SLAP and FLOP, affecting Apple Silicon chips (M2/A15 and later). These flaws exploit processor optimizations, allowing [...]
Apple Releases Security Update: Patches for iOS Zero-Day and macOS
Apple released security updates for iOS, macOS, and more to address a new zero-day vulnerability, reinforcing its commitment to user safety. Patch updates On January 27, 2025, Apple released critical [...]
Microsoft Introduces Phishing Protection for Teams Chat
Microsoft has introduced a new phishing protection feature for Teams to enhance cybersecurity. The feature alerts users to potential impersonation risks in chats from external domains, a common phishing tactic. [...]
Apache Solr Flaw Grants Attackers Write Access
A new Apache Solr vulnerability, affecting versions 6.6 to 9.7.0, exposes Windows instances to risks of file manipulation and write access due to a Relative Path Traversal flaw. Tracked as [...]
Android Kiosk Tablet Flaw Let Hackers Control AC and Lights
A flaw in Android kiosk tablets at luxury hotels let attackers remotely control room functions, risking guest privacy and security, according to LAC Co., Ltd. researchers. Common in upscale hotels, [...]
Mirai Botnet Launches Record-Breaking 5.6 Tbps DDoS Attack
On October 29, 2024, the Mirai botnet launched a record-breaking DDoS attack, peaking at 5.6 terabits per second. The attack targeted a Cloudflare customer, an ISP in Eastern Asia, making [...]
Best Automated Patch Management Software in 2025
Keeping systems and applications up to date is critical for security and performance in today’s rapidly evolving digital landscape. Automated patch management solutions have become essential for organizations to ensure [...]
Helldown Ransomware Exploits Zyxel Zero-Day Vulnerability
A new ransomware, "Helldown," is exploiting vulnerabilities in Zyxel firewalls to breach corporate networks. Researchers have linked the group to attacks targeting Zyxel devices, especially those using IPSec VPN for [...]
Windows File Explorer Privilege Escalation (CVE-2024-38100) Exploited
A critical Windows File Explorer flaw, CVE-2024-38100, has been exploited, allowing attackers to gain admin-level access through an Elevation of Privilege (EoP) vulnerability. CVE-2024-38100 The flaw in the ShellWindows DCOM [...]
SQL Injection Vulnerability in Microsoft DevBlogs Enables Malicious SQL
A security researcher recently discovered a critical SQL injection vulnerability on Microsoft's DevBlogs site (https://devblogs.microsoft.com), allowing attackers to manipulate the database with malicious SQL queries, threatening platform security and data [...]
FunkSec Ransomware Leads December Attacks, Compromising 85 Victims
FunkSec, a RaaS operator, utilizes artificial intelligence to evolve threat actor strategies. While AI aids in scaling operations and generating ransomware, its sophistication remains limited. FunkSec Ransomware Recycled or fabricated [...]
ChatGPT Crawler Flaw Enables DDoS Attacks on Websites
A critical vulnerability in OpenAI's ChatGPT API allows attackers to launch DDoS attacks on arbitrary websites by exploiting how the API handles HTTP POST requests to the endpoint https://chatgpt[.]com/backend-api/attributions. The [...]
Azure DevOps flaws allow CRLF injection and DNS rebinding attacks
Security researchers have uncovered multiple Azure DevOps vulnerabilities, enabling CRLF injection and DNS rebinding attacks. Discovered by Binary Security during a client engagement, these flaws expose critical risks in the [...]
Apple is offering an Information Security Internship – Apply Now
Apple has announced an exciting Information Security Internship in London, designed for tech-savvy students passionate about starting a career in cybersecurity. This opportunity allows interns to work alongside some of [...]
Pumakit: Advanced Linux Rootkit Targets Critical Infrastructure
A highly sophisticated Linux rootkit, Pumakit, has been identified targeting critical infrastructure sectors like telecommunications, finance, and national security. Discovered by Elastic Security Labs, Pumakit highlights a growing trend of [...]
Microsoft Teams now lets users customize notification banner positions
Microsoft Teams now lets users customize banner notification positions to improve focus and productivity. This feature is available for Public Preview and Microsoft 365 Targeted Release members. Microsoft Teams New [...]
AWS Addresses Security Flaws in WorkSpaces, AppStream 2.0, and DCV
AWS has issued a critical security advisory for vulnerabilities in certain versions of its clients for Amazon WorkSpaces, AppStream 2.0, and NICE DCV, identified as CVE-2025-0500 and CVE-2025-0501. These vulnerabilities [...]
New Tool Launched to Detect Hacking Content on Telegram
A Russian developer, supported by the National Technology Initiative, has launched the Apparatus Sapiens AI module to scan Telegram chats and groups, detecting malicious content swiftly to bolster RuNet security [...]
‘Sneaky 2FA’ Phishing Kit Bypasses Microsoft 365 Authentication
Researchers have discovered "Sneaky 2FA," a phishing kit targeting Microsoft 365 accounts to steal credentials and bypass 2FA codes since October 2024. 'Sneaky 2FA' Phishing Kit The "Sneaky 2FA" phishing [...]
Exploit Enables NTLMv1 Despite Active Directory Limits
Researchers discovered a misconfiguration in on-premise applications that bypasses Active Directory Group Policy meant to disable NTLMv1, effectively rendering it ineffective, according to Silverfort's Dor Segal. NTLM, still widely used [...]
Hackers Exploit YouTube Links and Microsoft 365 Themes to Steal Logins
Cybercriminals are running advanced phishing attacks on Microsoft 365 users using fake URLs that closely resemble real O365 domains, tricking victims into trusting them. All about the attack The attackers [...]
Hackers Exploit Zero-Day in Fortinet Firewalls
Hackers are targeting Fortinet FortiGate firewalls with exposed management interfaces online. Arctic Wolf reports that between November and December 2024, attackers exploited a suspected zero-day vulnerability to gain unauthorized access [...]
Microsoft Alerts Microsoft 365 Users to MFA Issue
Microsoft has warned of an MFA issue affecting some Microsoft 365 users, blocking access to certain applications and disrupting essential operations. Microsoft announced the issue through its official MSFT365 Status [...]
Juniper Networks Flaw Allowed Remote Network Attacks
Juniper Networks disclosed CVE-2025-21598, a critical vulnerability in Junos OS and Junos OS Evolved, allowing remote attackers to exploit an out-of-bounds read in the routing protocol daemon (rpd), causing crashes [...]
LDAP Exploit Delivers Info-Stealing Malware
Cybercriminals are exploiting critical LDAP vulnerabilities (CVE-2024-49112 and CVE-2024-49113) by distributing fake proof-of-concept (PoC) exploits for “LDAPNightmare” (CVE-2024-49113). These fake PoCs, disguised as legitimate tools, trick security researchers and administrators [...]
PriveShield: Advanced Privacy with Profile Isolation
The PRIVESHIELD browser extension automatically creates isolated profiles to group websites based on browsing habits and interactions, blocking cross-site tracking and cookie-matching used for targeted ads. All about PriveShield Evaluation [...]
Chrome Update: Fixes for Multiple Security Flaws
Google has updated Chrome to version 131.0.6778.264/.265 for Windows and Mac, and 131.0.6778.264 for Linux, fixing critical security flaws. The update will roll out gradually, and users are urged to [...]
Hackers breached Argentina’s airport security payroll system
Hackers breached Argentina's Airport Security Police (PSA) payroll system, exposing sensitive employee information. They accessed salary records and altered pay slips, making unauthorized deductions between 2,000 to 5,000 pesos under [...]
WordPress Plugin Exploits Websites to Steal Customer Payment Information
Cybercriminals created PhishWP, a malicious WordPress plugin, to mimic payment gateways like Stripe for phishing attacks on compromised sites. PhishWP integrates with Telegram to steal real-time data, including credit card [...]
Android Security Update Fixes Critical RCE Vulnerabilities
The January 2025 Android Security Bulletin highlights critical vulnerabilities affecting Android devices. Users should update to security patch level 2025-01-05 or later to stay protected. Critical RCE Vulnerabilities The bulletin [...]
WordPress Plugin Flaw Puts 3 Million Sites at Risk of Injection Attacks
A critical vulnerability has been found in the UpdraftPlus: WP Backup & Migration Plugin, affecting over 3 million WordPress sites. This flaw allows unauthenticated attackers to exploit a PHP Object [...]
Critical OpenSSH Vulnerability (CVE-2024-6387) Exploit Released
A PoC exploit for the critical OpenSSH vulnerability CVE-2024-6387 has been released, enabling remote attackers to execute arbitrary code on vulnerable servers, posing serious risks to users. CVE-2024-6387 The vulnerability [...]
Apple Settles Siri Privacy Lawsuit for $95M
Apple has agreed to pay $95 million to settle a class-action lawsuit claiming Siri violated users' privacy by recording conversations without consent. The settlement, filed in federal court in Oakland, [...]
ASUS Vulnerabilities Allow Arbitrary Command Execution
ASUS warns of critical router flaws (CVE-2024-12912, CVE-2024-13062) allowing arbitrary command execution. Users are urged to update their devices immediately. ASUS Vulnerability The vulnerabilities are tied to the router firmware’s [...]
Cyberhaven Chrome Extension Compromised, Potentially Impacting 400,000 Users
Cyberhaven, a cybersecurity company, revealed that its Chrome extension, with over 400,000 users, was targeted in a cyberattack on Christmas Eve 2024. The attack was part of a larger campaign [...]
PoC Exploit Released for Oracle WebLogic Vulnerability
Researchers warn of a public PoC exploit for a critical Oracle WebLogic vulnerability. Oracle WebLogic Vulnerability The flaw, CVE-2024-21182, is a serious risk for organizations using Oracle WebLogic Server, allowing [...]
Microsoft warns of a Windows 11 24H2 issue blocking security updates
Microsoft has warned of an issue affecting Windows 11 version 24H2 that blocks critical security updates. The problem occurs when users install this version using media with the October or [...]
New Botnet exploits D-Link routers for remote control
Researchers observed increased activity from the "FICORA" and "CAPSAICIN" variants, which exploit vulnerabilities in outdated D-Link routers like DIR-645, DIR-806, GO-RT-AC750, and DIR-845L. Attackers use the HNAP protocol to execute [...]
IBM AIX TCP/IP vulnerability allows Denial of Service attacks
IBM has warned of two security flaws (CVE-2024-47102 and CVE-2024-52906) in its AIX operating system that could cause systems to crash (denial-of-service attacks). These flaws affect specific parts of AIX [...]
Adobe warns of ColdFusion file-reading vulnerability
Adobe released a critical security update for ColdFusion to address a vulnerability that allows attackers to read arbitrary files. All about the vulnerability - ColdFusion This vulnerability allows attackers to [...]
Araneida Scanner – Hackers Exploit Cracked Acunetix Scanner
Threat analysts report the “Araneida Scanner,” based on a cracked Acunetix version, is used for illegal activities like data scraping and exploiting vulnerabilities. Sold on Telegram, it’s actively used by [...]
Node.js systeminformation Package Enables RCE Attacks
A critical command injection vulnerability in the systeminformation npm package, CVE-2024-56334, exposes millions of systems to RCE and privilege escalation attacks. The flaw affects versions ≤5.23.6 and lies in the [...]
Malicious Amazon Appstore apps record screens and intercept OTPs
The “BMI CalculationVsn” app on the Amazon App Store secretly collects sensitive data, like app package names and SMS messages, posing a privacy risk. Its true intent appears to be [...]
Skuld Malware Exploits Windows Utilities Packages
Researchers uncovered a malware campaign in the npm ecosystem, where “k303903” used fake packages to spread the Skuld info stealer, compromising hundreds of machines before removal. Skuld Malware Analysis shows [...]
BADBOX botnet hacked 74,000 Android devices with remote codes
BADBOX is a cybercriminal operation that infects Android devices, like TV boxes and smartphones, with malware before they are sold. These devices, often sold through trusted retailers, pose a major [...]
Malicious supply chain attacks shift from npm to VSCode Marketplace
Researchers have observed a rise in malicious activity on the VSCode Marketplace, exposing its vulnerability to supply chain attacks similar to those previously seen in the npm community. Malicious actors [...]
Careto: A Notorious Threat Group Targets Windows with Microphone Recording and File Theft
Recent research links The Mask group to a 2022 attack on a Latin American organization, exploiting an MDaemon email server and WorldClient webmail for persistent access. The initial compromise method [...]
New VIPKeyLogger in Office Docs Steals Credentials
VIPKeyLogger, similar to the Snake Keylogger, spreads through phishing campaigns via attachments disguised as archive or Microsoft 365 files. It uses malicious Office documents to connect to C2 servers and [...]
Hackers Exploit Windows Management Console for Backdoor Payloads
The FLUX#CONSOLE campaign exploits .MSC files to deploy backdoor malware, highlighting advanced phishing and Windows feature abuse. The FLUX#CONSOLE campaign is a multi-stage attack aimed at delivering backdoor malware. It [...]
Malicious ads on CAPTCHA pages spread password stealers
Cybercriminals are using fake CAPTCHA pages to spread password-stealing malware. These fake CAPTCHAs, often appearing as pop-ups, trick users into running harmful PowerShell commands through malicious ads, mimicking legitimate verification [...]
Hackers exploit Apache Struts2 flaw to upload malware
Hackers are exploiting a new Apache Struts2 vulnerability (CVE-2024-53677) with a critical CVSS score of 9.5, posing severe risks. Apache Struts2 flaw Apache Struts2 recently announced a vulnerability with path-traversal, [...]
Hackers Exploit Microsoft Teams for Remote System Access
Hackers used Microsoft Teams to trick victims into granting remote system access, showcasing advanced social engineering tactics, according to Trend Micro. All about the attack - Microsoft Teams Exploit The [...]
Dell Security Update Patches Multiple Critical Vulnerabilities
Dell Technologies has issued a security advisory for critical vulnerabilities that could be exploited by attackers. Customers should update their systems to fix two critical CVEs affecting multiple Dell products. [...]
Stealthy Linux Malware PUMAKIT Escalates Privileges
Researchers at Elastic Security Labs discovered PUMAKIT, a Linux malware using stealth and unique privilege escalation to persist on infected systems. PUMAKIT has a multi-stage setup, including a dropper, two [...]
Emoji Exploit Targets iOS Messenger Group Calls
A new vulnerability in Facebook Messenger for iOS could disrupt group calls by exploiting emoji reactions. Discovered by Signal 11 Research in version 472.0.0 and analyzed in version 477.0.0, this [...]
Skoda and Volkswagen car vulnerabilities allow hackers to track users remotely
Researchers have found vulnerabilities in the infotainment systems of some Skoda and Volkswagen cars, which could let hackers track users and access sensitive data remotely. PCAutomotive, an automotive cybersecurity firm, [...]
Microsoft 365 Services Affected: Web Apps and Admin Center Down
Microsoft is investigating a widespread outage that impacted access to Microsoft 365 web apps and the admin center. Users experienced issues connecting to services like Outlook, OneDrive, and other Office [...]
Meeten Malware Targets macOS and Windows to Steal Logins
Realst malware targets Web3 professionals using fake companies like "Meetio" with AI-generated content. Victims are lured into downloading malicious meeting apps during fake video calls. Meeten Malware Realst is a [...]
Microsoft Patch Tuesday : 71 Vulnerabilities Fixed
Microsoft’s final Patch Tuesday of 2024 addresses 71 vulnerabilities, including 16 critical ones and a zero-day. This update highlights Microsoft’s commitment to improving product security and safeguarding users from cyber [...]
Critical Qlik Sense RCE vulnerability discovered
A critical vulnerability in Qlik Sense for Windows may allow remote code execution. It affects all versions up to the May 2024 Patch 9 release. The "High" severity vulnerability in [...]
Cipla Allegedly Hacked, Akira Ransomware Claims 70GB Data Stolen
Cipla, an Indian pharmaceutical company, has reportedly been attacked by the Akira ransomware group. The hackers claim to have stolen 70GB of sensitive data. This breach has raised concerns about [...]
Google Launches Vanir: An open-source tool for validating security patches
Google has launched Vanir, an open-source tool to simplify and automate security patch validation. First previewed at the Android Bootcamp in April, Vanir helps Android developers and OEMs quickly adopt [...]
SonicWall Flaws Enable Remote Code Execution
SonicWall warns of critical flaws in SMA 100 series appliances, enabling remote code execution, authentication bypass, and system compromise. SonicWall advises users to update their SMA 200, 210, 400, 410, [...]
HCL DevOps Deploy & Launch Vulnerable to HTML Injection
A newly discovered vulnerability in HCL Software's DevOps Deploy and Launch platforms, CVE-2024-42195, allows attackers to insert arbitrary HTML tags into the web UI, which could expose sensitive information. CVE-2024-42195 [...]
ChatGPT Next Web Vulnerability Allows SSRF Exploits via Endpoint
Researchers reported CVE-2023-49785, a critical ChatGPT Next Web (NextChat) vulnerability, raising cybersecurity concerns over its SSRF exploitation potential. NextChat is a web interface for large language models (LLMs) like ChatGPT, [...]
ElizaRAT Uses Google, Telegram, & Slack for C2 Communications
APT36, a Pakistani cyber-espionage group, now uses ElizaRAT, a Windows RAT with advanced evasion and C2 features, to target Indian government, diplomats, and military. APT36 uses Windows, Linux, and Android [...]
Hackers Exploit Windows Event Logs for Manipulation and Data Theft
Hackers exploit wevtutil.exe for LOLBAS attacks, enabling command execution, payload downloads, and persistence while bypassing security. wevtutil.exe is a Windows tool for managing event logs, but attackers can misuse it [...]
Apple Safari JavaScriptCore RCE Vulnerability Actively Exploited
CVE-2024-44308, a critical Safari vulnerability, has been actively exploited, impacting iOS, visionOS, and macOS. Affected Software and Versions The CVE-2024-44308 vulnerability impacts several Apple platforms, as summarized below: SoftwareAffected VersionPatched [...]
Amazon GuardDuty Gains AI/ML Threat Detection for Cloud Security
Amazon has improved cloud security with AI/ML threat detection in GuardDuty. This new feature enhances threat detection by using AWS's cloud visibility and scale to better protect applications, workloads, and [...]
HPE IceWall Flaw Enabled Unauthorized Data Changes
HPE has released a security alert about a critical flaw in its IceWall product, CVE-2024-11856, which lets attackers remotely modify data without permission. HPE IceWall Flaw CVE-2024-11856 stems from a [...]
Uniswap Labs Announces $15.5M Bug Bounty
Uniswap Labs has launched a $15.5 million bug bounty to secure its new protocol, Uniswap v4—the largest bounty in DeFi history. Uniswap v4 transforms the protocol into a full developer [...]
Matrix Orchestrates Global DDoS Attack Campaign
Cybersecurity researchers have uncovered a large-scale DDoS campaign attributed to a threat actor known as "Matrix." Despite the actor's low technical skills, the campaign demonstrates how easily accessible tools are [...]
Beware of PixPirate Malware Targeting WhatsApp Users
PixPirate malware is targeting users in Brazil, India, Italy, and Mexico, posing as a fake authentication app to steal banking data. It spreads through Smishing and WhatsApp spam from infected [...]
NVIDIA Vulnerability Enables Data Tampering and Privilege Escalation
NVIDIA has issued a critical security update for a major vulnerability in its Unified Fabric Manager (UFM) products. Identified as CVE-2024-0130, the flaw has a high CVSS v3.1 score of [...]
Exploitation of ProjectSend Authentication Vulnerability Discovered in the Wild
ProjectSend, an open-source file-sharing web app, is actively being exploited after CVE-2024-11680 was assigned on November 25, 2024. Despite a patch being available for over a year, many instances remain [...]
New Stealthy GodLoader Malware Targets Multiple Platforms
GodLoader malware, discovered by Check Point, stealthily infects Windows, macOS, Linux, Android, and iOS, using the Godot Engine to evade antivirus detection. GodLoader Malware GodLoader uses the Godot Engine’s scripting [...]
RomCom Hackers Exploit Windows Zero-Days & Firefox Vulnerability
The Russian-aligned group RomCom exploited two critical zero-day vulnerabilities in Mozilla Firefox and Windows in a sophisticated cyber-espionage campaign, allowing attackers to execute malicious code without user interaction. The first [...]
Huge Credit Card Breach: Database of Over 1.2 Million Cards Found on Dark Web
A major data breach has caused widespread concern, as a database with sensitive financial details of over 1.2 million credit cards was leaked on the dark web. Cybersecurity sources report [...]
Meta has taken down 2 million malicious accounts
Meta has removed over 2 million accounts involved in malicious activities, including complex fraud schemes like "pig butchering." This action is part of Meta’s ongoing efforts to fight criminal networks [...]
Python NodeStealer Targets Facebook Business Accounts for Credential Theft.
The Python-based NodeStealer has evolved, now targeting Facebook Ads Manager budgets, stealing credit card info, and browser credentials. It uses Windows Restart Manager to unlock databases and employs obfuscation techniques [...]
Helldown Ransomware Targets ESXi and Linux
Helldown, a new ransomware group, has been exploiting vulnerabilities to breach networks and compromise victims since August 2024, with 28 breaches reported so far. They have been leaking stolen data [...]
Two Malicious PyPi Packages Mimicking ChatGPT & Claude Steal Developer Data
Two malicious Python packages pretending to be tools for ChatGPT and Claude were found on PyPI, the official Python library repository. They went undetected for over a year, compromising developer [...]
Trend Micro Deep Security Flaw Allows Remote Code Execution
Trend Micro has revealed a critical vulnerability in Deep Security 20 Agent that could allow remote code execution on affected systems. All about the Vulnerability - CVE-2024-51503 The vulnerability, identified [...]
Hackers Exploit Misconfigured Servers to Stream Live Sports
Recent threat analysis examined outbound traffic and binaries in container environments. Researchers, using honeypot data and threat intelligence, flagged unusual network events involving the tool ffmpeg. While not malicious itself, [...]
Apache Kafka Vulnerability Enables Privilege Escalation
A new vulnerability, CVE-2024-31141, was found in Apache Kafka Clients, allowing attackers to escalate privileges and gain unauthorized file access. Rated as Moderate, it affects several versions and is a [...]
Citrix Virtual Apps & Desktops Zero-Day Actively Exploited
A critical unpatched vulnerability has been found in Citrix Virtual Apps and Desktops, now being actively exploited. The flaw, revealed by Watchtowr Labs, poses a significant risk, especially in remote [...]
Zohocorp ADAudit Plus SQL Injection Vulnerability
Zoho released a security update for a critical SQL injection flaw in ADAudit Plus (CVE-2024-49574), fixed in version 8123 on November 8, 2024. The SQL injection vulnerability was found in [...]
CISA Warns of Exploited Palo Alto Networks Vulnerabilities
CISA issued an urgent alert for two Palo Alto Networks vulnerabilities, CVE-2024-9463 and CVE-2024-9465, which are actively being exploited by cybercriminals. These vulnerabilities pose serious risks, especially to federal systems. [...]
Chinese SilkSpecter hackers targeting Black Friday shoppers
Chinese hacker group SilkSpecter launched a phishing campaign targeting Black Friday shoppers in Europe and the USA, using Stripe to steal card data while allowing legitimate transactions. SilkSpecter's Phishing Campaign [...]
4M+ WordPress Sites Vulnerable After Plugin Flaw
Critical flaw found in 'Really Simple Security' WordPress plugin, risking 4M+ sites. CVE-2024-10924 allows potential remote attacks and unauthorized admin access. CVE-2024-10924 The vulnerability impacts versions 9.0.0 to 9.1.1.1 of [...]
Windows 0-Day Exploited with Single Right Click
A recently discovered zero-day vulnerability, CVE-2024-43451, is being actively exploited, targeting Windows systems across multiple versions. Identified by the ClearSky Cyber Security team in June 2024, this vulnerability has been [...]
Google to Issue CVEs for Major Cloud Security Flaws
Google Cloud will start issuing CVEs for critical vulnerabilities in its services, aiming to boost transparency and security. This step highlights Google’s commitment to helping organizations guard against threats and [...]
Critical Flaw Found in Dell SONiC
Dell Technologies has revealed critical vulnerabilities in its Enterprise SONiC OS (versions 4.1.x and 4.2.x), which could allow attackers to take control of affected systems. Users are urged to upgrade [...]
Amazon Confirms Employee Data Breach Through Third-Party Vendor
Amazon confirmed that employee data was exposed due to a breach at a third-party vendor, which exploited a critical vulnerability in MOVEit file transfer software. The CVE-2023-34362 vulnerability, first reported [...]
Hackers Use Google Ads to Distribute Fakebat Malware
Researchers have found that Fakebat malware is again being spread through malicious Google Ads, targeting users searching for popular productivity software. Malwarebytes flagged an ad impersonating the app Notion. The [...]
Roblox Devs Targeted with Malicious npm Packages
Researchers found five malicious npm packages targeting Roblox developers, stealing credentials and personal data. These packages, including autoadv, ro.dll, node-dlls, and two rolimons-api versions, mimic legitimate modules commonly used by [...]
Hackers Use Malicious Excel Files to Deliver Remcos RAT to Windows Users
Hackers exploit Excel documents due to their popularity and built-in vulnerabilities. With VBA macros now blocked by default, they have turned to using “.XLL” files to deliver malware. Hackers Use [...]
Watch Out for Fake Copyright Claims Spreading Rhadamanthys Stealer
CheckPoint security experts recently warned about fake copyright claims spreading Rhadamanthys stealer malware. Stealer malware is designed to infiltrate computers and steal sensitive data. Once installed, it connects to a [...]
Cisco Vulnerability Allowed Attackers to Execute Commands as Root
A critical vulnerability in Cisco Unified Industrial Wireless Software, affecting Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points, has been discovered. CVE-2024-20418 Tracked as CVE-2024-20418, this flaw allows unauthenticated remote attackers [...]
ToxicPanda Malware Targets Bank Users
Recent research has identified a new Android malware strain, initially mistaken for TgToxic, now called ToxicPanda. Although it shares some bot command similarities, ToxicPanda’s code diverges significantly, lacking key TgToxic [...]
Threat Actor Leaks Alleged Nokia Source Code
The threat actor known as IntelBroker, along with EnergyWeaponUser, has claimed responsibility for a major data breach involving Nokia’s proprietary source code. This news has shaken the tech industry and [...]
ClickFix Malware Targets GMeet, Zoom Pages
The “ClickFix” tactic exploits fake Google Meet and Zoom pages to deliver advanced malware, mimicking legitimate video conferencing platforms used for business and personal communication. The Sekoia TDR team monitors [...]
Hackers Bypass Endpoints with EDRSandBlast
Palo Alto Networks’ Unit 42 recently found that hackers are using AV and EDR bypass tools from cybercrime forums to evade endpoint security. EDRSandBlast An extortion probe revealed two outdated [...]
Spectre Flaw Persists in AMD, Intel CPUs
Researchers have shown an exploit for the Spectre Flaw, targeting the Indirect Branch Predictor Barrier (IBPB) vulnerability. This issue affects modern AMD and Intel CPUs and may result in data [...]
SYS01 InfoStealer Malware Targets Meta Business Page
The Meta malvertising campaign, active for over a month, spreads SYS01 InfoStealer by disguising it within ElectronJs apps, presented as legitimate tools like video editors, productivity software, and streaming services. [...]
Evasive Panda Targets Cloud Services with New Toolkit to Steal Data
Evasive Panda deployed a new C# tool, CloudScout, in early 2023 to target a Taiwanese government entity. CloudScout uses modules to hijack web sessions, accessing services like Google Drive, Gmail, [...]
Critical Chrome Security Vulnerabilities Fixed
Google has released a Chrome update addressing critical vulnerabilities, safeguarding millions of users. The latest Stable version, 130.0.6723.91/.92, is now rolling out for Windows, Mac, and Linux, with Extended Stable [...]
Hackers Exploit SonicWall VPNs with Fog Ransomware
Recent cyberattacks by Akira and Fog threat actors have targeted multiple industries by exploiting a vulnerability (CVE-2024-40766) in SonicWall SSL VPN devices, using malicious VPN logins from VPS-hosted IP addresses [...]
WrnRAT Delivered as Gambling Games
WrnRAT is a new malware that cybercriminals deploy by disguising it as popular gambling games like Badugi, Go-Stop, and Hold'em. WrnRAT Malware Attackers set up a fake gambling website that [...]
Realtek SD Card Driver Flaw Impacts Laptops
Multiple vulnerabilities in the Realtek SD card reader driver, RtsPer.sys, affect laptops from major brands like Dell and Lenovo. These flaws have existed for years, allowing users to exploit the [...]
Critical Authentication Flaw in WhatsUp Gold Exposes Organizations to Attack
WhatsUp Gold, a popular network monitoring tool, has a critical vulnerability in versions before 2024.0.0, exposing organizations to potential cyber attacks and unauthorized data access. CVE-2024-6670 and CVE-2024-6671 are critical [...]
Cisco ASA SSH Flaw Leaves Devices Vulnerable
Cisco issued a critical advisory for a vulnerability in its Adaptive Security Appliance (ASA) Software that could let remote attackers execute commands with root privileges. The flaw, CVE-2024-20329, affects devices [...]
Roundcube Webmail Vulnerability Exploited in Attacks
Stored XSS vulnerability in Roundcube Webmail is exploited in attacks on ex-USSR government agencies. Researchers identified the attack but cannot determine the perpetrators Roundcube Webmail Vulnerability cybersecurity researchers detected active [...]
GitLab Patches Critical HTML Injection Flaw Allowing XSS Attacks
GitLab released patches (17.5.1, 17.4.3, and 17.3.6) for both Community and Enterprise Editions, fixing a critical HTML injection vulnerability in the Global Search feature that could lead to XSS attacks, [...]
Lazarus APT Hackers Exploit Chrome Zero-Day via Crypto Game
Lazarus APT exploited a Chrome zero-day using a crypto-themed game as bait, showcasing the group’s evolving financial tactics and social engineering. On May 13, 2024, Kaspersky detected a new infection [...]
Critical Vulnerabilities Found in VMware vCenter Server
Broadcom has issued critical security updates for severe vulnerabilities in VMware vCenter Server that allow remote code execution and privilege escalation. The flaws, CVE-2024-38812 and CVE-2024-38813, impact multiple versions of [...]
Callback Phishing Targets Login Credentials via Google Groups
Phishing attacks trick individuals into revealing sensitive info by impersonating trusted entities, often through urgent emails with malicious links or attachments. Trustwave analysts recently warned of Callback Phishing attacks using [...]
Over 10 million personal and corporate devices hit by information stealers
Kaspersky reports nearly 10 million personal and corporate devices were compromised by data-stealing malware in 2023, a 643% rise in three years. Information stealers, which collect sensitive data like login [...]
GHOSTPULSE Malware Leverages PNG Pixel Structure for Evasion
PNG files are popular and widely used on the internet, making them a tempting target for threat actors. They can hide malicious code in these files using techniques like steganography. [...]
Hackers Impersonate ESET to Distribute Wiper Malware
Hackers posed as ESET to spread wiper malware via phishing emails starting October 8, 2024. The emails, claiming to be from “ESET’s Advanced Threat Defense Team,” warned of state-sponsored attacks [...]
Hackers use Bumblebee malware to infiltrate corporate networks
Bumblebee malware has reemerged, threatening corporate networks globally, following its first sighting since Europol’s May 2024 Operation Endgame. Bumblebee malware Bumblebee, first identified by Google's Threat Analysis Group in March [...]
Hackers Reportedly Selling Stolen Data from Cisco
A group of hackers reportedly sells sensitive data stolen from Cisco, allegedly by IntelBroker in collaboration with EnergyWeaponUser and zjj, raising concerns in the tech industry. Breach Details A post [...]
ErrorFather hackers remotely attack and control Android devices
The ErrorFather campaign, a new variant of the Cerberus banking trojan, emerged in September 2024. It uses a multi-stage dropper to spread and has seen a rise in activity, posing [...]
PureLogs, a low-cost infostealer, is targeting Chrome browsers
Infostealer malware, like the recently identified PureLogs, poses significant risks due to its low cost and ease of use, making it accessible to even low-level hackers. PureLogs is a 64-bit [...]
Hackers exploited a zero-day vulnerability in Qualcomm chips, targeting Android users
Hackers exploit a zero-day vulnerability (CVE-2024-43047) in Qualcomm chipsets, risking millions of Android users globally. The flaw stems from memory corruption in DSP Services. Zero-day vulnerability in Qualcomm chips Google’s [...]
Foxit PDF Reader vulnerability allows attackers to execute arbitrary code
Researchers revealed six new vulnerabilities, including a critical one in Foxit PDF Reader that allows arbitrary code execution. Three flaws were also found in Veertu's Anka Build, threatening CI/CD environments [...]
Mozilla warns of a Firefox zero-day vulnerability actively exploited in cyberattacks
A critical use-after-free vulnerability in Firefox and Firefox Extended Support Release (ESR) is being actively exploited in cyberattacks. Mozilla has issued a warning about a critical zero-day vulnerability in Firefox, [...]
CISA warns of active exploitation of Microsoft zero-day vulnerabilities
CISA warns of two critical Microsoft zero-day vulnerabilities, CVE-2024-43572 and CVE-2024-43573, actively exploited in the wild. CVE-2024-43572 The first vulnerability, CVE-2024-43572, affects the Microsoft Windows Management Console, allowing attackers to [...]
Hackers breached the president’s account of a Japanese aerospace company
Hackers infiltrated JAXA, compromising top officials' accounts, including President Hiroshi Yamakawa, in a series of cyberattacks since June 2023. Since mid-2023, JAXA has been hit by four significant cyberattacks. In [...]
LemonDuck malware targets Windows servers by exploiting SMB vulnerabilities
Attackers used the EternalBlue vulnerability to access the observatory farm, create a hidden admin share, and run a malicious batch file named p.bat, which opened firewall ports, set up port [...]
Cacti vulnerability allows attackers to execute remote code
A critical vulnerability in the Cacti network monitoring tool, discovered in version 1.2.28, could allow attackers to execute remote code on affected systems. This flaw is particularly concerning for system [...]
CVE-2024-30052: RCE vulnerability in Visual Studio via dump files
A researcher identified a method to exploit Visual Studio by executing arbitrary code during the debugging of managed dump files, without needing memory corruption or specific PDB file components. By [...]
WarmCookie malware spreads via fake update campaign in France
FakeUpdate, a fake browser update scam, is now targeting users in France, aiming to deploy the WarmCookie backdoor malware. FakeUpdate Spreads WarmCookie as Chrome, Edge Updates Researchers at Gen Threat [...]
Perfctl malware targets millions of Linux servers
Perfctl, a stealthy malware, is actively targeting millions of Linux servers worldwide. Discovered by Aqua Nautilus researchers, it exploits over 20,000 different server misconfigurations. This campaign has been ongoing for [...]
Arc Browser Launches Bug Bounty Program After RCE Vulnerability
The Browser Company has launched a Bug Bounty Program for its Arc Browser after quickly resolving a remote code execution (RCE) vulnerability, as announced by CEO Josh, highlighting their commitment [...]
Chrome vulnerabilities enable attackers to run arbitrary code
Google released a Chrome update fixing critical vulnerabilities that could allow arbitrary code execution. Version 129.0.6668.89/.90 is now available for Windows, Mac, and Linux. All about the chrome vulnerabilities Three [...]
New XWorm variant spreads via Windows script files
XWorm is a malware known for its obfuscation techniques and ability to evade detection, posing a significant cybersecurity threat. NetSkope recently found a new variant delivered via a Windows script [...]
Hackers targeting Docker Swarm, Kubernetes, and SSH servers in large-scale attacks
Hackers are exploiting Docker Swarm, Kubernetes, and SSH servers, targeting Docker API vulnerabilities as the entry point in a widespread malware campaign, according to DataDog researchers. Large-Scale Server Exploits Threat [...]
-
Linux CUPS has multiple vulnerabilities that allow remote code execution GalleryLinux CUPS has multiple vulnerabilities that allow remote code execution
BOTNET, Exploitation, Internet Security, Linux Malware, Malware, RCE Flaw, Remote code execution, Security Advisory, Security Update, vulnerability
Linux CUPS has multiple vulnerabilities that allow remote code execution
Developers of the Linux printing system CUPS recently disclosed several vulnerabilities that could allow attackers to execute arbitrary code. Although these flaws require specific conditions to be exploited, their high [...]
GorillaBot reigns as DDoS king with 300,000+ commands
The newly emerged Gorilla Botnet has launched over 300,000 DDoS attacks across 100+ countries from September 4 to 27. A modified version of Mirai, it supports multiple CPU architectures and [...]
North Korean Hackers Tried to Steal Military Data
Diehl Defence anti-aircraft missiles are successfully intercepting Russian attacks on Kyiv, with a 100% hit rate. Germany also plans to install these systems on three new government aircraft for missile [...]
HTML smuggling enables hackers to deliver convincing phishing attacks
Phishing attackers used an HTML smuggling technique to deliver malware. The attack began with a phishing email that looked like an American Express notification, leading to several redirects. The last [...]
NIST Recommends New Password Security Rules
NIST released new password security guidelines in Special Publication 800-63B, improving cybersecurity and user experience. One of the key changes in NIST’s guidelines is their view on password complexity. Instead [...]
Watch out for fake “verify you’re human” prompts that can deliver malware
CAPTCHAs, or Completely Automated Public Turing tests, are used online to verify users are human, not bots. They usually present challenges like distorted text, image recognition tasks, or audio prompts [...]
TeamViewer Privilege Escalation Vulnerability
A critical vulnerability in TeamViewer’s Windows Remote client, CVE-2024-7479 and CVE-2024-7481, allows attackers to elevate privileges on affected systems across various versions. TeamViewer Vulnerability Flaw The vulnerability in TeamViewer arises [...]
Google Warns of North Korean IT Workers Infiltrating U.S. Workforce
Recently, Google alerted organizations about North Korean IT workers acting on behalf of hackers. Organizations today face rising cybersecurity threats that can cause major financial and reputational harm. Cybersecurity entails [...]
0-day flaws in Automated Tank Gauge systems threaten critical infrastructure.
Researchers at BitSight TRACE found multiple 0-day vulnerabilities in ATG systems used to manage fuel storage tanks, posing risks to public safety and economic stability. These flaws could lead to [...]
Cisco Smart Licensing Vulnerability Allows Attackers to Control Devices
Cisco revealed a critical vulnerability, CVE-2024-20439, in its Smart Licensing Utility, allowing unauthorized access due to a hardcoded static password found by an independent researcher. CVE-2024-20439 This vulnerability mainly affects [...]
macOS Sequoia update disrupts multiple security tools
Apple’s macOS 15 Sequoia update has broken several key security tools, sparking user frustration across social media and Mac developer forums. macOS Sequoia Update The release of macOS Sequoia has [...]
Fake CAPTCHA sites install Lumma Stealer malware
A new malware campaign is gaining traction online, using fake CAPTCHA sites to trick users into installing Lumma Stealer (also known as Lumma C2). Users are asked to press specific [...]
Disney to End Use of Slack After Hack Exposes Company Data
The Walt Disney Company will stop using Slack for internal communication following a hack that leaked over a terabyte of company data. In a memo to employees, Disney CFO Hugh [...]
MediaTek Wi-Fi Zero-Click RCE Vulnerability
A critical 0-click RCE vulnerability (CVE-2024-20017) in MediaTek Wi-Fi 6 chipsets, used by devices like Ubiquiti, Xiaomi, and Netgear, allows remote attacks without user interaction. CVE-2024-20017 The vulnerability is located [...]
Hacker stole data from Federal Bank customers
A threat actor has allegedly claimed a breach of Federal Bank, exposing sensitive data of hundreds of thousands of customers. ThreatMon first reported the breach on X, quickly drawing attention [...]
New macOS malware allows attackers to control devices remotely
HZ RAT, a remote access trojan (RAT) that has targeted Windows devices since 2020, has recently been upgraded to also attack Mac users. A RAT allows attackers to gain remote [...]
Threat actors claim to have compromised Dell’s employee database
A hacking group has claimed responsibility for breaching the Dell employee database, asserting access to sensitive information of around 10,800 employees and partners on a prominent hacking forum. The breach [...]
CISA Issues Six Advisories for Industrial Control Systems
CISA has issued six advisories highlighting vulnerabilities in various industrial control systems. The advisories cover: Rockwell Automation’s RSLogix 5 and RSLogix 500 software, which are widely used for programming and [...]
Researchers Uncover Raptor Train Botnet with 60,000+ Devices
Researchers discovered a large Chinese state-sponsored IoT botnet, "Raptor Train," which compromised over 200,000 SOHO and IoT devices. Operated by Flax Typhoon, the botnet uses a sophisticated control system called [...]
Threat Actor Claims to Be Selling Bharat Petroleum Database
A threat actor is reportedly selling a database from Bharat Petroleum Corporation Limited (BPCL). DarkWebInformer first reported this on X, raising serious cybersecurity concerns for the corporation and its stakeholders. [...]
Scams and Fake Websites during Amazon Prime Day
Amazon Prime Day scams refer to fraudulent schemes that exploit the retailer's sell-off day. While the event is a big opportunity for retailers, scammers also use it to target unsuspecting [...]
Apple releases iOS 18, fixing 32 security vulnerabilities
Apple has released iOS 18, fixing 32 security vulnerabilities. The update is available for iPhone XS and later, along with iPad Pro (13-inch, 12.9-inch 3rd gen and newer), iPad Pro [...]
North Korean hackers spread RustDoor Malware on LinkedIn
North Korean hackers are targeting LinkedIn users with advanced malware called RustDoor. This highlights the growing use of social engineering by state-sponsored groups, particularly from North Korea, on professional networking [...]
Hackers leverage Selenium Grid for malicious activity
Threat actors are exploiting Selenium Grid's default lack of authentication in two active campaigns, deploying exploit kits, cryptominers, and proxyjackers. All about Selenium Grid Tool Selenium Grid's widespread adoption among [...]
Critical Vulnerabilities Impact Millions of D-Link Routers — Patch Now!
Millions of D-Link routers are vulnerable to critical security flaws. Urgent firmware updates have been released, and users are advised to patch their devices immediately to prevent exploitation. CVE-2024-45694-Stack-based Buffer [...]
Windows MSHTML zero-day actively exploited
Adobe's September 2024 updates fixed 28 vulnerabilities, including a critical ColdFusion flaw (CVSS 9.8). Other affected products include Photoshop, Illustrator, Premiere Pro, After Effects, Audition, and Media Encoder. These updates [...]
Apache Patches Critical OFBiz RCE Vulnerability
Hackers are exploiting a critical Apache OFBiz vulnerability (CVE-2024-45195) that allows unauthenticated remote code execution, threatening organizations using OFBiz. Apache OFBiz Flaw- CVE-2024-45195 The CVE-2024-45195 vulnerability results from missing view [...]
Kali Linux 2024.3 Launches with New Hacking Tools
Kali Linux 2024.3, the latest version of Offensive Security's Debian-based distribution for ethical hacking, has been released. This update introduces 11 new tools and includes key behind-the-scenes improvements. The Kali [...]
New Loki Backdoor Targets macOS Systems
Cody Thomas created Apfell in 2018, an open-source macOS post-exploitation framework that later evolved into Mythic, a cross-platform framework addressing the limits of existing tools. Loki Backdoor Mythic offers a [...]
New Android Spyware Posing as TV Streaming App Steals Data
Recent research has uncovered new Android Spyware targeting mnemonic keys, vital for cryptocurrency wallet recovery. Disguised as legitimate apps, the malware scans devices for images containing mnemonic phrases and steals [...]
CosmicBeetle Targets SMBs Worldwide Using Old Vulnerabilities
Hackers target SMBs because they often have weaker security and lack cybersecurity awareness. Without regular security audits or incident response plans, SMBs become easy targets for attackers exploiting vulnerabilities. CosmicBeetle [...]
Zyxel NAS Devices Prone to Command Injection Attacks
Zyxel released critical hotfixes to fix a command injection vulnerability in two of its NAS products, NAS326 and NAS542. Although these devices are no longer supported for vulnerabilities, they remain [...]
Hackers Exploit GeoServer RCE to Deploy Malware
Cybersecurity researchers at Fortinet recently discovered that hackers have been exploiting GeoServer RCE vulnerability to deploy malware, and the vulnerability is tracked as “CVE-2024-36401.” GeoServer RCE Vulnerability GeoServer is an [...]
Vulnerabilities in IBM WebSphere Integration Server could let attackers execute commands.
Critical vulnerabilities have been found that could let attackers execute commands on systems. These issues, listed in the Common Vulnerabilities and Exposures (CVE) system, pose serious risks and need urgent [...]
Akira Ransomware Targets SonicWall Firewall RCE Flaw
SonicWall revealed a critical RCE vulnerability (CVE-2024-40766) in SonicOS on August 22, 2024. Initially, no exploitation was reported, but by September 6, active attacks were detected. This flaw allows attackers [...]
Predator Spyware leverages “one-click” and “zero-click” exploits
Recent research shows Predator spyware has resurfaced with improved evasion techniques, despite US sanctions. It's still active in countries like the DRC and Angola, targeting high-profile individuals with harder-to-track infrastructure, [...]
Tor Browser 13.5.3 Released: What’s New?
The Tor Project has released Tor Browser 13.5.3, featuring important security updates and usability improvements. You can download the latest version from the official Tor Browser website. All about Tor [...]
Lazarus Hackers Targeting Job Seekers with JavaScript Malware
Lazarus Group, a notorious North Korean-linked hacker group active since 2010, has intensified its attacks in 2024. Group-IB researchers found Lazarus abusing Contagious Interview campaigns using BeaverTail malware and the [...]
ToddyCat APT Exploits SMB and IKEEXT RCE to Deploy ICMP Backdoor
ToddyCat is an APT group active since December 2020, targeting government and military entities in Europe and Asia. Known for sophisticated cyber-espionage, Kaspersky Lab found ToddyCat exploiting SMB, IKEEXT, and [...]
New Emansrepo Malware Targets Windows via HTML Files
Emansrepo, a Python infostealer, is spread through phishing emails with fake purchase orders. The attack has evolved, now involving multiple stages. Stolen data is zipped and sent to the attacker, [...]
RCE Vulnerability in D-Link WAP Allows Remote Access by Attackers
The D-Link DAP-2310 Wireless Access Point is vulnerable to remote code execution, allowing attackers to gain unauthorized remote access. Discovered by Dark Wolf Solutions, this guide covers the details of [...]
New ManticoraLoader Malware Targets Citrix Users for Data Theft
DeadXInject, the group behind AresLoader and AiDLocker ransomware, is now offering ManticoraLoader, a new Malware-as-a-Service (MaaS) targeting Windows systems. Available on underground forums and Telegram since August 8th, 2024, this [...]
Snake Keylogger Targets Windows via Malicious Excel Files
Researchers have identified a sophisticated phishing campaign using a .NET-based Snake Keylogger variant. This attack uses weaponized Excel files to compromise Windows systems, posing serious risks to data security. Snake [...]
Voldemort Hackers Exploit Google Sheets to Target Windows Users
Proofpoint researchers have uncovered a cyberattack campaign, "Voldemort," using Google Sheets as a C2 platform. Targeting Windows users, the campaign employs a unique attack chain with both common and rare [...]
AutoIT Malware Steals Gmail Login Credentials
A malicious AutoIT executable opens Gmail login pages and steals clipboard data, captures keystrokes, and controls system behavior. It can evade detection by blocking user input. Users should be cautious [...]
Watch Out for Fake Palo Alto Tool Spreading Advanced Malware
A sophisticated malware is threatening organizations in the Middle East by disguising itself as the legitimate Palo Alto GlobalProtect tool. It uses a two-stage infection process and advanced command-and-control (C&C) [...]
Critical Vulnerability in Perl Installer Enables Traffic Interception
A critical vulnerability in App::cpanminus (cpanm), a popular tool for installing Perl modules, has been identified. Known as CVE-2024-45321, it allows attackers to intercept and manipulate traffic during module installation, [...]
Research Uncovers Eight Android and iOS Apps Leaking Users’ Sensitive Data
The eight Android and iOS apps fail to protect user data by transmitting sensitive information, such as device details, geolocation, and credentials, over HTTP instead of HTTPS. This exposes data [...]
EDR Killer Malware Disables Security Tools on Windows Machines
Attackers can exploit Windows drivers to bypass security by exploiting vulnerabilities or using stolen signatures to load malicious drivers into the kernel, disabling protections. While Microsoft enforces driver signature rules, [...]
Apache Vulnerability Exposed Unix Systems to Data Theft
A recently disclosed vulnerability in the Apache Portable Runtime (APR) library, identified as CVE-2023-49582, could expose sensitive application data on Unix platforms. Apache Vulnerability The flaw results from insufficient permissions [...]
Microsoft 365 Flags Image Emails as Malware
Microsoft 365 users report emails with images being wrongly flagged as malware and quarantined, identified as Issue ID: EX873252. This issue has raised significant concerns among businesses and individual users [...]
Ransomware Hits Patelco Credit Union, Steals Customer and Employee Data
Patelco Credit Union revealed a ransomware attack compromising member and employee data, raising concerns about security and privacy. All about the Ransomware Patelco Credit Union detected a ransomware attack on [...]
BeaverTail Malware Hits Windows Users via Games
Researchers discovered a new malware campaign called BeaverTail, targeting job seekers in a North Korean cyber espionage operation. BeaverTail Malware Initially identified as a JavaScript-based info stealer, BeaverTail has evolved [...]
Active Exploitation of Chrome Zero-Day Vulnerability
Google has released Chrome 128 (128.0.6613.84 for Linux and 128.0.6613.84/.85 for Windows and Mac) to address a critical zero-day vulnerability actively exploited in the wild. The update includes 38 security [...]
Caution: Malicious Slack Ads Deliver Harmful Payloads
Cybercriminals are using Google search ads to distribute malware disguised as legitimate ads for Slack. This advanced tactic shows how threat actors are getting better at avoiding security measures and [...]
Ngate malware steals card funds on Android devices
ESET researchers recently identified new Android malware called “Ngate” that allows hackers to withdraw money from victims’ payment cards. Ngate malware NGate Android malware, identified in November 2023, represents a [...]
Log4j Vulnerability Exploited Again to Deploy Crypto-Mining Malware
Recent Log4j attacks use obfuscated LDAP requests to execute malicious scripts, establish persistence, and exfiltrate data. Multiple backdoors and encrypted channels maintain control, emphasizing the ongoing threat of the Log4j [...]
Backdoor in MIFARE Smart Cards Reveals User-Defined Keys
Researchers uncover new attack vectors in MIFARE Classic cards by analyzing the CRYPTO-1 algorithm and vulnerabilities, demonstrating how to extract data, clone cards, and compromise both new and old card [...]
New UULoader Malware Spreads Gh0st RAT and Mimikatz
UULoader malware delivers payloads like Gh0st RAT and Mimikatz, targeting Korean and Chinese speakers through malicious installers. UULoader Malware Discovered by the Cyberint Research Team, the malware includes Chinese strings [...]
Dell SupportAssist Vulnerability Enables Privilege Escalation on PCs
A critical security vulnerability affects Dell SupportAssist for Home PCs, specifically in installer version 4.0.3. Dell SupportAssist Vulnerability CVE-2024-38305 lets local low-privileged attackers escalate their privileges and run arbitrary code [...]
Unauthenticated RCE in WordPress Plugin Exposes 100K Sites
A critical vulnerability (CVE-2024-5932) in the GiveWP plugin exposes over 100,000 WordPress sites to remote code execution (RCE) attacks, as disclosed by researcher villu164 through the Wordfence Bug Bounty Program. [...]
MegaMedusa: A Powerful Web DDoS Tool Used by Hackers
RipperSec, a pro-Palestinian Malaysian hacktivist group that started on Telegram in June 2023, has quickly grown to over 2,000 members. They carry out cyberattacks like data breaches, defacements, and DDoS [...]
Urgent: Windows TCP/IP Vulnerability Discovered, Update Now
A critical vulnerability in the Windows TCP/IP stack enables unauthenticated remote code execution (RCE) through specially crafted IPv6 packets. This flaw affects all supported versions of Windows and Windows Server, [...]
Vulnerability in Microsoft Apps Let Hackers Spy on Mac Users
A critical vulnerability in Microsoft apps for macOS allowed hackers to surreptitiously spy on Mac users' activities. Security researchers from Cisco Talos revealed how attackers could exploit this flaw to [...]
New Styx Stealer Targets Users to Steal Login Passwords
A new threat called Styx Stealer has emerged, targeting users by stealing sensitive data like saved passwords, cookies, and autofill details from popular web browsers. Styx Stealer This malware targets [...]
Google Pixel Devices Shipped with Flawed App
Recent research revealed a vulnerability in the Android package of many Google Pixel smartphones. Devices shipped globally since September 2017 could be at risk of malware due to a pre-installed [...]
Lazarus Group Exploited Windows Zero-day
The notorious Lazarus hacker group exploited a zero-day vulnerability in Microsoft Windows, targeting the Ancillary Function Driver for WinSock (AFD.sys), identified as CVE-2024-38193. Discovered by researchers Luigino Camastra and Milanek [...]
New Exploit BYOVDLL Bypasses LSASS Protection
In July 2022, Microsoft patched a PPL bypass flaw, but a new exploit called "BYOVDLL" has been discovered, allowing attackers to bypass LSASS protection. All about BYOVDLL In October 2022, [...]
Malspam Targets AnyDesk and Microsoft Teams
Cybersecurity researchers have uncovered a sophisticated malspam campaign targeting users via email and phone. Attackers are exploiting AnyDesk and Microsoft Teams to gain unauthorized access to victims' computers, highlighting evolving [...]
Ransomware Group Introduces New EDR Killer Tool
A ransomware group, RansomHub, has introduced EDRKillShifter, a tool designed to disable EDR systems. This advancement highlights the group's evolving tactics to bypass security measures and execute attacks. Although a [...]
Critical IBM QRadar Flaws Enable Remote Arbitrary Code Execution
IBM recently revealed critical vulnerabilities in QRadar Suite Software and IBM Cloud Pak for Security. Exploitation of these flaws could let attackers execute arbitrary code remotely, posing serious security risks. [...]
0.0.0.0 Day – 18-Year-Old Flaw Bypasses Browser Security
Threat actors frequently exploit browser flaws to gain unauthorized access and conduct various illicit activities. Recently, Oligo Security discovered a critical 18-year-old vulnerability, dubbed "0.0.0.0 day," which bypasses all browser [...]
Update Now: Critical SAP Auth Bypass and SSRF Vulnerabilities Fixed
SAP has issued a major security update addressing critical authentication bypass and server-side request forgery vulnerabilities, with CVSS scores of 9.8 and 9.1. The company advises all users to install [...]
1Password macOS Vulnerability Leads to Credentials Leak
A critical vulnerability in 1Password for macOS allows attackers to bypass security measures and access vault items. This issue affects every version of the macOS app. A patch is now [...]
Apache OFBiz RCE Vulnerability Found, Patch Immediately
A vulnerability, CVE-2024-38856, has been found in Apache OFBiz, allowing unauthenticated remote code execution. A patch is available, and developers strongly recommend installing it immediately due to the high risk [...]
Beware: Fake AI Editor Stealing Logins
Recently, Trend Micro researchers uncovered a sophisticated malvertising campaign targeting social media users with a multi-step deception to steal login credentials. Hackers use fake AI editor websites to trick users [...]
New Spyware Targeting Android Users
Cybersecurity experts have uncovered sophisticated Android spyware, LianSpy, targeting users to steal sensitive data. It uses advanced evasion techniques, posing a significant threat to Android users globally. All about LianSpy [...]
Russia-linked APT used a car ad to phish diplomats with Headlace malware.
A Russia-linked threat actor used a car ad to phish diplomats and deliver the HeadLace backdoor, likely starting in March 2024, according to Palo Alto Networks Unit 42. They attribute [...]
Critical Flaw in Voice Over Wi-Fi Allows Eavesdropping
Voice Over Wi-Fi (VoWiFi) is commonly used for making voice calls over Wi-Fi, improving call quality and reliability. Recently, cybersecurity researchers discovered a vulnerability in VoWiFi that allows attackers to [...]
Ubiquiti G4 Vulnerability Discovered, Enabling DDoS Attacks
Researchers found a flaw in Ubiquiti G4 Wi-Fi cameras that exposes critical data. They believe a similar vulnerability was used in 2019 for DoS attacks on many cameras. Despite Ubiquiti's [...]
Hackers Exploit WordPress Plugin File Upload Flaw
Hackers are exploiting a critical vulnerability (CVE-2024-6220) in the WordPress plugin 简数采集器 (Keydatas) that allows unauthenticated users to upload arbitrary files, risking remote code execution and full site takeover. On [...]
Microsoft Patches Critical Edge Flaw Enabling Code Execution
Microsoft has patched critical vulnerabilities in Edge. Users should update to the latest version to ensure security. Asec Ahnlab identified these flaws in Edge versions 127.0.6533.88 and 127.0.6533.89. All about [...]
Hackers Exploiting GeoServer RCE Flaw, 6,635 Servers at Risk
A critical flaw in GeoServer, an open-source Java software, exposes thousands of servers to risk. The vulnerability, CVE-2024-36401, allows unauthenticated remote code execution, threatening global geospatial data infrastructures. A recent [...]
Phishing Campaign Exploited Proofpoint for Email Spoofing
Guardio Labs recently identified "EchoSpoofing," a critical vulnerability in Proofpoint's email protection service used by 87% of Fortune 100 companies. This flaw allows hackers to exploit phishing emails, tricking recipients [...]
New Specula Tool Turns Outlook into a C2 Server via Registry Exploit
Cybersecurity firm TrustedSec has introduced a new tool named Specula, which leverages a longstanding vulnerability in Microsoft Outlook to turn it into a Command and Control (C2) server. This discovery [...]
Microsoft 365 and Azure Outage Disrupts Multiple Services
Microsoft is investigating a global outage affecting access to some Microsoft 365 and Azure services. Microsoft 365 and Azure Outage Currently, the incident affects users worldwide and only a subset [...]
Chinese Users Targeted by Gh0st RAT Malware Through Fake Chrome Page
Attackers are using Gh0stGambit to spread Gh0st RAT malware to Chinese users via a fake Google Chrome download page, mimicking the legitimate site. GH0ST RAT Trojan Targets Chinese Windows Users [...]
Progress Patches New Privilege Escalation Flaw in MOVEit File Transfer
Progress, the company behind MOVEit Transfer, has issued a critical security alert for a newly discovered vulnerability in its product. The flaw, CVE-2024-6576, is classified as high-severity with a CVSS [...]
Malicious Python Package Targets macOS Developers for Google Cloud Login Theft
Hackers exploit malicious Python packages to attack developer environments, inject harmful code, and steal sensitive information or install malware. This method leverages popular repositories for broad impact with minimal effort. [...]
RaspAP Vulnerability Allows Hackers to Gain Privileges on Raspberry Pi Devices
A critical local privilege escalation vulnerability (CVE-2024-41637) was found in RaspAP, an open-source project for turning Raspberry Pi devices into wireless access points or routers. Rated 9.9 (Critical) on the [...]
Phishing Attack Hits Indian Mobile Users via India Post Scams
Indian iPhone users are inundated with SMS phishing scams posing as India Post delivery notifications, aimed at stealing credentials for future scams. Fraudsters Pose as India Post in SMS Phishing [...]
Threat Actors Claim Leak of 250M IOC Data; CrowdStrike Responds
The hacktivist group USDoD claims to have leaked CrowdStrike's "entire threat actor list" and an "entire IOC list" with over 250 million data points. Details of the Alleged Leak: On [...]
Google Chrome Issues Warnings for Malicious Downloads
Google Chrome now has a new download system with alerts for potentially harmful files, enhancing user security. Last year, Google Chrome introduced a revamped downloads interface on desktops, making it [...]
Jellyfish Loader Malware Discovered, Poses Threat to 2024 Olympics
A new threat, Jellyfish Loader, has been identified as a .NET-based shellcode downloader disguised as a Windows shortcut. Despite its unusual features suggesting it may still be in development, it [...]
Alert: Krampus Loader Gaining Popularity on the Dark Web
"Krampus," a new malware loader, is gaining popularity on the dark web, according to MonThreat on X (formerly Twitter). What is Krampus Loader Krampus Loader is a type of malware [...]
Watch Out for Malicious Python Packages That Steal Sensitive Data
Malicious Python packages uploaded by "dsfsdfds" to PyPI stole sensitive data from user systems and sent it to a Telegram bot likely associated with Iraqi cybercriminals. Active since 2022, the [...]
Attackers Exploit Swap File to Steal Credit Card Information
Researchers at Sucuri recently discovered that website swap files can be exploited to install a persistent credit card skimmer on Magento e-commerce platforms. Swap files, which store overflow data from [...]
Flaw in Cisco VPN routers enables remote code execution by attackers
Cisco disclosed a significant flaw in the upload module of RV340 and RV345 VPN routers, allowing remote, authenticated attackers to run arbitrary code. Tracked as CVE-2024-20416 with a CVSS score [...]
Watch out for fake browser updates installing malicious BOINC software.
Since July 4, 2024, SocGholish (FakeUpdates) has shown new behavior. The infection chain starts with a compromised website prompting a fake browser update. Downloading the update triggers malicious code that [...]
SonicOS IPSec VPN Vulnerability Allows Attackers to Cause DoS Condition
SonicWall has disclosed a critical heap-based buffer overflow vulnerability in SonicOS IPSec VPN, identified as CVE-2024-40764, which can allow remote attackers to cause a DoS condition. The vulnerability has a [...]
BadPack Malware for Android Infects APK Installers
New research reveals a novel approach to hiding malware in APK installers. Adversaries manipulate the file header to circumvent protection and make analysis much more difficult. The peak usage of [...]
Hackers Claim Dettol Data Breach Affects 453,646 Users
Threat actor ‘Hana’ claims to have breached Dettol India, affecting 453,646 users, according to a FalconFeedsio post on X. Dettol Data Breach The post reveals that the breach exposed user [...]
CrowdStrike Update Leads to Widespread Windows BSOD Crashes
A recent CrowdStrike update has caused widespread Blue Screen of Death (BSOD) errors on Windows machines. The issue affects multiple versions of the company’s sensor software, prompting an urgent investigation [...]
New TE.0 HTTP Request Smuggling Vulnerability Affects Google Cloud Websites
HTTP Request Smuggling exploits differences in how web servers and intermediaries handle HTTP request sequences. Attackers craft malicious requests to manipulate the processing order, potentially leading to unauthorized access, security [...]
ShadowRoot Ransomware Targets Businesses with Weaponized PDFs
X-Labs identified ransomware targeting Turkish businesses through PDF attachments in emails from the internet[.]ru domain. These PDFs contain links that download exe payloads, encrypting files with the ".shadowroot" extension. This [...]
Poco RAT uses 7zip files via Google Drive for attacks
In early 2024, Cofense researchers discovered Poco RAT, a malware specifically targeting Spanish-speaking individuals in the mining industry. It spreads through Google Drive-hosted 7zip archives, effectively masking its malicious activities. [...]
HardBit Ransomware Evades Detection with Passphrase Protection
In 2022, HardBit Ransomware 4.0 emerged, differing from typical groups by avoiding leak sites and double extortion. Their tactics include data theft, encryption, and ransom demands with additional threats. Cybereason [...]
Pinterest Data Leak: Hackers Claim Access to 60M Records
Pinterest, with over 518 million users, faces a potential data leak. Hacker "Tchao1337" claims to have leaked 60 million rows of user data on a forum. The 1.59 GB database [...]
Juniper Junos Flaw Allows Full ‘Root’ Access to Attackers
Hackers target Juniper Junos due to its extensive use in business networking, making it a prime target for accessing valuable systems. Its prominence in large organizations means successful breaches can [...]
FishXProxy amplifies phishing attacks with cunning and deceptive tactics
Imagine receiving an email that appears completely legitimate. This is the deceptive capability of the new FishXProxy Phishing Kit, an advanced toolkit emerging from underground cybercrime circles. FishXProxy bypasses traditional [...]
Hackers Using ClickFix Tactics to Deploy Malware
McAfee Labs researchers have identified a sophisticated malware delivery method, "ClickFix," using advanced social engineering to trick users into executing malicious scripts, leading to severe security breaches. This article explores [...]
Microsoft Patches 3 Critical Vulnerabilities in July Update
Microsoft's July security update addresses 142 vulnerabilities, including one already being exploited. This update is part of Microsoft's regular "Patch Tuesday" release. MICROSOFT FIXES 3 CRITICAL FLAWS IN PATCH TUESDAY [...]
Chinese APT40 Exploits New Vulnerabilities Within Hours
International cybersecurity agencies have issued a warning about APT40, a PRC state-sponsored cyber group linked to the Ministry of State Security. Based in Hainan Province, APT40 has targeted global organizations, [...]
Eldorado Ransomware Targets Windows and Linux Systems
Ransomware-as-a-service (RaaS) has evolved into a sophisticated, enterprise-like model. From 2022 to 2023, ransomware ads on the dark web increased by 50%, with 27 identified ads. The RAMP forum became [...]
Jenkins Script Console used for cryptocurrency mining attacks by hackers
Researchers discovered that attackers can exploit improperly configured Jenkins Script Console for criminal activities like cryptocurrency mining. "Misconfigurations, such as weak authentication settings, expose the '/script' endpoint," noted Trend Micro's [...]
Ghostscript Rendering Platform Flaw Enables Remote Code Execution
A critical vulnerability, CVE-2024-29510, has been discovered in the Ghostscript rendering platform. This format string flaw affects versions up to 10.03.0, allowing attackers to bypass the -dSAFER sandbox and execute [...]
Info-Stealing Malware Posing as Accessibility Tools and Chrome Extensions
The first half of 2024 has witnessed a notable surge in info-stealing malware masquerading as AI tools and Chrome extensions. This trend underscores cybercriminals' growing sophistication and adaptability, leveraging emerging [...]
Orcinius Trojan Targets Users Through Dropbox & Google Docs
A new multi-stage trojan, "Orcinius," exploits Dropbox and Google Docs. It starts with an Excel spreadsheet containing a 'VBA stomping' macro. When executed, this macro hooks into Windows, enabling the [...]
ScreenConnect Remote Access Client Exploited by Hackers to Deploy AsyncRAT
eSentire’s Threat Response Unit (TRU) has uncovered a sophisticated campaign in which threat actors exploit the ScreenConnect remote access client to deliver the AsyncRAT trojan, revealing the evolving tactics of [...]
Hackers Exploit Twilio API to Verify MFA Phone Numbers
A vulnerability in an unauthenticated endpoint allowed threat actors to identify phone numbers associated with Authy accounts. The endpoint has since been secured to prevent unauthorized access. Although there is [...]
FakeBat Malware Targets AnyDesk, Zoom, Teams & Chrome
Hackers are targeting and weaponizing AnyDesk, Zoom, Teams, and Chrome due to their widespread use across multiple sectors, providing access to sensitive information. Cybersecurity researchers at Sekoia have identified FakeBat [...]
RegreSSHion OpenSSH Vulnerability Enables RCE
A newly discovered OpenSSH vulnerability, dubbed regreSSHion, allows remote attackers to gain root privileges on Linux systems using the glibc library. This flaw lets unauthenticated attackers execute arbitrary code and [...]
CapraRAT Mimics Popular Apps to Attack Android Users
Transparent Tribe (aka APT36), active since 2016, uses social engineering to target Indian government and military personnel. Recently, their CapraRAT has been mimicking popular Android apps to attack Android users, [...]
Google Offers $250,000 for Full VM Escape Zero-Day Vulnerability
Google has launched kvmCTF, a new vulnerability reward program targeting the Kernel-based Virtual Machine (KVM) hypervisor. Announced in October 2023, this initiative underscores Google's commitment to securing key technologies like [...]
Malware Spreading via Binance Smart Contracts Blockchain
Cybercriminals are exploiting Binance smart contracts as intermediary C2 servers, favoring them due to their resilience against takedowns. Initially used for deploying infostealers, these smart contracts have potential applications for [...]
New GrimResource Attack Technique Exploits MMC and DLL Flaw
A new malicious code execution technique, GrimResource, targets Microsoft Management Console. Attackers exploit an old cross-site scripting vulnerability to bypass defenses and deploy malware to endpoints. GrimResource Attack Technique On [...]
Critical OpenSSH Flaw Puts Millions of Linux Servers at Risk
A critical vulnerability in OpenSSH, affecting versions 8.5p1 to 9.7p1, has been discovered, potentially exposing millions of Linux systems to arbitrary code execution attacks. This flaw in the sshd(8) component [...]
Beware of the “TRANSLATEXT” Chrome Extension from North Korean Hackers
Hackers exploit Chrome extensions to embed malware, gather personal data, display pop-ups, change URLs, and manipulate the browser. Zscaler ThreatLabz detected new activity by Kimsuky, a North Korean state-sponsored APT [...]
Xeno RAT is actively targeting users via GitHub repositories and .gg domains.
Threat actors leverage RATs for sustained access to compromised systems, facilitating prolonged espionage and exploitation. North Korean hackers and other threat actors targeting the gaming community are distributing XenoRAT via [...]
PoC Released for SQL Injection in Fortra FileCatalyst
A PoC exploit for the SQL Injection vulnerability CVE-2024-5276 in Fortra FileCatalyst Workflow has been released, affecting versions up to 5.1.6 Build 135. CVE-2024-5276 The SQL Injection vulnerability, discovered on [...]
Critical Vulnerability in MOVEit Transfer Allowed Hackers to Access Files
A critical vulnerability, CVE-2024-5806, in MOVEit Transfer software poses severe risks to organizations relying on it for secure data transfers. This flaw, found in versions 2023.0.0 to 2023.0.10, 2023.1.0 to [...]
Threat Actor Claims Zero-Day Sandbox Escape and RCE in Chrome Browser
A threat actor has publicly claimed a zero-day vulnerability in the widely-used Google Chrome browser. The account MonThreat, known for credible cybersecurity disclosures, made this claim via a tweet. All [...]
Linux LPE Zero-Day Exploit via GRUB Bootloader
A new threat actor has surfaced, claiming a zero-day vulnerability in the Linux GRUB bootloader for local privilege escalation (LPE). This has sparked considerable concern in the cybersecurity community, with [...]
SneakyChef and SugarGhost, newly identified RAT malware strains
Talos Intelligence has uncovered a sophisticated cyber campaign orchestrated by the threat actor SneakyChef. This operation utilizes the SugarGh0st RAT and other malware to target government agencies, research institutions, and [...]
Microsoft Power BI Vulnerability Exposes Organizations’ Sensitive Data
A Microsoft Power BI vulnerability allows unauthorized access to sensitive data in reports, affecting tens of thousands of organizations and exposing employee, customer, and confidential information. Attackers can exploit this [...]
New Linux Variant of RansomHub Targets ESXi Systems
Hackers frequently target ESXi systems due to their extensive use in managing enterprise virtualized infrastructure, making them attractive targets. Exploiting security flaws in ESXi, threat actors can deploy ransomware and [...]
New Security Flaw Enables Access to Microsoft Corporate Email Accounts
A new security flaw allows attackers to impersonate Microsoft corporate email accounts, increasing phishing risks. Discovered by researcher Vsevolod Kokorin (Slonser), the bug remains unpatched by Microsoft. Kokorin revealed the [...]
Hackers Use Progressive Web Apps to Steal Passwords
Hackers are increasingly exploiting Progressive Web Apps (PWAs) for sophisticated phishing attacks to steal user credentials, as highlighted by security researcher mr.d0x. PWAs, built using HTML, CSS, and JavaScript, offer [...]
Hackers Use Windows Installer (MSI) Files to Spread Malware
Cybersecurity researchers have uncovered a sophisticated malware campaign by the Void Arachne group, targeting Chinese-speaking users with malicious Windows Installer (MSI) files. Void Arachne targets Chinese-speaking users using SEO poisoning [...]
Chrome Security Update: Fixes for Six Vulnerabilities
Google has released a new Chrome browser update, version 126.0.6478.114/115 for Windows and Mac, and 126.0.6478.114 for Linux. This update, rolling out over the coming days and weeks, addresses multiple [...]
Hackers are using new techniques to target Docker API
The Spinning YARN attackers have initiated a fresh cryptojacking campaign, focusing on publicly exposed Docker Engine hosts. They utilize new binaries like chkstart for remote access with payload execution, exeremo [...]
Hidden Backdoor in D-Link Routers Lets Attackers Log in as Admin
A critical vulnerability in several D-Link wireless router models allows unauthenticated attackers to gain administrative access. The CVE-2024-6045 vulnerability has a high severity CVSS score of 8.8. All about the [...]
Lumma Stealer Spreads Through Fake Browser Updates Using ClearFake
Recent research uncovered websites deploying Lumma Stealer disguised as browser updates. These sites, posing as tutorial pages with legitimate-looking guides, open a malicious JS iframe using the ClearFake framework. Some [...]
Microsoft Patches Critical MSMQ Flaw
On Patch Tuesday, June 11, 2024, Microsoft fixed numerous flaws, including a remote code execution vulnerability in Microsoft Message Queuing (MSMQ) affecting various Windows and Windows Server versions, even those [...]
Beware: WARMCOOKIE Backdoor Knocking at Your Inbox
WARMCOOKIE is a new Windows backdoor delivered via a phishing campaign called REF6127. It can take screenshots, deliver additional payloads, and fingerprint systems. "This malware is a serious threat, enabling [...]
0-Day Vulnerability in 10,000 Web Apps Exploited with XSS Payloads
A significant vulnerability, CVE-2024-37629, has been discovered in SummerNote 0.8.18, allowing Cross-Site Scripting (XSS) via the Code View function. Summernote is a JavaScript library for creating WYSIWYG editors online. An [...]
Hackers Exploit Linux SSH Services to Deploy Malware
SSH and RDP provide remote server access (Linux and Windows respectively) for administration. Both protocols are vulnerable to brute-force attacks if strong passwords and access controls are not used. Attackers [...]
Critical Flaw in Apple Ecosystems Allows Unauthorized Access
Hackers target Apple due to its large user base and wealthy customers, including business people and managers with important information. Despite strong security measures, Apple remains a target because valuable [...]
SSLoad Malware Utilizes MSI Installer to Initiate Delivery Chain
Malware distributors exploit MSI installers because Windows OS inherently trusts them to run with administrative rights, bypassing security controls. This makes MSI files a convenient method for disseminating ransomware, spyware, [...]
Biometric Terminal Exposed to QR Code SQL Injection Vulnerability
A popular ZKTeco biometric terminal has critical vulnerabilities, including an SQL injection flaw via QR codes. This discovery raises serious concerns about the security of widely used biometric access control [...]
EmailGPT Vulnerability Exposes Sensitive Data to Attackers
A new prompt injection vulnerability, CVE-2024-5184, has been found in EmailGPT, the service and Chrome plugin that assists Gmail users in composing emails with OpenAI's GPT model. This vulnerability allows [...]
PoC Exploit Released for Veeam Authentication Bypass Flaw
A PoC exploit has been released for the critical Veeam Backup Enterprise Manager authentication bypass vulnerability, CVE-2024-29849, with a CVSS score of 9.8. This article explores the vulnerability, exploit, and [...]
Muhstik Malware Attacks Apache RocketMQ for Remote Code Execution
Apache RocketMQ, a widely used messaging system for handling high volumes of data and critical operations, often attracts hackers. Exploiting RocketMQ vulnerabilities allows attackers to disrupt communications, access sensitive information, [...]
Fog Ransomware Targets Windows Servers Admins for RDP Logins
The new 'Fog' ransomware targets US education and recreation businesses. Attackers used compromised VPN credentials from two different providers to access victim environments. They employed pass-the-hash attacks on administrator accounts [...]
Cisco Webex Meetings Flaw Enables Unauthorized Access
Cisco disclosed a major security vulnerability in its Webex Meetings platform, affecting some customers in its Frankfurt data center since early May 2024. The vulnerability in Cisco Webex Meetings, found [...]
Caution: Phishing Emails Urging Execution via Paste (CTRL+V)
Phishing attackers distribute email attachments with malicious HTML files designed to exploit users into running the code by prompting them to paste and execute it, leveraging social engineering. A phishing [...]
Security Vulnerability in Zyxel NAS Devices Enables Remote System Takeover
Zyxel has identified and released security patches for critical vulnerabilities affecting their NAS326 and NAS542 devices. These vulnerabilities, known as command injection and remote code execution, could allow attackers to [...]
Hackers Use Cracked MS Office Versions to Deliver Malware
In South Korea, attackers distribute malware disguised as cracked software, including RATs and crypto miners, and register themselves with the Task Scheduler for persistence. Even after initial removal, the Task [...]
CarnavalHeist Uses Word Documents to Steal Login Credentials
Hackers exploit the widespread use and trust of Word documents, easily deceiving users into opening them. These documents can contain macros or exploits that run malicious code, enabling data theft, [...]
FlyingYeti Uses WinRAR Flaw for Malware Attacks
Since Russia's invasion of Ukraine on February 24, 2022, tensions have been high globally. Following the invasion, Ukraine imposed a moratorium on utility service evictions and terminations for unpaid debt, [...]
Citrix Workspace App Lets Attackers Elevate Privileges from User to Root
A critical vulnerability in the Citrix Workspace app for Mac, tracked as CVE-2024-5027, could allow attackers to elevate privileges from a local authenticated user to root. This poses a significant [...]
Cybercriminals are Using Microsoft Office Documents to Spread Malware in Business Environments
Microsoft Office provides tools for creating professional reports, college essays, CVs, and notes on Office 365. It offers text and data editing features, including macros and Python scripting in Excel, [...]
Foxit PDF Reader and Editor Flaw Enables Privilege Escalation
A new privilege escalation vulnerability (CVE-2024-29072, severity 8.2 High) has been discovered in multiple versions of Foxit PDF Reader for Windows. Foxit has fixed the issue and published a security [...]
New Embargo Ransomware Discovered, Potential ALPHV Rebirth
A new ransomware strain called Embargo, written in Rust, has surfaced with its Darknet infrastructure. Using double extortion tactics, it resembles the recently seized ALPHV group. The novice gang already [...]
TP-Link Archer C5400X Router Flaw Allows Remote Hacking
Hackers frequently target routers, the gateways connecting devices and networks to the internet, because they are often neglected for security updates. Cybersecurity researchers at OneKey recently discovered a flaw in [...]
Hackers Can Exploit Apple’s Wi-Fi Positioning System to Track Users Globally
A recent study by University of Maryland security researchers revealed a major privacy vulnerability in Apple’s Wi-Fi Positioning System (WPS). This flaw allows hackers to globally track Wi-Fi access points [...]
PoC Exploit Out for Critical Git RCE Vulnerability
A critical vulnerability in Git, known as CVE-2024-32002, has recently emerged, posing substantial risks to users of this popular version control system. This vulnerability facilitates remote code execution (RCE) during [...]
GHOSTENGINE Malware Exploits Drivers to Terminate EDR Agents
Researchers discovered REF4578, an intrusion set that exploits vulnerable drivers to disable EDRs for crypto mining and deploys the GHOSTENGINE malware. GHOSTENGINE manages the machine’s modules, primarily using HTTP to [...]
Microsoft Reveals New Windows 11 Features for Enhanced Security
Microsoft is focusing on security in Windows, introducing Secured-Core PCs against hardware to cloud attacks and expanding passwordless options with passkeys for better identity protection. Passkeys are safeguarded by Windows [...]
Zabbix SQL Injection Vulnerability Leads to Remote Code Execution
Zabbix, a widely used network monitoring tool in corporate IT infrastructure globally, is susceptible to SQL injection attacks. The vulnerability, identified as CVE-2024-22120, affects all versions from 6.0 onwards and [...]
Recent Linux Backdoor Targets Linux Users
Recently, cybersecurity researchers at Symantec uncovered a fresh Linux backdoor actively targeting users through installation packages. All about Linux Backdoor Symantec revealed a new Linux backdoor dubbed Linux.Gomir, attributed to [...]
Apple Safari Zero-Day Flaw Exploited at Pwn2Own: Urgent Patch Required
Apple has rolled out security updates to tackle a zero-day vulnerability in its Safari web browser, exploited during this year's Pwn2Own Vancouver hacking contest. Known as CVE-2024-27834, this issue has [...]
Wireshark 4.2.5 Release: What’s New!
Wireshark, the leading network protocol analyzer, has just released version 4.2.5, introducing numerous new features and enhancements. This update aims to elevate user experience and offer more robust tools for [...]
Millions of IoT Devices Vulnerable to Attacks, Posing Risk of Full Takeover
Researchers have uncovered four significant vulnerabilities in the ThroughTek Kalay Platform, utilized by 100 million IoT-enabled devices. ThroughTek Kalay's widespread influence underscores the need to safeguard homes, businesses, and integrators. [...]
New Google Chrome Zero-day Being Exploited in the Wild—Patch Immediately!
Google has released a critical security update for its Chrome browser upon uncovering a zero-day vulnerability actively exploited by attackers. Tracked as CVE-2024-4761, the flaw impacts the V8 JavaScript engine, [...]
Hackers Utilize Word Files to Distribute DanaBot Malware
Recent email campaigns distribute DanaBot malware through two document types: those exploiting equation editor and those with external links. Attackers send emails disguised as job applications with a malicious Word [...]
iTunes for Windows Vulnerability Enables Malicious Code Execution
iTunes has an arbitrary code execution vulnerability, potentially enabling attackers to execute malicious code. Apple has issued a security advisory to address this. The company stated it won't discuss or [...]
Proof-of-Concept (PoC) Released for Critical PuTTY Private Key Recovery Vulnerability
Security researchers have published a Proof-of-Concept (PoC) exploit for a critical vulnerability in the widely used PuTTY SSH and Telnet client. The flaw, CVE-2024-31497, permits attackers to recover private keys [...]
Microsoft Edge Zero-Day Exploit Detected in Live Attacks
A zero-day vulnerability in Microsoft Edge, identified as CVE-2024-4671, has been actively exploited by malicious organizations, as reported. This security flaw originates from the Chromium engine, which powers the browser. [...]
Critical Cacti Vulnerability Enables Remote Code Execution by Attackers
Cacti, a widely used network monitoring tool, has released a critical security update addressing various vulnerabilities, notably CVE-2024-25641, rated with a high severity score of 9.1 on the CVSS scale, [...]
New F5 Next-Gen Manager Vulnerability Enables Attackers to Obtain Full Admin Control
Two critical vulnerabilities in F5 Next-Gen Big IP have been uncovered, enabling threat actors to attain full administrative control of the device and establish accounts on any F5 assets. These [...]
Dell Breached: Attackers Acquire Personal Information of 49 Million Customers
Dell Technologies recently disclosed a data breach involving a company portal containing limited customer information related to purchases, exposing names, physical addresses, and detailed order information such as service tags, [...]
CrushFTP vulnerability exploited in the wild to execute remote code
A critical vulnerability, CVE-2024-4040, has been actively exploited in the wild in CrushFTP. This flaw permits attackers to execute unauthenticated remote code on vulnerable servers. Versions of CrushFTP prior to [...]
Cyber attackers use weaponized shortcut files to distribute CHM malware
Hackers exploit weaponized shortcut files because they can execute malicious code without targeting specific users. Given their widespread usage and familiarity, shortcut files offer an effective platform for deploying malware. [...]
MorLock Ransomware Targets Organizations, Stealing Business Data
The MorLock ransomware group has escalated its assaults on Russian businesses, resulting in disruptions and financial setbacks. Identified at the start of 2024, this group has already infiltrated nine medium [...]
XSS Vulnerability in Yoast SEO Plugin Endangers Over 5 Million WordPress Websites
Security researcher Bassem Essam uncovered a critical cross-site scripting (XSS) vulnerability in the widely-used Yoast SEO WordPress plugin, potentially jeopardizing over 5 million websites. XSS Vulnerability in Yoast SEO Plugin [...]
Trend Micro Antivirus One Allowed Malicious Code Injection by Attackers
A major update for Trend Micro's Antivirus One software has been launched. This update tackles a critical vulnerability that could have allowed attackers to inject malicious code. The vulnerability, named [...]
MITRE Exposes Chinese Hackers’ Employment of ROOTROT Webshell in Network Breach
The MITRE Corporation, a non-profit organization managing research and development centers for the U.S. government, has revealed a recent infiltration by sophisticated nation-state hackers into one of its internal research [...]
A novel Cuckoo malware strain is targeting macOS users
Researchers have unveiled a new malware strain named "Cuckoo," combining features of spyware and infostealers, designed to target both Intel and ARM-based Macs, employing advanced methods to extract sensitive data. [...]
ShadowSyndicate hackers exploit Aiohttp vulnerability for sensitive data theft
A directory traversal vulnerability (CVE-2024-23334) in aiohttp versions before 3.9.2 permits remote attackers to access sensitive files on the server by bypassing file reading validation within the root directory when [...]
ArubaOS Critical Vulnerability Allows Remote Code Execution by Attackers
Multiple vulnerabilities in ArubaOS affect HPE Aruba Networking devices, including Mobility Conductor, Mobility Controllers WLAN Gateways, and SD-WAN Gateways managed by Aruba Central. These vulnerabilities involve Unauthenticated Buffer Overflow (CVE-2024-26305, [...]
‘Cuttlefish’ Zero-Click Malware Pilfers Private Cloud Data
Cuttlefish is a recently discovered malware platform that has been active since at least July 2023. It specifically targets networking equipment such as enterprise-grade small office/home office routers. The latest [...]
Gemini 1.5 Pro: Your Exclusive New AI Malware Analyst
Gemini 1.5 Pro represents the latest iteration of the Gemini AI malware analysis platform, poised to revolutionize the cybersecurity landscape. Boasting innovative features, it empowers security teams to detect, investigate, [...]
New Android Malware Mimics Social Media Apps to Steal Sensitive Data
A new RAT malware targeting Android devices has been discovered, capable of executing additional commands compared to other RAT malware. It can also conduct phishing attacks by masquerading as legitimate [...]
Darkgate Malware Utilizes Autohotkey to Track Teams
Researchers have discovered a new infection chain linked to the DarkGate malware. This Remote Access Trojan (RAT), created with Borland Delphi, has been advertised as a Malware-as-a-Service (MaaS) product on [...]
LightSpy Malware Targets MacOS Devices
BlackBerry initially reported a new iOS LightSpy malware, but Huntress researchers discovered it as a macOS variant targeting Intel or Apple Silicon with Rosetta 2-enabled devices. This led to media [...]
New Android Trojan executes malicious commands on your phone
XLab researchers uncover "Wpeeper," a new Android malware infiltrating systems to execute various malicious commands, posing a serious threat to users. All about the new android trojan Wpeeper's distribution is [...]
Grafana Tool Vulnerability Enables SQL Injection by Attackers
A severe SQL injection vulnerability has been discovered in Grafana, a popular open-source platform extensively used for monitoring and observability. This flaw enables attackers with valid user credentials to execute [...]
PlugX USB Worm Infects Over 2.5 Million Devices
A new threat has surfaced, impacting millions of devices globally. The PlugX USB worm, a sophisticated malware, has infected over 2.5 million devices, posing a significant cybersecurity threat worldwide. The [...]
SSLoad Malware Combined with Tools Hijacks Entire Network Domain
The FROZEN#SHADOW attack campaign employs SSLoad malware alongside Cobalt Strike Implants to seize control of the entire network. Additionally, threat actors utilize Remote Monitoring and Management (RMM) software like ScreenConnect [...]
Cactus Ransomware Exploits Vulnerability in Qlik Servers
Since November 2023, the Cactus ransomware gang has been exploiting vulnerable Qlik Sense servers, leveraging multiple vulnerabilities including CVE-2023-41266 (Path Traversal), CVE-2023-41265 (HTTP Request Tunneling), and CVE-2023-48365 (Unauthenticated Remote Code [...]
Hackers exploit Autodesk Drive to host weaponized PDF files
Autodesk Drive serves as a cloud-based data-sharing platform for organizations, facilitating document and file sharing. It accommodates various file formats, including 2D and 3D data files such as PDFs, accessible [...]
GuptiMiner Exploits eScan to Distribute Miners and Backdoors
Avast researchers recently uncovered GuptiMiner, an aged malware. It leverages the eScan antivirus update system to surreptitiously implant backdoors and cryptocurrency mining software into users’ computers and extensive corporate networks. [...]
Urgent: GitLab Flaw Allows Account Takeover – Act Now
GitLab has issued security patches (16.11.1, 16.10.4, and 16.9.6) for both Community and Enterprise Editions, emphasizing the importance of upgrading to these versions to mitigate vulnerabilities. Scheduled bi-monthly patch releases [...]
CrushFTP Zero-Day Enables Attackers to Gain Complete Server Access
CrushFTP disclosed a zero-day vulnerability (CVE-2024-4040) affecting versions below 10.7.1 and 11.1.0, allowing remote attackers with low privileges to bypass the VFS sandbox and read arbitrary files on the underlying [...]
OpenMetadata Vulnerabilities to Target Kubernetes
The OpenMetadata platform has critical vulnerabilities reported by Microsoft Security Blog, enabling attackers to exploit Kubernetes workloads for crypto mining. Five vulnerabilities facilitate bypassing authentication and executing Remote Code Execution. [...]
Critical Oracle VirtualBox vulnerability now has a PoC exploit released
Oracle VirtualBox had a critical vulnerability (CVE-2024-21111) allowing Privilege Escalation and Arbitrary File Move/Delete, rated 7.8 (High). Oracle promptly patched it and issued a security advisory. Oracle released a security [...]
Watch Out for Weaponized Zip Files Distributing WINELOADER Malware
Russian threat group APT29 targeted German political parties with a new backdoor, WINELOADER, via spear-phishing emails containing malicious links to ZIP files on compromised websites. These ZIP files deployed an [...]
PyPI Package Malware Targets Discord Users for Credential Theft
Hackers frequently exploit PyPI packages to inject malicious code into widely-used Python libraries, seeking vulnerabilities. Recently, FortiGuard Labs cybersecurity researchers uncovered a malicious PyPI package, "discordpy_bypass-1.7," targeting Discord users for [...]
Cerber Linux Ransomware Targets Atlassian Servers
Cybercriminals frequently deploy Linux ransomware in server environments, targeting organizations with critical data for potentially higher payouts. Cado Security Labs' cybersecurity analysts recently examined the Linux version of Cerber ransomware, [...]
Active Directory Security: 5 Critical Vulnerabilities to Monitor
Microsoft’s Active Directory (AD) acts as the backbone of your organization's network, regulating access to network and database sections to authorized users. A well-structured AD is crucial for safeguarding the [...]
Tor Browser 13.0: What’s New
Tor Browser 13.0.14 is now available, featuring crucial security enhancements for the widely-used privacy-centric web browser. Tor Browser is a web browser that focuses on privacy and anonymity by routing [...]
Surge in Zero-click Vulnerabilities: The Rise of ‘Mobile NotPetya’
The cybersecurity community warns of the rising threat of a "mobile NotPetya" event, a self-propagating mobile malware outbreak with potentially devastating consequences. This concern is fueled by the significant increase [...]
Hackers Customize LockBit 3.0 Ransomware for Global Organization Attacks
Hackers exploit LockBit 3.0 ransomware for its advanced encryption, successfully locking victims' files for ransom. Its stealthiness aids in unauthorized system access, enhancing deployment chances. Kaspersky Labs' cybersecurity researchers uncovered [...]
Recent SharePoint Method Enables Hackers to Evade Security Measures
Two recently discovered SharePoint techniques empower malicious actors to circumvent conventional security measures and extract sensitive data covertly, evading detection mechanisms. These techniques involve disguising illicit file downloads as innocuous [...]
LightSpy: Malware Threatening Android and iOS Users
A recently discovered malware dubbed LightSpy has been found to target both Android and iOS users. LightSpy, a modular malware implant, is engineered to penetrate mobile devices, posing a substantial [...]
Critical PAN-OS Command Injection Vulnerability Exploited
Palo Alto Networks alerts customers to a critical command injection vulnerability in PAN-OS GlobalProtect feature, scoring the maximum 10/10 on CVSS. Fixes are underway, the company reports. PAN-OS COMMAND INJECTION [...]
Hackers deploy malware-driven scans to uncover vulnerabilities
Hackers are employing malware-infected devices for scanning target networks rather than conducting direct scans. This strategy allows them to obscure their identity, circumvent geographical restrictions (geofencing), and expand their botnets. [...]
Critical vulnerabilities in LG TVs enable command execution
LG has addressed four critical vulnerabilities found in numerous TV models, dating back to 2023, which could grant control to malicious actors. Although attackers need to be on the same [...]
Microsoft’s latest Patch Tuesday addresses 149 security vulnerabilities
On April Patch Tuesday, Microsoft addressed 149 bugs, one of its largest security updates, spanning various products including Microsoft Office and SQL Server, with most vulnerabilities found in Windows and [...]
XZ Utils Backdoor Uncovered, Poses Threat to Linux Servers
Andres Freund discovered a backdoor in the liblzma library, part of the XZ data compression tool. The maintainer noticed a half-second delay in the updated version, leading to the flaw's [...]
-
Attackers Utilize Obfuscation Tools for Multi-Stage Malware Delivery via Invoice Phishing GalleryAttackers Utilize Obfuscation Tools for Multi-Stage Malware Delivery via Invoice Phishing
BOTNET, Compromised, Internet Security, malicious cyber actors, Mobile Security, phishing, Security Advisory, Security Update
Attackers Utilize Obfuscation Tools for Multi-Stage Malware Delivery via Invoice Phishing
Cybersecurity researchers uncover a complex multi-stage attack employing invoice-themed phishing decoys to distribute various malware, including Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a crypto wallet stealer. All about [...]
Two Zero-Day Android Flaws Exploited in Google Pixel
Google has revealed the detection of two Android zero-day security vulnerabilities in its Pixel smartphones, with patches already available as per the recent Pixel Update Bulletin. Even more concerning, the [...]
New E-Shopping Attack: Hijacking Users’ Banking Credentials
Since 2021, a fake e-shop scam campaign has targeted Southeast Asia, with increased activity observed by CRIL in September 2022, expanding from Malaysia to Vietnam and Myanmar. Attackers distribute a [...]
Critical OS Command Injection Vulnerability Discovered in Progress Flowmon
Progress Flowmon is a network monitoring and security solution developed by Progress, a software company. It is designed to provide visibility into network traffic, detect anomalies, and enhance network security [...]
Hackers are exploiting YouTube channels to steal your data
Cybercriminals are exploiting YouTube, a platform adored by millions, to orchestrate advanced malware attacks. These perpetrators, capitalizing on the allure of free software and video game enhancements, prey on unsuspecting [...]
StrelaStealer targets users to steal logins from Outlook and Thunderbird
A sophisticated variant of StrelaStealer malware, tailored for Spanish-speaking users, is targeting popular email clients Outlook and Thunderbird to pilfer email account credentials. StrelaStealer First detected in early November 2022, [...]
Microsoft introduces 5 new AI tools to be integrated with Azure AI.
Microsoft has rolled out new tools in Azure AI Studio to aid generative AI app developers in addressing quality and safety concerns linked with AI. These tools are either currently [...]
Patch immediately: Bitdefender Security Privilege Escalation Vulnerability
Bitdefender has patched a vulnerability across its popular products like Internet Security, Antivirus Plus, Total Security, and Antivirus Free, addressing potential privilege escalation issues. This vulnerability could grant attackers system [...]
Microsoft SharePoint vulnerability detected. Update now!
In late March 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert concerning the exploitation of a flaw in Microsoft SharePoint. Although detected in September 2023, active [...]
iPhone users, beware! Darcula phishing service targeting iMessage
Recently, cybersecurity analysts at Netcraft uncovered threat actors actively exploiting the Dracula phishing service to target USPS and global postal services via iMessage. IPhone Darcula Phishing Attack "Dracula" is an [...]
Wireshark 4.2.4 is now available: What’s New!
Wireshark continues to reign supreme, providing unmatched tools for troubleshooting, analysis, development, and education. The latest release, Wireshark 4.2.4, brings a plethora of fixes and updates, solidifying its status as [...]
Apple Silicon Unveils GoFetch Vulnerability
Researchers have revealed a vulnerability in Apple Silicon processors called GoFetch, enabling attackers to extract secret keys from Mac computers during extensive cryptographic operations. Importantly, patching the flaw is virtually [...]
Apple ID Push Bombing Attack: Targeting Apple Users to Steal Passwords
Apple users are being targeted by a sophisticated phishing campaign aimed at seizing control of their Apple IDs through a method known as "push bombing" or "MFA fatigue" attack. This [...]
Hackers deploy weaponized PDF files to distribute Mispadu banking malware
Originally focused on Latin America, the banking trojan Mispadu has broadened its scope to Europe, employing phishing emails and malicious URLs to pilfer credentials. The attackers leverage these stolen credentials [...]
Watch out for free Android VPN apps that transform your device into proxies
Security specialists have unearthed a group of Android VPN apps that surreptitiously convert user devices into proxy nodes, possibly engaging in nefarious activities unbeknownst to users. This revelation has sparked [...]
-
Threat actors employ Tycoon 2FA kits to pilfer your data through deceptive login pages GalleryThreat actors employ Tycoon 2FA kits to pilfer your data through deceptive login pages
BOTNET, Compromised, Exploitation, Internet Security, IOC's, malicious cyber actors, Security Advisory, Security Update
Threat actors employ Tycoon 2FA kits to pilfer your data through deceptive login pages
Cybercriminals leverage 2FA (Two-Factor Authentication) phishing kits to bypass the added security layer provided by 2FA. These kits typically replicate genuine login interfaces and prompt users to input their credentials [...]
Attention Linux admins: Fake PuTTY client installing Rhadamanthys stealer detected!
A malvertising campaign distributing a fake PuTTY client has been discovered, aiming to deploy the dangerous Rhadamanthys stealer malware. Fake PuTTY client installing Rhadamanthys stealer This campaign cleverly exploits the [...]
Patch Now: Exploits Targeting 2 Firefox Zero-Days Unveiled at Pwn2Own
Mozilla has swiftly responded to two zero-day vulnerabilities exploited during the recent Pwn2Own Vancouver 2024 hacking contest in the Firefox web browser. During this week's Pwn2Own Vancouver 2024 hacking competition, [...]
New Sysrv Botnet Abuses Google Subdomain to Spread XMRig Miner
First identified in 2020, the Sysrv botnet leverages a Golang worm to infect devices, deploying cryptominers through network vulnerability exploits. New Sysrv Botnet Abuses Google Subdomain Continuously updated by its [...]
-
Over 170,000 GitHub accounts of Python developers hacked in supply chain attack. GalleryOver 170,000 GitHub accounts of Python developers hacked in supply chain attack.
BOTNET, Compromised, cyberattack, Exploitation, Internet Security, malicious cyber actors, Mobile Security, Security Advisory, Security Update
Over 170,000 GitHub accounts of Python developers hacked in supply chain attack.
Over 170,000 users have been affected by a sophisticated attack targeting the Python software supply chain. The Checkmarx Research team has discovered a multi-layered campaign exploiting fake Python infrastructure to [...]
DHCP Exploited for Privilege Escalation in Windows Domains
Security researchers have discovered a sophisticated method, named "DHCP Coerce," that exploits the Dynamic Host Configuration Protocol (DHCP) administrators group to escalate privileges within Windows domains. The vulnerability revolves around [...]
New Acoustic Keyboard Side Channel Attack Allows Theft of Sensitive Data
With the rise in digital device usage, personal data security has become increasingly important. Side-channel attacks exploit system side effects to gather information, with electronic emissions being a known vulnerability. [...]
Microsoft announces a significant domain change for Teams
In April 2023, Microsoft announced a multi-year initiative to unify authenticated, user-facing Microsoft 365 apps and services under a single domain: cloud.microsoft. As we prepare to migrate Teams, Outlook, and [...]
Androxgh0st exploits SMTP services to steal critical data
AndroxGh0st targets Laravel applications, scanning and extracting login credentials for AWS and Twilio from .env files. AndroxGh0st, previously identified as an SMTP cracker, utilizes multiple strategies including credential exploitation, web [...]
Operation PhantomBlu: Attackers Exploit Weaponized MS Office Doc to Breach Windows
Researchers at Perception Point have discovered a new malware campaign dubbed PhantomBlu, which targets US organizations. The campaign utilizes innovative methods to deploy the NetSupport RAT (Remote Access Trojan) by [...]
Critical RCE Vulnerability in Fortra FileCatalyst
A PoC has been published for a critical RCE vulnerability found in Fortra's FileCatalyst software. RCE Vulnerability in Fortra FileCatalyst Tracked as CVE-2024-25153, this vulnerability poses a severe threat to [...]
Discontinued WordPress Plugin Vulnerability Puts Websites at Risk of Cyber Attacks
A critical vulnerability was found in miniOrange's Malware Scanner and Web Application Firewall plugins, allowing unauthenticated attackers to gain admin access to WordPress sites. This highlights ongoing challenges for website [...]
Google Chrome will soon introduce real-time phishing protection features
Google has announced an upgrade to its Safe Browsing technology, enhancing Chrome users' protection against phishing, malware, and other malicious sites in real-time. This enhancement promises to revolutionize users' web [...]
A critical flaw in Zoom Clients allows attackers to escalate privileges
A vulnerability categorized as improper input validation was discovered in Zoom Clients for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. This flaw could potentially enable [...]
GitHub Campaign Targets Users to Steal Login Credentials
Threat actors frequently target GitHub users because of the abundance of valuable code repositories and sensitive information stored on the platform. However, GitHub's collaborative nature also makes it an exceptional [...]
Hackers weaponize LNK files to deploy AutoIt malware
Hackers are using weaponized LNK files to deploy AutoIt malware, causing concern in the cybersecurity community. The LNK Malware Infection The infection chain starts with what appears to be a [...]
Hackers deploy TMChecker RAT to target popular VPN and mail servers
A new tool discovered on the Dark Web indicates a change in cybercriminal tactics for illicitly accessing corporate networks. TMChecker, recently uncovered by ReSecurity, is engineered to target remote-access services [...]
PixPirate, an Android banking malware
PixPirate, an Android banking malware, is pioneering stealth techniques to evade detection. IBM Trusteer researchers have unveiled its sophisticated methods, posing significant threats to financial institutions, especially in Brazil. What [...]
Adobe Reader Infostealer Spreads Through Email in Brazil
A recent email spam campaign is distributing infostealer malware disguised as an Adobe Reader Installer. The spam emails contain forged PDF documents prompting recipients to install Adobe Reader, which in [...]
The SSRF flaw in ChatGPT-Next-Web allowed attackers to gain unauthorized access.
In addition to ChatGPT and Gemini AI, two of the most popular publicly available Artificial Intelligence systems, there are numerous other standalone chatbot applications users can deploy and customize for [...]
BianLian Exploits TeamCity Vulnerability to Install Backdoors
The cybercriminal group BianLian, recognized for their ransomware assaults, has garnered attention from the information security community. Exploiting vulnerabilities within the JetBrains TeamCity platform, they executed multistage cyberattacks. Their modus [...]
-
Vulnerability in Over 150,000 Fortinet Devices Enables Remote Execution of Arbitrary Code by Hackers GalleryVulnerability in Over 150,000 Fortinet Devices Enables Remote Execution of Arbitrary Code by Hackers
BOTNET, Compromised, Exploitation, Internet Security, Remote code execution, Security Advisory, Security Update, vulnerability
Vulnerability in Over 150,000 Fortinet Devices Enables Remote Execution of Arbitrary Code by Hackers
A critical security flaw, identified as CVE-2024-21762, has been uncovered in Fortinet's FortiOS and FortiProxy secure web gateway systems, potentially affecting approximately 150,000 devices worldwide. The vulnerability permits unauthenticated remote [...]
Analysis and Description of Win32/Softcnapp Detection
PUA:Win32/Softcnapp is a generic detection name used by Microsoft Defender to identify unwanted programs. It can occasionally trigger false positive detections on legitimate applications, such as the desktop Viber client, [...]
CHAVECLOAK Malware Exploits Windows Through Weaponized PDF File
CHAVECLOAK is a type of malware, specifically a banking trojan, known for targeting users, particularly in Brazil, with the intent of stealing sensitive financial information. CHAVECLOAK Malware Exploits Windows The [...]
Gitlab Authorization Bypass Vulnerability Enables Theft of Protected Variables
GitLab has released updated versions for its Community Edition (CE) and Enterprise Edition (EE) platforms, addressing critical vulnerabilities that enable attackers to bypass authorization mechanisms and access protected variables. Gitlab [...]
Web Server Compromised by Hackers for z0Miner Malware Deployment
The malicious actor, known as "z0miner," has been discovered targeting Korean WebLogic servers to disseminate various forms of malware, including miners, network utilities, and scripts for launching additional attacks. This [...]
Cybercriminals Exploiting iOS 0-day Vulnerability to Target iPhones – Update Immediately!
Two zero-day vulnerabilities have been uncovered in iOS and iPadOS 17.4 versions, enabling threat actors to circumvent memory protections and execute arbitrary kernel read and write operations on affected devices. [...]
-
WogRAT Malware Leverages Notepad Service to Target Windows & Linux Systems GalleryWogRAT Malware Leverages Notepad Service to Target Windows & Linux Systems
BOTNET, Compromised, Exploitation, Internet Security, Linux Malware, malicious cyber actors, Malware, Mobile Security, Security Advisory, Security Update, windows
WogRAT Malware Leverages Notepad Service to Target Windows & Linux Systems
Malware leverages the Notepad service to target systems like Windows and Linux, exploiting the ubiquity of Notepad across various operating systems. Malicious actors can exploit this tool via malware to [...]
TeamCity On-Premises Vulnerabilities Pose Risks to Supply Chains
Two fresh security vulnerabilities have surfaced in JetBrains TeamCity On-Premises, a prevalent CI/CD solution. Designated as CVE-2024-27198 and CVE-2024-27199, these vulnerabilities were first reported to JetBrains in February 2024 and [...]
Cybercriminals Employing Innovative DNS Hijacking Technique for Investment Scams
A recently identified DNS threat actor known as Savvy Seahorse is employing advanced tactics to lure victims into fraudulent investment platforms and pilfer their funds. According to a report released [...]
SMS Bombing: The Risks and Dangers of Text Message Attacks
In the realm of cybersecurity, SMS Bomber attacks are emerging as a modern threat with significant and concerning consequences. Many of us have experienced receiving SMS or calls from unknown [...]
-
Beware: Business Email Compromise (BEC) Attacks Threaten Organizations GalleryBeware: Business Email Compromise (BEC) Attacks Threaten Organizations
BOTNET, Compromised, Exploitation, Internet Security, malicious cyber actors, Mobile Security, phishing, Security Advisory, Security Update, Spam, Tips
Beware: Business Email Compromise (BEC) Attacks Threaten Organizations
The pandemic has spurred significant shifts in business models. With the rise of digital transformation, increased efficiency, and profitability, the threat landscape for organizations has evolved. Presently, with over 60% [...]
New Bifrost malware for Linux mimics VMware domain for evasion
A new Linux variant of Bifrost, called Bifrose, was detected employing a clever evasion tactic by utilizing a deceptive domain resembling the official VMware domain to avoid detection. What is [...]
Emerging Phishing Kit Exploits SMS and Voice Calls to Target Cryptocurrency Users
A newly discovered phishing kit has been observed impersonating the login pages of prominent cryptocurrency services as part of an attack cluster aimed primarily at mobile devices. Emerging Phishing Kit [...]
Hackers Exploit SVG Image Files for GUloader Malware Distribution
Cybercriminals are leveraging the flexibility of SVG (Scalable Vector Graphics) files for the dissemination of the GUloader malware. Hackers Exploit SVG Image Files for GUloader Malware GuLoader is notorious for [...]
Cybercriminals Exploit Weaponized ZIP Files to Acquire NTLM Hashes
Cyber adversaries utilize ZIP files as a means to weaponize them, leveraging the ease of concealing malicious payloads within compressed archives. This tactic poses a challenge for security systems, as [...]
Malicious npm Packages: North Korean Hackers Targeting Developers
Recent discoveries by Phylum indicate that a series of counterfeit npm packages identified on the Node.js repository are associated with state-sponsored actors from North Korea. Malicious npm Packages The packages [...]
SSH-Snake Malware: Stealing SSH Keys to Expand Network Spread
Threat actors exploit SSH credentials to gain unauthorized access to systems and networks, executing malicious activities by leveraging weak or compromised credentials. The misuse of SSH credentials offers a covert [...]
LiteSpeed Plugin Vulnerability Exposes 5 Million WordPress Sites to Risk
Researchers at Patchstack have issued a warning regarding an unauthenticated site-wide stored XSS vulnerability, identified as CVE-2023-40000, affecting the LiteSpeed Cache plugin for WordPress. LiteSpeed Plugin Vulnerability The LiteSpeed Cache [...]
Xeno RAT Exploits Windows DLL Search to Evade Detection
A newly identified, sophisticated malware coded in C# has emerged. Dubbed Xeno RAT, this malware boasts advanced features such as evasion tactics, payload generation, and an additional layer of threat [...]
Compromised PyPI Package Deploys NovaSentinel Stealer on Windows
Researchers uncovered an advanced cyberattack involving a dormant Python Package Index (PyPI) package called Django-log-tracker, which was unexpectedly updated to distribute the NovaSentinel stealer malware. This finding underscores a substantial [...]
LockBit Returns, Unveiling Fresh Claims and Victims
The narrative surrounding the takedown of the LockBit ransomware on February 19 is still evolving. Following nearly a week of silence and downtime, the notorious gang has resurfaced on a [...]
Microsoft Initiates Wi-Fi 7 Testing in Windows 11
Microsoft has commenced testing Wi-Fi 7 compatibility within the Windows 11 Insider Preview Build 26063. Initially available only in the Canary Channel, a potential expansion to Dev Channel users could [...]
Analysts Expose Apple’s Latest Zero-Click Shortcuts Vulnerability
Information has surfaced regarding a recently patched high-severity security vulnerability in Apple's Shortcuts app, allowing a shortcut to access sensitive device information without user consent. Apple's Latest Zero-Click Shortcuts Apple [...]
-
Multiple Cross-Site Scripting (XSS) Flaws in Joomla Could Result in Remote Code Execution GalleryMultiple Cross-Site Scripting (XSS) Flaws in Joomla Could Result in Remote Code Execution
Exploitation, Internet Security, Mobile Security, Remote code execution, Security Advisory, Security Update, vulnerability
Multiple Cross-Site Scripting (XSS) Flaws in Joomla Could Result in Remote Code Execution
Five vulnerabilities have been discovered within the Joomla content management system that could be exploited to execute arbitrary code on vulnerable websites. Multiple Cross-Site Scripting (XSS) Flaws in Joomla The [...]
MrB Ransomware (.mrB Files) – Analysis & File Recovery
MrB ransomware, a variant of Dharma ransomware, was identified on February 21, 2024. It encrypts files with the extension ".mrB" and targets small businesses, demanding ransom solely for file decryption [...]
-
New Wi-Fi Authentication Bypass Vulnerabilities Pose Threat to Home and Enterprise Networks GalleryNew Wi-Fi Authentication Bypass Vulnerabilities Pose Threat to Home and Enterprise Networks
Exploitation, Internet Security, malicious cyber actors, Malware, Mobile Security, Security Advisory, Security Update, Tips, vulnerability
New Wi-Fi Authentication Bypass Vulnerabilities Pose Threat to Home and Enterprise Networks
Two recently discovered Wi-Fi authentication bypass vulnerabilities in open-source software could potentially expose numerous enterprise and home networks to attacks. New Wi-Fi Authentication Bypass Vulnerabilities Mathy Vanhoef, a professor at [...]
Critical Vulnerabilities in ConnectWise ScreenConnect, PostgreSQL JDBC, and VMware EAP
ConnectWise has remedied a critical vulnerability rated CVSS 10 in its ScreenConnect product, a desktop and mobile support software that offers fast and secure remote access solutions. ConnectWise has addressed [...]
Migo Malware: Targeting Redis Servers for Cryptocurrency Mining
A recent malware campaign has been detected, focusing on gaining initial access through Redis servers, aiming to mine cryptocurrency on compromised Linux hosts. What is Migo Malware? Migo Malware is [...]
Mastodon Security Flaw Enables Account Takeover
Cybersecurity experts have uncovered a critical vulnerability in the decentralized social network Mastodon, potentially enabling unauthorized access and account takeover. Fortunately, a fix is already available for this flaw. MASTODON [...]
Meta Warns of 8 Spyware Companies Targeting iOS, Android, and Windows Devices
Meta Platforms announced it has taken measures to combat malicious activities originating from eight firms in Italy, Spain, and the United Arab Emirates (UAE) engaged in the surveillance-for-hire industry. Meta [...]
SYSDF Ransomware: Analysis, .SYSDF File Recovery, and Removal Guide
SYSDF is a ransomware program belonging to the Dharma malware family. Typically targeting small businesses, it encrypts files and demands ransom payments for decryption. The ransomware was first identified by [...]
-
Ov3r_Stealer: Targeting Cryptocurrency and Credentials via Facebook Job Ads GalleryOv3r_Stealer: Targeting Cryptocurrency and Credentials via Facebook Job Ads
BOTNET, Compromised, Exploitation, Internet Security, IOC's, malicious cyber actors, Mobile Security, Security Advisory, Security Update, Tips
Ov3r_Stealer: Targeting Cryptocurrency and Credentials via Facebook Job Ads
"A recent report by Trustwave SpiderLabs reveals the emergence of Ov3r_Stealer, a Windows malware propagated through deceptive Facebook job advertisements. This malware is engineered to pilfer sensitive data and cryptocurrency [...]
Malicious ‘SNS Sender’ Script Exploits AWS for Mass Smishing Campaigns
A malicious Python script named SNS Sender is being promoted as a tool for threat actors to distribute bulk smishing messages by exploiting Amazon Web Services (AWS) Simple Notification Service [...]
Shim Bootloader Vulnerability Detected in Linux Systems
Security researchers have uncovered a critical vulnerability in Shim, a commonly used Linux bootloader. This flaw has the potential to enable attackers to execute malicious code and take control of [...]
-
Zoom patched seven vulnerabilities across Windows, iOS, and Android, including one critical flaw (CVE-2024-24691) GalleryZoom patched seven vulnerabilities across Windows, iOS, and Android, including one critical flaw (CVE-2024-24691)
Android malware, BOTNET, Exploitation, Internet Security, Malware, Mobile Security, Security Advisory, Security Update, vulnerability, windows
Zoom patched seven vulnerabilities across Windows, iOS, and Android, including one critical flaw (CVE-2024-24691)
Zoom, the well-known video conferencing platform, recently patched 7 security vulnerabilities in a recent update. These vulnerabilities range in severity from medium to critical, and they affect a variety of [...]
Beware of Malicious Fake ChatGPT Apps
The public release of ChatGPT caused a sensation back in 2022, and it's fair to say it's been a game-changer. However, scammers often target platforms with large user bases. Fake [...]
HijackLoader Malware Introduces Fresh Evasion Techniques
The HijackLoader malware has incorporated additional defense evasion tactics. Increasingly, other threat actors are leveraging this malware for delivering payloads and tooling. The developer employed a standard process hollowing technique [...]
New Fortinet VPN RCE Vulnerability Uncovered: Apply Patch Immediately
Fortinet has issued a warning regarding a critical vulnerability found in its FortiOS SSL VPN system, which could be actively exploited by attackers. This vulnerability within Fortinet's network security solutions [...]
GitLab Security Flaw (CVE-2024-0402) Raises Concerns of File Overwrite Risk
In a recent security update, GitLab has released a patch addressing a critical vulnerability that could permit unauthorized users to overwrite files. This poses a risk of data corruption or [...]
-
A critical vulnerability in Apple iOS and macOS has been discovered and exploited GalleryA critical vulnerability in Apple iOS and macOS has been discovered and exploited
Apple, BOTNET, Compromised, cyberattack, Exploitation, Internet Security, IOC's, malicious cyber actors, Mobile Security, Security Advisory, Security Update
A critical vulnerability in Apple iOS and macOS has been discovered and exploited
The Cybersecurity and Infrastructure Security Agency has identified a security flaw in Apple operating systems, specifically iOS and macOS, and has included it in the agency’s Known Exploited Vulnerabilities catalog. [...]
Kasseika Ransomware Exploits Vulnerable Antivirus Drivers
A recently discovered ransomware, named "Kasseika," employs Bring Your Own Vulnerable Driver tactics to incapacitate antivirus software prior to encrypting files. It is suspected that Kasseika may have been developed [...]
Discovery of Authentication Bypass Vulnerability in GoAnywhere MFT
Fortra has revealed a critical vulnerability in its GoAnywhere MFT (Managed File Transfer) software—an authentication bypass that poses a significant security risk. Exploiting this vulnerability successfully could enable attackers to [...]
Apple resolves the first zero-day bug exploited in attacks this year
Apple has issued security updates to tackle the first zero-day vulnerability of the year, which has been exploited in attacks and could affect iPhones, Macs, and Apple TVs. The zero-day [...]
GitHub Developer SSH Keys Targeted Through Malicious npm Packages
Security researchers recently discovered two new malicious packages on the npm open source package manager. These packages utilized GitHub to store stolen Base64-encrypted SSH keys taken from developer systems. Identified [...]
-
Active Exploitation of 2 Citrix Remote Code Execution (RCE) Vulnerabilities, CISA Issues Notification GalleryActive Exploitation of 2 Citrix Remote Code Execution (RCE) Vulnerabilities, CISA Issues Notification
BOTNET, cisco, Compromised, Exploitation, Internet Security, Mobile Security, Security Advisory, Security Update
Active Exploitation of 2 Citrix Remote Code Execution (RCE) Vulnerabilities, CISA Issues Notification
CISA has set a deadline of one to three weeks for addressing three vulnerabilities associated with Citrix NetScaler and Google Chrome. These zero-day vulnerabilities have been actively exploited in cyber [...]
New Godzilla Web Shell Attacks Exploit Apache ActiveMQ Flaw
Cybersecurity researchers caution about a significant rise in threat actor activity exploiting a recently patched flaw in Apache ActiveMQ. This exploitation aims to deliver the Godzilla web shell on compromised [...]
LockBit Ransomware Uses Resume Word Files to Spread
An ASEC investigation has uncovered the latest tactics employed by the notorious LockBit ransomware. Under the guise of "post-paid pentesters," the ransomware now adopts the strategy of appearing as harmless [...]
Latest Docker Malware: CPU Theft for Crypto and Fake Website Traffic Generation
A recently launched campaign aimed at vulnerable Docker services installs both an XMRig miner and the 9hits viewer app on compromised hosts, enabling a dual monetization approach. 9hits functions as [...]
Critical Vulnerability: 178,000 SonicWall Firewalls at Risk of DoS and RCE
Recent research reveals a substantial number of vulnerable SonicWall firewall instances susceptible to remote code execution (RCE) and DoS attacks. Regrettably, no official patches are currently available, compelling clients to [...]
Atlassian’s Confluence Data Center and Server Affected by Critical RCE Vulnerability
Atlassian recommends that its customers update their Confluence Data Center and Server to safeguard against the exploitation of a critical vulnerability that has the potential to lead to Remote Code [...]
AzorUlt Stealer Resurfaces, Employing Email Phishing Tactics
Cybersecurity experts have rediscovered the eight-year-old Azorult malware, known for stealing information and harvesting sensitive data. The malware had been inactive since late 2021, prompting the question of whether this [...]
New Google Chrome 0-day Vulnerability Exploited
In the latest release notes, Google discloses a newly discovered 0-day vulnerability already being exploited in the wild. Although the update addresses the issue, the fact that it is actively [...]
Can Patches Prevent Zero-Day Attacks?
In recent years, zero-day exploits and attacks have emerged as prominent threats. Leveraging unknown vulnerabilities within software, these attacks are nearly impossible to detect and prevent. Zero-day attacks can result [...]
GitLab Zero-Click Account Hijack Vulnerability Revealed
On January 11, 2024, GitLab issued an update containing a crucial security fix for a vulnerability. This flaw enables a user to send the account password reset form to an [...]
Windows SmartScreen Bypass Exploited by Information Stealer
The malicious campaign leverages the CVE-2023-36025 vulnerability in Microsoft Windows Defender SmartScreen to propagate Phemedrone Stealer. Employing sophisticated evasion techniques, it evades conventional security measures to target sensitive user information. [...]
-
Researchers identify FBot hacking tool hijacking cloud and payment services. GalleryResearchers identify FBot hacking tool hijacking cloud and payment services.
BOTNET, Compromised, cyberattack, Darknet, Evilproxy, Exploitation, Internet Security, IOC's, malicious cyber actors, Mobile Security, Security Advisory, Security Update
Researchers identify FBot hacking tool hijacking cloud and payment services.
SentinelOne's malware hunters flagged a recently uncovered Python-based hacking tool employed by cybercriminals to hijack cloud platforms and payment services. FBot hacking tool hijacking cloud and payment services The tool, [...]
-
High Severity Vulnerability in Cisco Unity Connection Could Enable Root Privileges (CVE-2024-20272) GalleryHigh Severity Vulnerability in Cisco Unity Connection Could Enable Root Privileges (CVE-2024-20272)
cisco, Exploitation, Internet Security, malicious cyber actors, Security Advisory, Security Update, vulnerability
High Severity Vulnerability in Cisco Unity Connection Could Enable Root Privileges (CVE-2024-20272)
Cisco has successfully addressed a high-severity security vulnerability in Unity Connection. This flaw had the potential to allow unauthenticated attackers to upload malicious files, execute arbitrary commands, and acquire root [...]
-
Volexity detects Chinese hackers exploiting zero-day vulnerabilities in Ivanti VPN. GalleryVolexity detects Chinese hackers exploiting zero-day vulnerabilities in Ivanti VPN.
BOTNET, Compromised, Exploitation, Internet Security, IOC's, malicious cyber actors, Security Advisory, Security Update, vulnerability, Zero Day Attack
Volexity detects Chinese hackers exploiting zero-day vulnerabilities in Ivanti VPN.
On Wednesday, cybersecurity researchers at Volexity issued a warning, revealing that suspected Chinese nation-state hackers are currently exploiting two unauthenticated remote zero-day vulnerabilities in Ivanti Connect Secure VPN devices. Zero-days [...]
Water Curupira Hackers Spreading PikaBot Loader Malware
In 2023, the threat actor known as Water Curupira has been actively disseminating the PikaBot loader malware through spam campaigns. All about PikaBot Loader Malware In a recently published report, [...]
Two Adobe ColdFusion Vulnerabilities Exploited in The Wild
Two vulnerabilities in Adobe ColdFusion have been targeted in real-world attacks, as cautioned by the Cybersecurity & Infrastructure Security Agency (CISA). These vulnerabilities stem from inadequate validation of deserialized data, [...]
SMTP Smuggling Emerges as a Fresh Email Security Concern
An innovative SMTP Smuggling technique has been reported with the capability to circumvent current security protocols. Additionally, it empowers attackers to send forged emails that appear to originate from authentic [...]
-
Ivanti Released a Patch in Endpoint Manager Solution (EPM) for a Critical Vulnerability GalleryIvanti Released a Patch in Endpoint Manager Solution (EPM) for a Critical Vulnerability
Compromised, Evilproxy, Exploitation, Internet Security, Mobile Security, Security Advisory, Security Update, vulnerability
Ivanti Released a Patch in Endpoint Manager Solution (EPM) for a Critical Vulnerability
Ivanti has resolved a critical vulnerability in its Endpoint Manager (EPM) solution, designated as CVE-2023-39336, carrying a severity score of 9.6/10. This vulnerability, impacting EPM versions 2021 and 2022 before [...]
New ‘SpectralBlur’ macOS Backdoor Linked to North Korea
Security researchers have delved into the intricacies of SpectralBlur, an emerging macOS backdoor believed to be associated with the recently discovered North Korean malware family known as KandyKorn. New ‘SpectralBlur’ [...]
3 Malicious PyPI Packages Target Linux with Crypto Miners
Fortinet researchers identified three malicious packages in the PyPI repository—modularseven, driftme, and catme. These packages, attributed to the same author, "sastra," were specifically crafted to target Linux systems and install [...]
CISA Issues Alert for Juniper Secure Analytics Vulnerabilities
In a recent alert, the Cybersecurity and Infrastructure Security Agency (CISA) highlighted that Juniper has issued security updates to resolve several vulnerabilities in the Juniper Secure Analytics Virtual Appliance. This [...]
-
Google accounts may be susceptible to a new hack, and changing the password won’t provide a solution. GalleryGoogle accounts may be susceptible to a new hack, and changing the password won’t provide a solution.
BOTNET, Compromised, Evilproxy, Exploitation, google, Internet Security, Mobile Security, Security Advisory, Security Update
Google accounts may be susceptible to a new hack, and changing the password won’t provide a solution.
A purportedly new method allows hackers to exploit the OAuth2 authorization protocol to compromise Google accounts. This enables them to maintain valid sessions by regenerating cookies, regardless of IP or [...]
Microsoft Disables MSIX App Installer Protocol
Microsoft has disabled the MSIX installer protocol in Windows in response to its exploitation in real-world cyberattacks. Hackers discovered a method to abuse the protocol, allowing them to install malicious [...]
-
Misconfigurations in Google Kubernetes Engine (GKE) Lead to a Privilege Escalation Exploit Chain Gallery
Misconfigurations in Google Kubernetes Engine (GKE) Lead to a Privilege Escalation Exploit Chain
Exploitation, Internet Security, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update, vulnerability
Misconfigurations in Google Kubernetes Engine (GKE) Lead to a Privilege Escalation Exploit Chain
A recent Unit 42 investigation uncovered a dual privilege escalation chain affecting Google Kubernetes Engine (GKE). Stemming from misconfigurations in GKE's FluentBit logging agent and Anthos Service Mesh (ASM), this [...]
Xamalicious Trojan Hits Over 327K Android Devices
Researchers uncovered a novel Android backdoor named Xamalicious at the end of 2023. This malware demonstrates significant capabilities to carry out malicious actions on compromised devices, leveraging Android's accessibility permissions [...]
Remote Encryption Attacks -Explanation & Mitigation
The digital landscape is witnessing a rise in sophisticated ransomware attacks, specifically remote encryption attacks. While the technology itself is not novel, it resembles a YouTube video uploaded a decade [...]
Microsoft Word Documents Used as Lures to Distribute Nim-Based Malware
A recently identified phishing campaign is using decoy Microsoft Word documents as a lure to deploy a backdoor written in the Nim programming language. Nim-Based Malware "Malware in uncommon programming [...]
Cryptocurrency Scams on Twitter Exploit Post Features
Scammers exploit a feature of Twitter posts, deceiving users and putting digital assets at risk. This deceptive tactic relies on Twitter's URL structure, enabling hackers to entice individuals into various [...]
GOOGLE ADDRESSED A NEW ACTIVELY EXPLOITED CHROME ZERO-DAY
Google has issued emergency updates to address yet another Chrome zero-day vulnerability that has been actively exploited in the wild. This marks the eighth zero-day vulnerability patched since the beginning [...]
Microsoft Alerts of RCE and DoS Vulnerabilities in Perforce Server
In the course of a security assessment of its game development studios, Microsoft identified four vulnerabilities in Perforce Helix Core Server. These vulnerabilities have the potential to be exploited remotely [...]
Comcast’s Xfinity Breach Exposes Data of 35.8 Million Users
Comcast has officially acknowledged a significant security breach affecting its Xfinity division, with approximately 36 million customers of the world's largest telecom provider exposed due to the CitrixBleed exploitation. Hackers [...]
-
Kinsta Alerts About Phishing Campaign on Google Ads GalleryKinsta Alerts About Phishing Campaign on Google Ads
Backdoor, BOTNET, Compromised, cyberattack, Email servers, Evilproxy, Exploitation, hackers, Internet Security, IOC's, malicious cyber actors, Malware, Mobile Security, phishing, Security Advisory, Security Update, Spam
Kinsta Alerts About Phishing Campaign on Google Ads
Kinsta, a leading WordPress hosting provider, has alerted its customers to a troubling cybersecurity development. Cybercriminals are exploiting Google Search Ads to promote phishing websites, with a focus on pilfering [...]
-
Qbot malware resurfaces in a new campaign focusing on the hospitality sector. GalleryQbot malware resurfaces in a new campaign focusing on the hospitality sector.
BOTNET, Compromised, cyberattack, Evilproxy, Exploitation, hackers, infostealer, Internet Security, IOC's, malicious cyber actors, Malware, Security Advisory, Security Update
Qbot malware resurfaces in a new campaign focusing on the hospitality sector.
QakBot malware has re-emerged in phishing campaigns, following a disruption of the botnet by law enforcement during the summer. In August, a multinational law enforcement initiative named Operation Duck Hunt [...]
FortiGuard Releases Security Updates for Critical Vulnerabilities
FortiGuard unveiled security updates on December 12, 2023, to mitigate multiple critical vulnerabilities present in its FortiOS, FortiPAM, FortiMail, FortiNDR, FortiRecorder, FortiSwitch, and FortiVoice products. Exploiting these vulnerabilities could potentially [...]
Google Will Block Third-Party Cookies for All Chrome Users by the Second Half of 2024
On Thursday, Google declared its plans to initiate testing of a new feature named "Tracking Protection" from January 4, 2024. This testing phase will involve 1% of Chrome users and [...]
-
116 Malicious Packages Detected in PyPI Repository, Targeting Windows and Linux Operating Systems Gallery116 Malicious Packages Detected in PyPI Repository, Targeting Windows and Linux Operating Systems
Compromised, Exploitation, Internet Security, IOC's, malicious cyber actors, Security Advisory, Security Update
116 Malicious Packages Detected in PyPI Repository, Targeting Windows and Linux Operating Systems
Security experts have uncovered a collection of 116 malicious packages within the Python Package Index (PyPI) repository, specifically crafted to compromise Windows and Linux systems through a tailored backdoor. ESET [...]
-
Enhancing Android Security: Google Implements Clang Sanitizers to Safeguard Against Cellular Baseband Vulnerabilities GalleryEnhancing Android Security: Google Implements Clang Sanitizers to Safeguard Against Cellular Baseband Vulnerabilities
Compromised, cyberattack, Evilproxy, Exploitation, Internet Security, IOC's, malicious cyber actors, Security Advisory, Security Update, vulnerability
Enhancing Android Security: Google Implements Clang Sanitizers to Safeguard Against Cellular Baseband Vulnerabilities
Google Emphasizes Clang Sanitizers in Strengthening Android's Cellular Baseband Security and Mitigating Vulnerabilities What are Clang sanitizers? Clang sanitizers constitute a suite of tools designed for the static analysis of [...]
APPLE RELEASED IOS 17.2 TO ADDRESS A DOZEN OF SECURITY FLAWS
iOS 17.2 and iPadOS 17.2 have been launched by the company, featuring enhancements that resolve twelve security vulnerabilities. Among these, the most critical is a memory corruption issue located within [...]
21 Security Flaws Found to Affect Over 86,000 Sierra AirLink Routers
Researchers Uncover 21 New Sierra Vulnerabilities Affecting Over 86,000 Exposed Online Devices. Sierra AirLink Routers Users of Sierra AirLink routers face potential threats, including remote code execution, unauthorized access, cross-site [...]
-
Microsoft Issues Warning on COLDRIVER: Ongoing Evolution in Evasion and Credential Theft Strategies GalleryMicrosoft Issues Warning on COLDRIVER: Ongoing Evolution in Evasion and Credential Theft Strategies
Compromised, Darknet, Exploitation, hackers, Internet Security, IOC's, malicious cyber actors, Malicious extension, Microsoft, Security Advisory, Security Update
Microsoft Issues Warning on COLDRIVER: Ongoing Evolution in Evasion and Credential Theft Strategies
COLDRIVER, the threat actor, persists in carrying out credential theft operations targeting entities strategically significant to Russia, concurrently enhancing its capabilities to evade detection. Microsoft Issues Warning on COLDRIVER The [...]
-
Atlassian Deploys Crucial Software Updates to Mitigate Remote Code Execution Vulnerabilities GalleryAtlassian Deploys Crucial Software Updates to Mitigate Remote Code Execution Vulnerabilities
BOTNET, Compromised, Evilproxy, Internet Security, malicious cyber actors, Mobile Security, Security Advisory, Security Update, Tips, vulnerability
Atlassian Deploys Crucial Software Updates to Mitigate Remote Code Execution Vulnerabilities
Atlassian has issued software patches to rectify four critical vulnerabilities in its software. Successful exploitation of these flaws could lead to remote code execution. The following is a list of [...]
-
Apple Addresses Exploited Zero-Day Vulnerabilities with Emergency Security Update: CVE-2023-42916, CVE-2023-42917 GalleryApple Addresses Exploited Zero-Day Vulnerabilities with Emergency Security Update: CVE-2023-42916, CVE-2023-42917
Apple, Exploitation, Internet Security, Mobile Security, Security Advisory, Security Update, vulnerability, Zero Day Attack
Apple Addresses Exploited Zero-Day Vulnerabilities with Emergency Security Update: CVE-2023-42916, CVE-2023-42917
Apple responded to the active exploitation of two zero-day vulnerabilities in the wild by swiftly issuing emergency security updates. Identified as CVE-2023-42916 and CVE-2023-42917, these vulnerabilities specifically impact the WebKit [...]
Qlik Sense Vulnerabilities Exploited in Ransomware Attacks
There's evidence of a CACTUS ransomware campaign exploiting recently revealed security vulnerabilities in Qlik Sense, a cloud analytics and business intelligence platform. This exploitation serves as a means to gain [...]
-
Google Introduces RETVec: Gmail’s Latest Safeguard Against Spam and Malicious Emails GalleryGoogle Introduces RETVec: Gmail’s Latest Safeguard Against Spam and Malicious Emails
BOTNET, Compromised, Email servers, Internet Security, Mobile Security, phishing, Security Advisory, Security Update, Tips
Google Introduces RETVec: Gmail’s Latest Safeguard Against Spam and Malicious Emails
Google has unveiled RETVec (Resilient and Efficient Text Vectorizer), a new multilingual text vectorizer designed to enhance Gmail's capability in detecting potentially harmful content, including spam and malicious emails. According [...]
-
Exploitation Attempts Observed for Critical ownCloud Vulnerability (CVE-2023-49103) GalleryExploitation Attempts Observed for Critical ownCloud Vulnerability (CVE-2023-49103)
BOTNET, Compromised, Evilproxy, Exploitation, Internet Security, Mobile Security, Security Advisory, Security Update, vulnerability
Exploitation Attempts Observed for Critical ownCloud Vulnerability (CVE-2023-49103)
The cybersecurity community has expressed concerns as they've detected exploitative activities focusing on ownCloud, leveraging the CVE-2023-49103 vulnerability. The spotlight is on ownCloud, a well-known open-source file server recognized for [...]
-
Ensuring Your Security During Black Friday and Cyber Monday 2023 GalleryEnsuring Your Security During Black Friday and Cyber Monday 2023
BOTNET, cyberattack, Darknet, Email servers, Evilproxy, Exploitation, hackers, Internet Security, IOC's, malicious cyber actors, Mobile Security, phishing, Security Advisory, Security Update, Spam
Ensuring Your Security During Black Friday and Cyber Monday 2023
Annually, the holiday season kicks off with the significant retail shopping events in the U.S., Black Friday and Cyber Monday, occurring on the Friday and Monday following Thanksgiving. Anticipated to [...]
New Rust-based SysJoker backdoor linked to Hamas hackers
SysJoker, a multi-platform malware, has been identified in a novel iteration, showcasing a comprehensive code overhaul implemented in the Rust programming language. All about SysJoker Intezer initially documented SysJoker as [...]
CISA Alert: Serious Vulnerabilities in Adobe ColdFusion (CVE-2023-44350, CVE-2023-44351, CVE-2023-44353 and More)
An alert has been released by CISA regarding several vulnerabilities affecting Adobe ColdFusion. The alert emphasizes that the vulnerabilities, if exploited, may give threat actors control over the affected systems. [...]
-
DarkGate and PikaBot Malware Resurrect QakBot’s Techniques in New Phishing Assaults Gallery
DarkGate and PikaBot Malware Resurrect QakBot’s Techniques in New Phishing Assaults
BOTNET, Compromised, Exploitation, Internet Security, malicious cyber actors, Malware, phishing, Security Advisory, Security Update
DarkGate and PikaBot Malware Resurrect QakBot’s Techniques in New Phishing Assaults
Phishing campaigns distributing malware families like DarkGate and PikaBot are employing tactics reminiscent of attacks associated with the now-defunct QakBot trojan. Cofense, in a report shared with The Hacker News, [...]
-
Six Steps to Safeguard Small Businesses Against Cyberattacks GallerySix Steps to Safeguard Small Businesses Against Cyberattacks
BOTNET, Compromised, cyberattack, Darknet, Data Breach, Evilproxy, Exploitation, Internet Security, IOC's, malicious cyber actors, Mobile Security, Security Advisory, Security Update
Six Steps to Safeguard Small Businesses Against Cyberattacks
Successful management of cyber risks in small businesses centers on adherence to workplace regulations and the attainment of robust security measures. Cyber security and data privacy protection concept with icon [...]
MySQL: Servers Targeted by DDoS-as-a-Service, Ddostf
Malicious cyber actors exploit MySQL servers through a botnet known as 'Ddostf,' utilizing it as a DDoS-as-a-Service platform available for lease by other cybercriminals. AhnLab's ASEC researchers identified the mentioned [...]
Zimbra Zero-Day Exploited to Hack Government Emails
Four distinct groups exploited a zero-day vulnerability in the Zimbra Collaboration email software in real-world attacks, aiming to illicitly acquire email data, user credentials, and authentication tokens. Zimbra Zero-Day Exploited [...]
Critical CVE-2023-34060 Vulnerability in VMware Cloud Director Appliance: CISA Advises Immediate Patching
VMware has just released an advisory (VMSA-2023-0026) addressing a critical authentication bypass vulnerability found in the VMware Cloud Director Appliance (VCD Appliance). Designated as CVE-2023-34060, this vulnerability presents a substantial [...]
Google Warns of Malicious Exploitation of Bard by Fraudster
Google Files Lawsuit Against Fraudsters Exploiting Bard's Genetics Artificial Intelligence Hype to Deceptively Distribute Malware. Today, a lawsuit was filed in California, asserting that individuals, seemingly based in Vietnam, are [...]
OracleIV DDoS Botnet Malware Targets Docker Engine API Instances
The OracleIV botnet malware employs various strategies, with a central emphasis on executing DDoS attacks through floods utilizing UDP and SSL protocols. OracleIV DDoS Botnet Malware Targets Docker Engine Cado [...]
Microsoft warns LinkedIn users of fake skills assessment portals
A sub-cluster of the notorious Lazarus Group has created deceptive infrastructure mimicking skills assessment portals for inclusion in its social engineering campaigns. Microsoft has linked the observed activity to a [...]
BiBi-Windows Wiper: Targets Windows in Pro-Hamas attacks
Cybersecurity researchers have issued a warning about a Windows variant of a malware called BiBi-Windows Wiper. This malware has been observed targeting Linux systems in cyber attacks specifically aimed at [...]
-
GootBot: New dangerous variant of GootLoader malware GalleryGootBot: New dangerous variant of GootLoader malware
BOTNET, Compromised, cyberattack, Evilproxy, Exploitation, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Mobile Security, Security Advisory, Security Update
GootBot: New dangerous variant of GootLoader malware
The latest iteration of GootLoader malware, known as GootBot, enables lateral movement within compromised systems while successfully evading detection. As per IBM X-Force researchers, the inclusion of a custom bot [...]
New Variant of BlueNoroff Malware Targets Mac Users
"Researchers Discover BlueNoroff RustBucket Malware Variant Targeting MacOS" - A recent report from Jamf Threat Labs sheds light on the ongoing evolution of this attack and its potential targets. "RustBucket, [...]
SecuriDropper: New DaaS service installs malware on Android
A recently emerged business offering a "Dropper-as-a-Service" (DaaS) known as "SecuriDropper" bypasses Android's "Restricted Settings" function to install malware on devices and gain access to Accessibility Services. SecuriDropper "Restricted Settings" [...]
Mozi malware botnet: Disabled by mysterious kill-switch
The Mozi malware operation came to a sudden halt in August when an unidentified individual delivered a payload on September 27, 2023, triggering a kill-switch that effectively disabled all the [...]
Arid Viper target Android users with spyware
The hacking group known as Arid Viper (also identified as APT-C-23, Desert Falcon, or TAG-63) is purportedly responsible for a distribution campaign involving Android spyware. This spyware specifically targets Arabic-speaking [...]
-
Malicious NuGet Packages Caught Distributing SeroXen RAT Malware Gallery
Malicious NuGet Packages Caught Distributing SeroXen RAT Malware
BOTNET, Data Breach, Evilproxy, Exploitation, Internet Security, IOC's, malicious cyber actors, Malware, Mobile Security, Security Advisory, Security Update, Tips
Malicious NuGet Packages Caught Distributing SeroXen RAT Malware
Cybersecurity experts have discovered a fresh batch of malicious packages distributed through the NuGet package manager, employing a less conventional technique for deploying malware. The software supply chain security firm [...]
-
Lazarus hackers targeted a software vendor using known vulnerabilities GalleryLazarus hackers targeted a software vendor using known vulnerabilities
BOTNET, Compromised, cyberattack, Data Breach, Exploitation, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Mobile Security, Security Advisory, Security Update, vulnerability
Lazarus hackers targeted a software vendor using known vulnerabilities
A recent cyber campaign attributed to the Lazarus hackers from North Korea appears to have focused on a specific vendor's software, which remains unidentified. It's reported that these hackers exploited [...]
-
Critical Vulnerability in F5 BIG-IP Configuration Utility Allows Request Smuggling, Leads to RCE: CVE-2023-46747 GalleryCritical Vulnerability in F5 BIG-IP Configuration Utility Allows Request Smuggling, Leads to RCE: CVE-2023-46747
BOTNET, Compromised, cyberattack, Exploitation, Internet Security, IOC's, malicious cyber actors, Malicious extension, Security Advisory, Security Update, vulnerability
Critical Vulnerability in F5 BIG-IP Configuration Utility Allows Request Smuggling, Leads to RCE: CVE-2023-46747
A critical vulnerability, known as CVE-2023-46747, has been uncovered in F5 BIG-IP products, allowing unauthenticated remote code execution. This vulnerability is rated at a high CVSS score of 9.8, prompting [...]
-
Safari Vulnerability Exposes Apple iPhones and Macs Powered by A and M-Series CPUs to Security Risks GallerySafari Vulnerability Exposes Apple iPhones and Macs Powered by A and M-Series CPUs to Security Risks
Apple, BOTNET, Exploitation, Internet Security, Mobile Security, Security Advisory, Security Update, vulnerability
Safari Vulnerability Exposes Apple iPhones and Macs Powered by A and M-Series CPUs to Security Risks
A team of researchers has developed an innovative side-channel attack called iLeakage, which takes advantage of a vulnerability in Apple's A- and M-series CPUs found in iOS, iPadOS, and macOS [...]
Backdoor planted on hacked Cisco IOS XE devices altered to evade detection
The backdoor infiltrated Cisco devices by exploiting two zero-day flaws in IOS XE software has been altered by the threat actor to evade detection through previous fingerprinting techniques. "Examination of [...]
-
iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation GalleryiOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation
BOTNET, Compromised, cyberattack, Evilproxy, Exploitation, Internet Security, IOC's, malicious cyber actors, Security Advisory, Security Update
iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation
The TriangleDB implant, designed for infiltrating Apple iOS devices, incorporates four distinct modules: one for capturing audio from the device's microphone, another for extracting data from the iCloud Keychain, a [...]
SolarWinds: Serious RCE vulnerabilities discovered
Security researchers have uncovered three critical remote code execution (RCE) vulnerabilities within the SolarWinds Access Rights Manager (ARM) product. These vulnerabilities could potentially be exploited by remote attackers to run [...]
-
Zero-Day Vulnerabilities in Citrix NetScaler and WinRAR Are Under Active Exploitation (CVE-2023-4966, CVE-2023-38831) GalleryZero-Day Vulnerabilities in Citrix NetScaler and WinRAR Are Under Active Exploitation (CVE-2023-4966, CVE-2023-38831)
BOTNET, Compromised, Evilproxy, Exploitation, Internet Security, IOC's, malicious cyber actors, Security Advisory, Security Update, Tips, vulnerability
Zero-Day Vulnerabilities in Citrix NetScaler and WinRAR Are Under Active Exploitation (CVE-2023-4966, CVE-2023-38831)
Threat actors are currently exploiting critical vulnerabilities in Citrix NetScaler and WinRAR, posing a significant risk to a variety of targets, including government organizations. In a recent report, researchers exposed [...]
SpyNote: Android spyware records your calls
Security researchers conducted an analysis of the Android trojan called SpyNote, revealing numerous spyware capabilities associated with it. SpyNote: Android spyware F-Secure reports that the trojan in question is typically [...]
Fake browser updates are used to distribute malware
Cybercriminals are increasingly employing counterfeit browser updates that imitate genuine notifications from Google Chrome, Mozilla Firefox, and Microsoft Edge to distribute malware on victims' computers. Fake browser updates A recent [...]
-
User Submitted Posts: Vulnerability found in WordPress plugin GalleryUser Submitted Posts: Vulnerability found in WordPress plugin
BOTNET, Compromised, cyberattack, Evilproxy, Exploitation, Internet Security, malicious cyber actors, Mobile Security, Security Advisory, Security Update, Software Issues
User Submitted Posts: Vulnerability found in WordPress plugin
His team at Patch Stack recently uncovered a fresh vulnerability in the WordPress plugin "User Submitted Posts," affecting versions from 20230902 onwards. With over 20,000 active installations, this popular plugin [...]
Microsoft: New bug bounty program for AI-powered Bing
Microsoft has unveiled a fresh bug bounty program that centers around enhancing the AI-powered Bing experience, offering researchers compensation of up to $15,000. Within the framework of this novel Bing [...]
-
‘Rapid Reset’ DDoS Attacks Rise: October 2023 Patch Tuesday Has Arrived (CVE-2023-36563, CVE-2023-41763, CVE-2023-44487) Gallery‘Rapid Reset’ DDoS Attacks Rise: October 2023 Patch Tuesday Has Arrived (CVE-2023-36563, CVE-2023-41763, CVE-2023-44487)
BOTNET, Compromised, Data Breach, Evilproxy, Exploitation, Internet Security, malicious cyber actors, Mobile Security, Security Advisory, Security Update, vulnerability
‘Rapid Reset’ DDoS Attacks Rise: October 2023 Patch Tuesday Has Arrived (CVE-2023-36563, CVE-2023-41763, CVE-2023-44487)
In October 2023, Microsoft unveiled its latest Patch Tuesday, addressing a comprehensive 103 security vulnerabilities. Within this count, 12 have received a critical rating, while three zero-day vulnerabilities are currently [...]
Google Expands Bug Bounty Program With Chrome, Cloud CTF Events
Google's research team introduced the v8CTF, a capture-the-flag (CTF) challenge centered around the V8 JavaScript engine used in the Chrome browser. This initiative can be considered an extension of the [...]
Formbook is a highly prevalent malware strain
The September 2023 Global Threat Index from Check Point cybersecurity researchers has unveiled notable shifts in the cybersecurity threat landscape. Within the report, a prominent focus is placed on a [...]
The importance of email marketing for businesses
In the contemporary era dominated by technology and social media, email marketing continues to stand out as a highly effective promotional technique for businesses. Despite the growing prominence of social [...]
-
Exploits released for Linux flaw giving root on major distros GalleryExploits released for Linux flaw giving root on major distros
BOTNET, Compromised, cyberattack, Evilproxy, Exploitation, Internet Security, IOC's, Linux Malware, malicious cyber actors, Malware, Security Advisory, Security Update, vulnerability
Exploits released for Linux flaw giving root on major distros
Online, proof-of-concept exploits have emerged for a critical vulnerability in GNU C Library's dynamic loader, granting local attackers root privileges on prominent Linux distributions. Exploits released for Linux flaw Named [...]
Cisco Releases Urgent Patch to Fix Critical Flaw in Emergency Responder Systems
Cisco has issued updates to rectify a critical security vulnerability affecting Emergency Responder, which permits unauthorized remote attackers to access vulnerable systems through the use of hardcoded credentials. Cisco Releases [...]
-
Increased number of victims reported to “leak sites” of ransomware gangs GalleryIncreased number of victims reported to “leak sites” of ransomware gangs
BOTNET, Compromised, cyberattack, Data Breach, Evilproxy, Exploitation, hackers, Internet Security, IOC's, malicious cyber actors, Malicious extension, Security Advisory, Security Update
Increased number of victims reported to “leak sites” of ransomware gangs
According to the "2023 State of the Threat" report by Her Secureworks, the number of victims reported on ransomware leak sites by criminal gangs reached exceptionally high levels from March [...]
EvilProxy: Phishing Microsoft 365 via indeed.com open redirect
A recent phishing campaign dubbed "EvilProxy" has come to light, with its sights set on the Microsoft 365 accounts of top-level executives within US-based organizations. This campaign takes advantage of [...]
-
Lazarus hackers breach aerospace company with new LightlessCan malware GalleryLazarus hackers breach aerospace company with new LightlessCan malware
BOTNET, Compromised, Exploitation, hackers, Internet Security, IOC's, malicious cyber actors, Malicious extension, Mobile Security, Security Advisory, Security Update
Lazarus hackers breach aerospace company with new LightlessCan malware
The Lazarus hacking group, associated with North Korea, launched a cyberattack on a Spanish aerospace company by enticing its employees with bogus job offers, eventually infiltrating the corporate network through [...]
Cisco: Prompts administrators to patch an IOS zero-day
On Wednesday, Cisco issued a warning to its customers, urging them to address a zero-day vulnerability in IOS and IOS XE systems, which can be exploited by malicious users. Cisco: [...]
Zanubis: The Android banking trojan gets even more dangerous
The Android banking Trojan Zanubis has adopted a new disguise, posing as the official application of the Peruvian government organization SUNAT (Superintendencia Nacional de Aduanas y de Administración Tributaria), thereby [...]
Hackers are actively exploiting an Openfire flaw
Malicious actors are actively taking advantage of a critical vulnerability in Openfire messaging servers, using it to encrypt server data with ransomware and deploy cryptocurrency miners. Cybercriminals are currently exploiting [...]
Researchers uncover a thriving underground economy for malware targeting IoT devices
Researchers have exposed a robust clandestine ecosystem focused on crafting malware for IoT device exploitation. Researchers at Kaspersky have detected a flourishing underground marketplace on the dark web, featuring zero-day [...]
ZenRAT Malware Uncovered in Bitwarden Impersonation
A recently discovered malware variant named ZenRAT has surfaced, camouflaged within fraudulent Bitwarden installation bundles. ZenRAT Malware Proofpoint has uncovered ZenRAT, a modular remote access trojan (RAT) that specifically targets [...]
-
Xenomorph Android malware: Targets users of banks and crypto wallets in the US GalleryXenomorph Android malware: Targets users of banks and crypto wallets in the US
BOTNET, Evilproxy, Internet Security, malicious cyber actors, Malicious extension, Malware, Mobile Security, Security Advisory, Security Update, Tips
Xenomorph Android malware: Targets users of banks and crypto wallets in the US
Researchers have uncovered a new distribution campaign for the Xenomorph malware, focusing on Android users in the United States, Canada, Spain, Italy, Portugal, and Belgium. The cybersecurity firm's analysts at [...]
-
Stealth Falcon hackers are using the new Deadglyph malware GalleryStealth Falcon hackers are using the new Deadglyph malware
Backdoor, BOTNET, Compromised, Darknet, Evilproxy, Exploitation, hackers, infostealer, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update
Stealth Falcon hackers are using the new Deadglyph malware
A recently discovered backdoor malware, known as "Deadglyph," has been detected in a cyberattack targeting a government agency in the Middle East. This malicious software has been linked to the [...]
The Rise of Mobile Malware
Mobile malware, as its name implies, is specialized malicious software crafted specifically to infiltrate mobile devices such as smartphones and tablets, with the intent of compromising sensitive user data. The [...]
Fake WinRAR proof-of-concept exploit drops VenomRAT malware
An imitation proof-of-concept (PoC) exploit targeting a WinRAR RCE vulnerability that was recently patched has been discovered on GitHub, with the intention of spreading the VenomRAT malware to unsuspecting users. [...]
-
Mastodon Vulnerabilities and Critical Zero-Day in TrendMicro’s Apex One Addressed: CVE-2023-41179, CVE-2023-42451, CVE-2023-42452 GalleryMastodon Vulnerabilities and Critical Zero-Day in TrendMicro’s Apex One Addressed: CVE-2023-41179, CVE-2023-42451, CVE-2023-42452
Internet Security, malicious cyber actors, Security Advisory, Security Update, Tips, vulnerability, Zero Day Attack
Mastodon Vulnerabilities and Critical Zero-Day in TrendMicro’s Apex One Addressed: CVE-2023-41179, CVE-2023-42451, CVE-2023-42452
Mastodon has taken action to resolve two vulnerabilities, specifically CVE-2023-42451 and CVE-2023-42452. Additionally, a zero-day vulnerability, denoted as CVE-2023-41179, has been swiftly addressed in TrendMicro’s Endpoint Security product, Apex One. [...]
Nest devices can now only join one speaker group at a time
Google has confirmed that due to a recent court ruling, it is currently not possible to simultaneously use your Nest devices in multiple rooms. In a forum post, a Nest [...]
Within the Code of a Fresh XWorm Variant
XWorm is a recent addition to the remote access trojan family, quickly establishing itself as one of the most enduring global threats. Since its initial detection by researchers in 2022, [...]
The new Android banking trojan is based on ERMAC
A recent analysis of the Android banking trojan Hook has uncovered its foundation in its predecessor, ERMAC. Hook : New Android banking trojan In January 2023, ThreatFabric initially identified Hook, [...]
Uncommon AWS Services Targeted by New AMBERSQUID Cryptojacking Operation
An innovative cloud-native cryptojacking campaign has targeted lesser-known Amazon Web Services (AWS) offerings like AWS Amplify, AWS Fargate, and Amazon SageMaker, with the intent of clandestinely mining cryptocurrency. New AMBERSQUID [...]
LockBit Attack Fails, 3AM Ransomware Steps In as Plan B
Researchers have recently uncovered a novel ransomware variant known as 3AM. Their inquiry unveiled that the initial documented instance of this ransomware emerged when malicious actors replaced it with LockBit [...]
-
Free Download Manager site has been redirecting Linux users to malware for years ChatGPT GalleryFree Download Manager site has been redirecting Linux users to malware for years ChatGPT
Compromised, Exploitation, Internet Security, malicious cyber actors, Malware, Mobile Security, Security Advisory, Security Update
Free Download Manager site has been redirecting Linux users to malware for years ChatGPT
The Free Download Manager website has been consistently redirecting Linux users to malware-infected destinations over an extended period! An incident report highlights an attack on the Free Download Manager supply [...]
Notepad++ 8.5.7 addresses critical security vulnerabilities
"The latest release, Notepad++ version 8.5.7, includes security updates to address several buffer overflow vulnerabilities identified in the previous version." Notepad++ Notepad++ is a widely-used, free source code editor with [...]
-
A Modular Malware Loader, HijackLoader, Gaining Prominence in the World of Cybercrime GalleryA Modular Malware Loader, HijackLoader, Gaining Prominence in the World of Cybercrime
BOTNET, Compromised, cyberattack, Exploitation, Internet Security, malicious cyber actors, Malware, Security Advisory, Security Update
A Modular Malware Loader, HijackLoader, Gaining Prominence in the World of Cybercrime
"HijackLoader, a recently emerged malware loader, is rapidly gaining popularity within the cybercriminal community for distributing a range of payloads, which include DanaBot, SystemBC, and RedLine Stealer." More about HijackLoader [...]
How to make sure you don’t lose important emails in Gmail
Secure Entry in Gmail is a crucial mode that enables users to safeguard against missing essential emails. This feature empowers users to designate specific email addresses and domains within Gmail, [...]
Akira Ransomware Attacks Exploit Zero-Day Cisco ASA Vulnerability
In recent updates, there have been emerging reports about threat actors associated with the Akira ransomware focusing their attention on Cisco VPNs that do not employ multi-factor authentication (MFA). This [...]
-
Alert for Mac Users: A Malvertising Campaign spreads Atomic Stealer macOS Malware Gallery
Alert for Mac Users: A Malvertising Campaign spreads Atomic Stealer macOS Malware
BOTNET, Evilproxy, Exploitation, infostealer, Internet Security, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update
Alert for Mac Users: A Malvertising Campaign spreads Atomic Stealer macOS Malware
A fresh malvertising campaign has come to light, disseminating an updated variant of macOS stealer malware known as Atomic Stealer (AMOS). This discovery suggests active maintenance by its author. Atomic [...]
Mirai botnet: New version financially infects Android TV boxes
A recently updated variant of the Mirai botnet malware is now targeting Android TV set-top boxes, which are widely utilized by millions of users for streaming, with a particular emphasis [...]
-
A new Python variant of the Chaes Malware is focusing on the banking and logistics sectors. GalleryA new Python variant of the Chaes Malware is focusing on the banking and logistics sectors.
BOTNET, Compromised, Data Breach, Exploitation, malicious cyber actors, Mobile Security, Security Advisory, Security Update
A new Python variant of the Chaes Malware is focusing on the banking and logistics sectors.
The banking and logistics sectors are currently facing an assault from an updated version of malware known as Chaes. Chaes Malware In early 2022, Avast conducted an analysis that unveiled [...]
Zero-Day Alert: Latest Android Patch Update Addresses Actively Exploited Vulnerability with New Fix
Google has released its monthly security patches for Android to tackle various vulnerabilities, one of which is a zero-day bug that may have been exploited in real-world scenarios. Latest Android [...]
Recent BLISTER Malware Update Boosting Stealthy Network Intrusion
"In the ongoing SocGholish infection chains, a revised BLISTER malware loader is now deployed to distribute Mythic, an open-source command-and-control (C2) framework. Elastic Security Labs researchers Salim Bitam and Daniel [...]
VIPRE research on spam and phishing emails
Based on a report from VIPRE, the use of malicious links in phishing emails reached 85%, and there was a 30% increase in spam emails from the first quarter to [...]
-
Reported ransomware attacks have targeted LogicMonitor customers, leading to security breaches GalleryReported ransomware attacks have targeted LogicMonitor customers, leading to security breaches
BOTNET, Compromised, Evilproxy, Exploitation, Internet Security, Mobile Security, Security Advisory, Security Update
Reported ransomware attacks have targeted LogicMonitor customers, leading to security breaches
Today, LogicMonitor, a network monitoring company, confirmed that certain users of its SaaS platform have been impacted by cyberattacks. Ransomware attacks have targeted LogicMonitor customers While LogicMonitor has yet to [...]
Chinese APT Uses Fake Messenger Apps to Spy on Android Users
In the coming years, Signal's applications became compromised, while Telegram, containing the BadBazaar spyware, was uploaded to Google Play and Samsung Galaxy Store by the Chinese hacking group known as [...]
DarkGate malware activity is increasing
A recently detected malspam campaign has been identified as distributing a readily available malware known as DarkGate. DarkGate malware "In a report published last week, Telekom Security stated that the [...]
-
The emerging ransomware collective “Ransomed” has adopted a novel extortion strategy. GalleryThe emerging ransomware collective “Ransomed” has adopted a novel extortion strategy.
Compromised, Evilproxy, Internet Security, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update, Tips
The emerging ransomware collective “Ransomed” has adopted a novel extortion strategy.
Dubbed "Ransomed," this group was initially identified by cybersecurity analyst and blogger Flashpoint on August 15th. The group has established a dedicated Telegram channel and is also showcasing a prominent [...]
-
A Single-Click Security Vulnerability Found in Zimbra Collaboration Suite: CVE-2023-41106 GalleryA Single-Click Security Vulnerability Found in Zimbra Collaboration Suite: CVE-2023-41106
Compromised, Evilproxy, Exploitation, Internet Security, malicious cyber actors, Security Advisory, Security Update, vulnerability
A Single-Click Security Vulnerability Found in Zimbra Collaboration Suite: CVE-2023-41106
Within the realm of digital communication and collaboration, the Zimbra Collaboration Suite has long stood as a dependable companion. Nevertheless, a cloud of doubt has been cast upon its security [...]
ALPHV ransomware: New data leak API as a new extortion strategy
The ALPHV ransomware group, known as BlackCat, aims to intensify ransom payment pressure on victims by offering an API for their leak site, thereby amplifying the exposure of their attacks. [...]
NEW STUDY SHEDS LIGHT ON ADHUBLLKA RANSOMWARE NETWORK
Cybersecurity analysts have revealed an intricate network of interconnected ransomware variants, all of which can be traced back to a shared origin: the Adhubllka ransomware family. Researchers found a fresh [...]
-
Roblox Game Developers Facing Threat from Over a Dozen Malicious npm Packages GalleryRoblox Game Developers Facing Threat from Over a Dozen Malicious npm Packages
Compromised, Evilproxy, Exploitation, Internet Security, malicious cyber actors, Malicious extension, Malware, Mobile Security, Security Advisory, Security Update
Roblox Game Developers Facing Threat from Over a Dozen Malicious npm Packages
Since the beginning of August 2023, over twelve malicious packages have been found in the npm package repository. These packages have the ability to install an open-source information stealer named [...]
Scarab Ransomware Deployed Worldwide Via Spacecolon Toolset
"Cybersecurity experts at ESET reveal the discovery of a malevolent toolkit called Spacecolon, which has been utilized to propagate various strains of the Scarab ransomware across numerous victim organizations worldwide." [...]
New variant of XLoader macOS Malware masquerading as OfficeNote app
A fresh iteration of the XLoader malware targeting macOS disguises itself under the name 'OfficeNote' productivity application. XLoader macOS Emerging onto the scene in 2020, XLoader inherits its legacy from [...]
Chinese Hackers Using Stolen Ivacy VPN Certificate To Sign Malware
The Bronze Starlight hacking group has ingeniously employed a legitimate Ivacy VPN code-signing certificate to focus on the Southeast Asian gambling sector. Employing a legitimate certificate offers a significant advantage [...]
Hackers Can Exploit New WinRAR Vulnerability to Gain PC Control
A security vulnerability of significant severity has been revealed in the WinRAR utility, posing a potential risk for threat actors to execute remote code on Windows systems. Logged under CVE-2023-40477 [...]
BlackCat’s Sphynx ransomware integrates Impacket, RemCom
A new iteration of the BlackCat ransomware was recently unveiled by Microsoft's researchers. Termed 'Sphynx', this variant incorporates the Impacket networking framework and the Remcom hacking tool. These additions empower [...]
-
Researchers Detect Vulnerabilities in PowerShell Gallery Enabling Supply Chain Attacks Gallery
Researchers Detect Vulnerabilities in PowerShell Gallery Enabling Supply Chain Attacks
Backdoor, BOTNET, Compromised, cyberattack, Darknet, Data Breach, Evilproxy, Exploitation, hackers, infostealer, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update, Software Issues, Tips
Researchers Detect Vulnerabilities in PowerShell Gallery Enabling Supply Chain Attacks
Malicious actors could exploit existing vulnerabilities within the PowerShell Gallery to execute supply chain attacks targeting users of the registry. "Aqua security researchers, including Mor Weinberger, Yakir Kadkoda, and Ilay [...]
-
Ivanti Avalanche Critical Buffer Overflow Vulnerabilities: CVE-2023-32560 GalleryIvanti Avalanche Critical Buffer Overflow Vulnerabilities: CVE-2023-32560
Compromised, cyberattack, Data Breach, Exploitation, Internet Security, IOC's, malicious cyber actors, Mobile Security, Security Advisory, Security Update, vulnerability
Ivanti Avalanche Critical Buffer Overflow Vulnerabilities: CVE-2023-32560
Two significant security flaws, designated as CVE-2023-32560, have been unearthed in Ivanti Avalanche. This enterprise mobility management (EMM) solution is tasked with the management, monitoring, and security of diverse mobile [...]
MaginotDNS: DNS cache poisoning attacks
Researchers from UC Irvine and Tsinghua University have created a potent cache poisoning attack named "MaginotDNS." This attack focuses on Conditional DNS (CDNS) resolvers and has the potential to compromise [...]
Gafgyt: Exploits five year old flaw in EoL Zyxel
Fortinet has raised an alert regarding the Gafgyt botnet malware, which is currently targeting a vulnerability in the Zyxel EoL router. This vulnerability occurs during the router's final phase and [...]
Lapsus$: How They Hacked Some of the Biggest Targets
The amateur hacker group Lapsus$—mostly teenagers with limited technical training—has skillfully breached major targets like Microsoft, Okta, Nvidia, and Globant. The government is studying their methods to enhance cybersecurity. The [...]
Microsoft Patch Tuesday August: Warns of 2 zero-days
Microsoft introduces the August 2023 Patch Tuesday update, encompassing 87 security enhancements addressing 23 vulnerabilities. Among these are two vulnerabilities currently under active exploitation. The update also tackles twenty-three instances [...]
-
Suspected Vietnamese hacker targets Chinese, Bulgarian organizations with new ransomware GallerySuspected Vietnamese hacker targets Chinese, Bulgarian organizations with new ransomware
Compromised, cyberattack, Darknet, Data Breach, Evilproxy, Exploitation, Internet Security, IOC's, malicious cyber actors, Ransomware, Security Advisory, Security Update
Suspected Vietnamese hacker targets Chinese, Bulgarian organizations with new ransomware
Since June 4, 2023, an unidentified threat actor has been employing a Yashma ransomware variant to target entities in English-speaking countries, Bulgaria, China, and Vietnam. Experts from Cisco Talos said [...]
-
QakBot Malware Operators Ramp Up C2 Network with 15 New Servers GalleryQakBot Malware Operators Ramp Up C2 Network with 15 New Servers
Backdoor, BOTNET, Compromised, cyberattack, Data Breach, Evilproxy, Exploitation, infostealer, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Mobile Security, Security Advisory, Security Update, Software Issues, Targeted Attacks, Tips
QakBot Malware Operators Ramp Up C2 Network with 15 New Servers
As of late June 2023, the QakBot (aka QBot) malware operators have established 15 new command-and-control (C2) servers. The findings come as a follow-up to Team Cymru's previous malware infrastructure [...]
-
“Critical Remote Code Execution (RCE) Vulnerability (CVE-2023-39143) in PaperCut Application Servers” Gallery“Critical Remote Code Execution (RCE) Vulnerability (CVE-2023-39143) in PaperCut Application Servers”
BOTNET, Compromised, cyberattack, Darknet, Data Breach, Evilproxy, Exploitation, infostealer, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Mobile Security, Security Advisory, Security Update, Tips, vulnerability
“Critical Remote Code Execution (RCE) Vulnerability (CVE-2023-39143) in PaperCut Application Servers”
PaperCut NG and PaperCut MF are widely adopted software solutions for managing print services on servers. CVE-2023-39143 is a path traversal vulnerability in PaperCut NG and PaperCut MF versions before [...]
-
Critical Microsoft Power Platform Vulnerability: Proactive Security Methods to Prevent Exploitation GalleryCritical Microsoft Power Platform Vulnerability: Proactive Security Methods to Prevent Exploitation
Compromised, Evilproxy, Exploitation, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Microsoft, Mobile Security, Security Advisory, Security Update
Critical Microsoft Power Platform Vulnerability: Proactive Security Methods to Prevent Exploitation
Microsoft addressed a critical vulnerability in its Power Platform after criticism for a delayed response. Tenable reported the vulnerability on March 30, 2023, and an official fix was issued in [...]
Fake VMware vConnector package detected in PyPI
IT professionals were targeted by a malicious package named "VMConnect," which impersonated the VMware vSphere connector module "vConnector" and was uploaded to the Python Package Index (PyPI). Fake VMware vConnector [...]
-
Malicious apps employ sneaky versioning techniques to evade detection by Google Play Store scanners. GalleryMalicious apps employ sneaky versioning techniques to evade detection by Google Play Store scanners.
BOTNET, Compromised, Data Breach, Exploitation, Internet Security, malicious cyber actors, Malicious extension, Malware, Mobile Security, Security Advisory, Security Update
Malicious apps employ sneaky versioning techniques to evade detection by Google Play Store scanners.
Threat actors use versioning to bypass Google Play Store's malware detection and target Android users. In its August 2023 Threat Horizons Report shared with The Hacker News, Google Cybersecurity Action [...]
-
NodeStealer 2.0 takes over Facebook Business accounts and targets crypto wallets Gallery
NodeStealer 2.0 takes over Facebook Business accounts and targets crypto wallets
Compromised, Evilproxy, Internet Security, malicious cyber actors, Malware, Mobile Security, Security Advisory, Security Update, Tips
NodeStealer 2.0 takes over Facebook Business accounts and targets crypto wallets
Palo Alto Networks Unit 42 found a new phishing campaign distributing a Python variant of NodeStealer. The code aims to seize Facebook business accounts and steal cryptocurrency funds. The threat [...]
A new attack significantly affects AI chatbots
The Chat GPT and other AI models have undergone numerous modifications to prevent malicious users from exploiting them to generate spam, hate speech, sharing personal information, or providing instructions for [...]
-
Fruity Trojan: Uses deceptive software installers to spread the Remcos RAT GalleryFruity Trojan: Uses deceptive software installers to spread the Remcos RAT
Backdoor, BOTNET, Compromised, Data Breach, Exploitation, infostealer, Internet Security, Malware, Mobile Security, Security Advisory, Security Update
Fruity Trojan: Uses deceptive software installers to spread the Remcos RAT
Cybercriminals are fabricating counterfeit websites containing software installers that have been infected with a downloader malware named Fruity. Their objective is to deceive unsuspecting users into unwittingly downloading this trojan, [...]
Flipper Zero: Now has an app store for third-party applications
The Flipper Zero team recently introduced "Flipper Apps," its very own mobile app store. This new store enables mobile users to easily install 3rd party applications, expanding the capabilities of [...]
WordPress Ninja Forms: Flaw in plugin allows data theft
The renowned WordPress form plugin, Ninja Forms, has been identified to have three vulnerabilities that might grant unauthorized privileges to malicious users and enable them to extract personal data. On [...]
-
Lazarus: They hijack Microsoft’s IIS servers to distribute malware GalleryLazarus: They hijack Microsoft’s IIS servers to distribute malware
Backdoor, BOTNET, Compromised, cyberattack, Evilproxy, Exploitation, hackers, infostealer, Internet Security, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update, windows
Lazarus: They hijack Microsoft’s IIS servers to distribute malware
Lazarus, a state-backed North Korean hacker group, targets Windows Internet Information Service (IIS) web servers to use them as a platform for distributing malware. IIS serves as Microsoft's web server [...]
Azimut: Italian Asset Manager victim of ransomware attack
Azimuth Group, an Italian asset management company, oversees a substantial portfolio of over $87.2 billion in assets. It has recently made a strong statement, affirming that it will not yield [...]
Microsoft: Stolen key gave access to cloud services
Wiz security researchers have revealed that Chinese hackers, known as Storm-0558, successfully stole Microsoft's consumer signing key. With this key, the hackers gained access to breached accounts on Exchange Online [...]
Estée Lauder: Hacked by two ransomware gangs
Estee Lauder has recently experienced a significant ransomware breach, joining the list of prominent companies targeted by attackers. Two groups have claimed responsibility for compromising the firm's security. The Estée [...]
Mallox ransomware exploits weak MS-SQL servers to breach networks
New findings from Palo Alto Networks Unit 42 reveal that in 2023, Mallox ransomware activities have surged by an alarming 174% compared to the previous year. Mallox ransomware According to [...]
BundleBot malware steals sensitive information
The cybersecurity landscape has been recently shaken by the emergence of BundleBot, a sophisticated malware strain that leverages advanced . NET file development techniques to facilitate the unauthorized extraction of [...]
Adobe: Urgent patch fixes ColdFusion zero-day
Adobe has addressed three vulnerabilities in ColdFusion, including a zero-day vulnerability. Adobe fixed three vulnerabilities in ColdFusion, their web application development platform. One of these vulnerabilities was a zero-day, and [...]
-
“Blackhat AI Module ‘WormGPT’ Attracts 5,000 Subscribers in a Few Days” Gallery
“Blackhat AI Module ‘WormGPT’ Attracts 5,000 Subscribers in a Few Days”
BOTNET, Compromised, cyberattack, Exploitation, Internet Security, IOC's, malicious cyber actors, Malicious extension, Security Advisory, Security Update
“Blackhat AI Module ‘WormGPT’ Attracts 5,000 Subscribers in a Few Days”
Artificial Intelligence (AI) has introduced revolutionary advances, including generative AI, which shows great potential for creative use. However, the emergence of tools like WormGPT has raised concerns about its implications. [...]
-
Turla: Targets Exchange servers with new DeliveryCheck backdoor malware GalleryTurla: Targets Exchange servers with new DeliveryCheck backdoor malware
BOTNET, Compromised, cyberattack, Evilproxy, Exploitation, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update
Turla: Targets Exchange servers with new DeliveryCheck backdoor malware
Microsoft and the Ukrainian CERT issued a warning about Russian state hacking group Turla launching new attacks. The targets include the defense industry and Microsoft Exchange servers, exploiting a new [...]
-
Critical and High Vulnerabilities in Citrix ADC and Citrix Gateway (CVE-2023-3519, CVE-2023-3466, CVE-2023-3467) GalleryCritical and High Vulnerabilities in Citrix ADC and Citrix Gateway (CVE-2023-3519, CVE-2023-3466, CVE-2023-3467)
BOTNET, Compromised, Data Breach, Evilproxy, Exploitation, Internet Security, Mobile Security, Security Advisory, Security Update
Critical and High Vulnerabilities in Citrix ADC and Citrix Gateway (CVE-2023-3519, CVE-2023-3466, CVE-2023-3467)
Citrix ADC and Citrix Gateway, renowned for their role in facilitating secure application delivery and remote access solutions, have unfortunately been discovered to possess critical vulnerabilities. These vulnerabilities present substantial [...]
-
AVrecon malware infects 70.000 Linux routers to create botnet GalleryAVrecon malware infects 70.000 Linux routers to create botnet
BOTNET, Compromised, Data Breach, Evilproxy, Exploitation, Internet Security, Linux Malware, malicious cyber actors, Malicious extension, Malware, Mobile Security, Security Advisory, Security Update
AVrecon malware infects 70.000 Linux routers to create botnet
AVrecon malware infects 70,000 Linux routers, forming a botnet for bandwidth theft and a hidden residential proxy service. AVrecon malware Recently, a Linux-based Remote Access Trojan (RAT) was brought to [...]
Gamaredon hackers steal data in less than an hour after the breach
The Computer Emergency Response Team (CERT-UA) of Ukraine has issued a warning regarding the rapid actions of the hackers known as Gamaredon. They possess the ability to swiftly pilfer data [...]
-
Zimbra to admins: Manually patch this zero-day vulnerability GalleryZimbra to admins: Manually patch this zero-day vulnerability
Backdoor, BOTNET, Compromised, cyberattack, Data Breach, Evilproxy, hackers, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update, Tips
Zimbra to admins: Manually patch this zero-day vulnerability
Zimbra Collaboration Suite (ZCS) has issued an urgent advisory, urging administrators to apply a manual patch for a zero-day vulnerability. This vulnerability is actively exploited by attackers to target and [...]
-
Fake PoC for a Linux Kernel vulnerability on GitHub contains malware Gallery
Fake PoC for a Linux Kernel vulnerability on GitHub contains malware
Backdoor, BOTNET, Compromised, cyberattack, Data Breach, Exploitation, infostealer, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Mobile Security, Security Advisory, Security Update
Fake PoC for a Linux Kernel vulnerability on GitHub contains malware
A fake PoC about a Linux kernel vulnerability on GitHub exposed researchers to malware. A backdoor with a "sly" persistence method has been found in a proof-of-concept (PoC) on GitHub, [...]
-
Triada Malware: Infects Android devices via fake Telegram app GalleryTriada Malware: Infects Android devices via fake Telegram app
Backdoor, BOTNET, Compromised, cyberattack, Evilproxy, Exploitation, infostealer, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update
Triada Malware: Infects Android devices via fake Telegram app
The Triada malware infiltrates Android devices through a counterfeit Telegram app. Thankfully, the version of Telegram infected with the Triada malware is disseminated exclusively through third-party stores, rather than the [...]
-
Critical Auth Bypass Vulnerabilities: SonicWall Urges Immediate Patching for GMS/Analytics GalleryCritical Auth Bypass Vulnerabilities: SonicWall Urges Immediate Patching for GMS/Analytics
BOTNET, Compromised, Evilproxy, Exploitation, Internet Security, malicious cyber actors, Malware, Security Advisory, Security Update, vulnerability
Critical Auth Bypass Vulnerabilities: SonicWall Urges Immediate Patching for GMS/Analytics
SonicWall has issued an urgent warning to its customers, urging them to promptly patch several critical vulnerabilities that are affecting the company's Global Management System (GMS) firewall management and Analytics [...]
Microsoft’s July 2023 Patch Tuesday Fixes Five Zero-Days, Nine Critical Vulnerabilities
Today, Microsoft Corp. released software updates to address a total of 130 security vulnerabilities in its Windows operating systems and related software. These updates include fixes for at least five [...]
Critical RCE Vulnerability in ShareFile: PoC Exploit Available
Recently, a critical vulnerability was discovered in ShareFile, a cloud-based file sharing application. This vulnerability, identified as CVE-2023-24489, enables unauthenticated individuals to perform arbitrary file uploads and execute remote code [...]
-
MOVEit Transfer customers are being warned to fix a new, critical flaw GalleryMOVEit Transfer customers are being warned to fix a new, critical flaw
Backdoor, Banking Trojan, cyberattack, Evilproxy, Exploitation, hackers, Internet Security, IOC's, Linux Malware, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update, Software Issues
MOVEit Transfer customers are being warned to fix a new, critical flaw
Progress is notifying customers about a newly discovered critical SQL injection vulnerability, identified as CVE-2023-36934, in its MOVEit Transfer software. MOVEit Transfer The software at the center of the recent [...]
Rekoobe Malware: Targets vulnerable Linux servers
Rekoobe, a backdoor malware, specifically targets vulnerable Linux servers commonly utilized by the Chinese APT31. Rekoobe Malware Since 2015, Rekoobe has remained active, and in 2018, updated versions of the [...]
Microsoft Teams: The TeamsPhisher tool exploits its bug
The "TeamsPhisher" cybersecurity tool provides a means for both pen testers and malicious actors to send harmful files directly to a Teams user via an external account or tenant Attackers [...]
New StackRot Linux kernel flaw allows privilege escalation
Recent reports have brought to light crucial technical details regarding a critical vulnerability impacting various versions of the Linux kernel. This vulnerability, known as "StackRot" (CVE-2023-3269), can be triggered with [...]
DDoSia Attack Tool Upgraded with Encryption, Concealed Targeting
A new version of the DDoSia attack tool has been released by the threat actors, featuring an updated mechanism for obtaining the list of targets. This enhancement enables the tool [...]
WordPress plugin gives hackers admin access to your site
A vulnerability found in the Ultimate Member plugin has the potential to exploit thousands of WordPress sites, putting them at risk. However, implementing a quick fix can prevent your site [...]
BlackCat Ransomware Gang to Launch Malicious WinSCP Ads
The BlackCat ransomware group launched a malvertising campaign to push Cobalt Strike. They put up advertisements to attract people to fake WinSCP pages. Instead of the application, the victims download [...]
Modified Telegram app with malware that puts your data at risk found
Cybersecurity researchers recently uncovered a concerning discovery regarding a modified iteration of the widely-used messaging application, Telegram, specifically designed for Android devices. This modified version has been identified as malicious, [...]
New Malware by Lazarus-Backed Andariel Group Exploits Log4j
Last year, the North Korean hacking group Andariel utilized a previously undisclosed malware named EarlyRat to carry out attacks exploiting the Log4j Log4Shell vulnerability. Lazarus-Backed Andariel Group Exploits Log4j During [...]
-
Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data GalleryNewly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data
BOTNET, Compromised, Data Breach, Exploitation, Internet Security, malicious cyber actors, Malicious extension, Malware, Mobile Security, Security Advisory, Security Update
Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data
Security researchers have recently discovered ThirdEye, an information stealer designed for Windows operating systems. This stealthy malware is capable of collecting sensitive data from computers that have been infected. ThirdEye [...]
Android malware Fluhorse targets credit cards
Cybersecurity experts have recently disclosed the intricate workings of Fluhorse, an Android malware family. The malware "represents a significant change, as it embeds malicious components directly into Flutter's code," Fortinet [...]
Akira ransomware: Linux version targets VMware ESXi servers
Akira, a ransomware operation, has recently shifted its focus from Windows systems to VMware ESXi virtual machines, utilizing a Linux encryptor to carry out the encryption process. The double extortion [...]
Arcserve: Fixed critical vulnerability in UDP software
Arcserve has recently launched a security update to resolve a severe authentication bypass vulnerability known as CVE-2023-26258, in their ArcServe UDP Backup software. Arcserve UDP Arcserve UDP is a data [...]
Windows malware spreads through infected Super Mario game
A trojanized installer for the popular Super Mario 3: Mario Forever game for Windows has been discovered, posing a serious risk to unwary players. This modified version of the game [...]
Vulnerabilities Identified and Patched in BIND 9 DNS Software
The BIND 9 DNS software suite, an integral part of the Domain Name System (DNS), has recently received updates to neutralize three high-priority vulnerabilities. This could potentially induce significant service interruptions. The [...]
-
Powerful JavaScript Dropper PindOS distributes Bumblebee and IcedID malware GalleryPowerful JavaScript Dropper PindOS distributes Bumblebee and IcedID malware
Backdoor, BOTNET, Compromised, cyberattack, Darknet, Data Breach, Exploitation, hackers, infostealer, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Mobile Security, Security Advisory, Security Update
Powerful JavaScript Dropper PindOS distributes Bumblebee and IcedID malware
A new strain of the JavaScript dropper has been observed delivering next-stage payloads such as Bumblebee and IcedID. Both Bumblebee and IcedID serve as loaders, acting as vectors for other [...]
The IDOR Vulnerability in Microsoft Teams
Cybersecurity researchers have recently informed that a vulnerability in the latest version of Microsoft Teams allows attackers to inject malware into any organization's network. All about the Vulnerability External Tenants in Microsoft [...]
Chinese APT15 hackers use new Graphican backdoor
The Chinese hackers which are tracked as APT15 are involved in a new campaign that uses a backdoor with the name "Graphican". The campaign was active from late 2022 to early 2023. Graphican backdoor The team [...]
Android malware GravityRAT steals your WhatsApp backups
ESET researchers have identified an updated version of Android GravityRAT spyware being distributed as the messaging apps BingeChat and Chatico. GravityRAT GravityRAT is a remote access tool known to be [...]
Infostealer malware has stolen 101.000 ChatGPT accounts
More than 101.000 ChatGPT user accounts have been stolen by infostealer malware over the past year, according to data from the dark web market. Infostealer malware Infostealer malware has led [...]
SeroXen Malware Latest to Deploy BatCloak Evasion Tool
Security researchers warn that malware developers are adopting a handy obfuscation tool to get malware past antiviruses. SeroXen Malware Latest SeroXen is a fileless Remote Access Trojan (RAT) that excels [...]
The rise of phishing scams and how to avoid them.
Cybersecurity scams continue to be on the rise. As scammers get smarter, it’s important to stay up to date on the latest trends. One of the best things you can [...]
Zyxel patches critical vulnerability in NAS devices (CVE-2023-27992)
Zyxel has released firmware patches for a critical vulnerability (CVE-2023-27992) in some of its consumer network attached storage (NAS) devices. About CVE-2023-27992 CVE-2023-27992 is an OS command injection flaw that could be triggered [...]
-
New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions GalleryNew Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions
Backdoor, BOTNET, Compromised, cyberattack, Data Breach, Evilproxy, Exploitation, infostealer, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update
New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions
A new stealer malware is on the rise, designed to obtain user credentials to help attackers penetrate specific environments and obtain other information of financial value. This spyware also targets Steam, [...]
What Is the Principle of Least Privilege (POLP)?
The principle of least privilege (POLP), also named the “principle of least authority” (POLA) or “the principle of minimal privilege” (POMP), stands for a cybersecurity best practice based upon granting [...]
New Diicot group targets SSH servers with brute-force malware
Diicot shares its new name with the Romanian anti-terrorist police unit and uses the same style of messaging and imagery. Diicot Threat Agent Diicot, previously known as Mexals, is a [...]
Fake zero-day PoC exploits on GitHub spread Windows and Linux malware
Researchers detected fake company accounts on GitHub linked to a deceitful cybersecurity company. These accounts are promoting harmful repositories on the code hosting service. These malicious exploits are promoted by purported [...]
Gamaredon: Uses PowerShell USB malware to drop backdoors
Russia-linked state-sponsored cyber-espionage group Gamaredon (Armageddon, UAC-0010) continues its relentless attacks against government entities, and organizations in Ukraine's military and security intelligence sectors, using updated malware tools, according to a [...]
New Golang-based Skuld Malware Stealing Discord and Browser Data from Windows PCs
A new Golang-based information stealer called Skuld has compromised Windows systems across Europe, Southeast Asia, and the U.S. What is Skuld Malware ? The Purpose of Skuld malware tried to steal sensitive [...]
Hackers use BatCloak to make their malware completely undetectable
A fully undetectable (FUD) malware obfuscation engine called BatCloak has been used to deploy various malwastrains since September 2022, persistently evading detection by antiviruses. BatCloak Researchers at Trend Micro describe [...]
Fortinet Patches Critical FortiGate SSL VPN Vulnerability
Fortinet has patched a critical flaw in its Fortigate devices, with admins urged to apply firmware updates as a matter of urgency. The flaw is a critical pre-authentication remote code [...]
Google Switches Email Authentication Method Following Exploitation by Scammers
Gmail is tightening its implementation of an email security protocol after a researcher discovered a flaw allowing brands to be impersonated. Gmail’s system uses Brand Indicators for Message Identification (BIMI) as well [...]
Cisco Addresses High-Severity Bug in Secure Client Software
Cisco has recently fixed a high-severity vulnerability found in its Cisco Secure Client (previously known as AnyConnect Secure Mobility Client) software. This issue could have allowed attackers to escalate their [...]
New PowerDrop Malware Targets U.S. Aerospace Industry
A new PowerShell malware script, named “PowerDrop”, has been discovered to be used in attacks targeting the US aerospace defense industry. Researchers have determined that the malware consists of a novel combination [...]
New Malware Campaign Leveraging Satacom Downloader to Steal Cryptocurrency
A recent malware campaign has been discovered that exploits the Satacom downloader as a means to deploy discreet malware capable of stealing cryptocurrency by using a deceptive extension for Chromium-based [...]
Cyclops Ransomware group offers a multiplatform Info Stealer
The Cyclops group has developed multi-platform ransomware that can infect Windows, Linux, and macOS systems. The Cyclops group actively promotes their offerings on hacker forums and seeks a share of the profits [...]
-
Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors GalleryAlarming Surge in TrueBot Activity Revealed with New Delivery Vectors
BOTNET, Compromised, Data Breach, Evilproxy, Exploitation, Internet Security, malicious cyber actors, Malicious extension, Malware, Mobile Security, Security Advisory, Security Update
Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors
TrueBot downloader trojan botnet activity has increased significantly in the past month, researchers say. What is TrueBot? Truebot is a downloader malware. As such, its main goal is to infect systems, [...]
Google fixes new zero-day vulnerability in Chrome browser
Yesterday, Google addressed another zero-day vulnerability affecting Google Chrome. The Flashpoint Intel Team quickly published an alert to VulnDB customers and have been closely tracking the vulnerability since.Yesterday, Google addressed another zero-day vulnerability affecting Google Chrome. [...]
WordPress: Automatic update to fix vulnerability in Jetpack plugin
The popular and one of the most-used WordPress plugins, Jetpack recently addressed a critical security issue. Despite no active exploitation, WordPress force installed Jetpack plugin updates to websites to patch [...]
Gigabyte Firmware Code Injection: Persistent Backdoor Leads to Supply Chain Risks
Cybersecurity firm Eclypsium has uncovered a potential backdoor in Gigabyte systems, raising concerns about the security of the technology supply chain. Gigabyte Firmware Code Injection Researchers from Eclypsium have discovered this vulnerable [...]
Attackers Exploit Critical Zero-Day Vulnerability in MOVEit Transfer
A critical vulnerability in Progress Software's MoveIt Transfer is under exploitation, according to a report from Rapid7. The zero-day vulnerability, which Progress disclosed Wednesday, is a SQL injection flaw that could [...]
CVE-2023-33733: RCE Vulnerability in ReportLab Python Library
A technical write-up for a ReportLab vulnerability are now available. The vulnerability tracked as CVE-2023-33733. Recently, during an audit of a web application, the application was found to employ the ReportLab Python library [...]
LEVERAGING CHATGPT TO STRENGTHEN YOUR CYBERSECURITY
ChatGPT (generative pre-trained transformer) is an AI-powered chatbot created by Open AI and designed to produce human-like text and interact with users in a conversational way. While ChatGPT is technically a [...]
Android trojan “DogeRAT” targets Indian users, stealing personal and financial information
An open-source Android virus known as DogeRAT (Remote Access Trojan) has been discovered by CloudSEK, an AI cybersecurity company. The malware is distributed via social media and messaging platforms masquerading as legitimate apps, such [...]
Android apps with SpinOk spyware module installed over 421,000K times
A new Android malware – SpinOk – distributed as an advertisement SDK has been discovered in several apps – many of which were previously listed on Google Play and have [...]
Critical Vulnerabilities in D-Link Products
D-Link has fixed two critical vulnerabilities in the D-View 8 network management suite that could allow remote attackers to bypass authentication and execute arbitrary code. D Link is a popular brand [...]
-
Zyxel firewalls are affected by two security flaws GalleryZyxel firewalls are affected by two security flaws
BOTNET, Compromised, cyberattack, Evilproxy, Exploitation, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update, Software Issues, Targeted Attacks, Tips, Zero Day Attack
Zyxel firewalls are affected by two security flaws
Zyxell has released a security advisory for multiple buffer overflow vulnerabilities. Exploitation of these vulnerabilities could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on [...]
-
Google’s New ZIP Domain Could Be Used for Phishing and Malware Attacks GalleryGoogle’s New ZIP Domain Could Be Used for Phishing and Malware Attacks
BOTNET, Compromised, cyberattack, Data Breach, Exploitation, Internet Security, IOC's, malicious cyber actors, Mobile Security, Security Advisory, Security Update
Google’s New ZIP Domain Could Be Used for Phishing and Malware Attacks
Security professionals warn that Google's new top-level domains, .zip and .mov, pose social engineering risks while providing little reason for their existence. Google released its new TLDs in early May, which are [...]
Luxottica Data Leak Exposes Over 70M Customers’ Data
Luxottica, the world’s largest eyewear company, has revealed that it was the victim of a major cyber attack. The attack exposed the personal information of over 70 million customers on hacking forums. Luxottica [...]
GUI-vil’s Strategies in AWS Compromises
Researchers have been tracking a financially motivated threat group known as GUI-vil (aka p0-LUCR-1), based in Indonesia, which engages in unauthorized cryptocurrency mining. GUI-vil's GUI-vil is a financially motivated threat group sourcing from [...]
BlackCat ransomware is using signed Microsoft kernel drivers to avoid detection
Research has revealed how the Russian gang's malware remains hidden in systems and gets around end-point security. BlackCat ransomware An end-point security evasion technique by ransomware gang BlackCat has been uncovered by [...]
-
Vulnerability in KeePass Password Manager Permits Retrieving Master Password (CVE-2023-32784) Gallery
Vulnerability in KeePass Password Manager Permits Retrieving Master Password (CVE-2023-32784)
Compromised, Internet Security, malicious cyber actors, Mobile Security, Security Advisory, Security Update, Tips, vulnerability
Vulnerability in KeePass Password Manager Permits Retrieving Master Password (CVE-2023-32784)
A proof-of-concept (PoC) has been made available for a security flaw in the KeePass password manager that could be used to recover a victim’s master password in cleartext in certain [...]
IcedID Macro Attacks Deploy Nokoyawa Ransomware
Malicious actors frequently resort to alternative techniques to gain initial access, such as employing diverse file formats and payloads. It is important to highlight that they still actively use VBA macros embedded [...]
Live Speech & Personal Voice: Apple’s two useful features for speech impaired people
Apple announced that it will make available new important "Accessibility functions"At iOS 17 that will be released this year, and two of the most important are “Live Speech" and "personal voice". Both functions [...]
-
CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules GalleryCopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules
BOTNET, Evilproxy, Exploitation, Internet Security, malicious cyber actors, Malicious extension, Malware, phishing, Security Advisory, Security Update
CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules
The threat actors behind the CopperStealer malware re-emerged in March and April 2023 with two new campaigns designed to deliver two new payloads called CopperStealth and CopperPhish. Trend Micro is [...]
Discord reveals data breach after worker hack
Top streaming service Discord has suffered a minor cybersecurity incident in which potentially sensitive and personal user data was exposed. Discord is a platform for people with similar interests to [...]
Critical Privilege Escalation in Essential Addons for Elementor Plugin
WordPress plugins allow organizations to quickly extend the functionality of their websites without requiring any coding or advanced technical skills. But they have also been the biggest source of risk [...]
RapperBot Crew Drops DDoS/CryptoJacking Botnet Collab
New samples of it RapperBot botnet malware, reviewed by experts security, they have added cryptomining capabilities to mine cryptocurrency from hacked machines with Intel x64. RapperBot The RapperBot campaign is bringing in some fresh talent [...]
Scammers Distribute Malware via Verified Account Ads on Facebook
Hackers have been detected breaking into popular verified Facebook pages and using them to run ads on the social media behemoth distributing malware. The threat actors behind the campaign compromised popular Facebook accounts, [...]
New PhaaS ‘Greatness’ Simplifies Microsoft 365 Phishing Attacks
A Phishing-as-a-Service (PhaaS) platform called “Greatness” has seen a spike in activity as it targets organizations using Microsoft 365 in the United States, Canada, the United Kingdom, Australia and South [...]
Magecart malware strikes e-commerce websites again and again
Shopping cart malware, known as Magecart, is still one of the most popular tools in the attacker's toolbox, and despite efforts to mitigate and eliminate its presence, it remains fully [...]
Malware Attacks From SmokeLoader And RoarBAT, CERT-UA Warns
Based on the Computer Emergency Response Team of Ukraine (CERT-UA), the SmokeLoader malware is now being spread via a phishing campaign using lures centered around invoices. A ZIP folder containing [...]
-
FluHorse malware attacks Android phones stealing personal data including passwords GalleryFluHorse malware attacks Android phones stealing personal data including passwords
Compromised, Data Breach, Exploitation, Internet Security, malicious cyber actors, Malicious extension, Malware, Mobile Security, Security Advisory, Security Update
FluHorse malware attacks Android phones stealing personal data including passwords
A new Android malware named “FluHorse” has been discovered, targeting users in East Asia with malicious apps that mimic legitimate versions. According to Check Point Research, these malicious apps are [...]
New KEKW malware infects open source Python Wheel files
The KEKW malware employs a malicious function known as system_information() to gather a wide range of system-related data from infected machines. Python PYPI The Python Package Index (PyPI) is a [...]
Cisco Phone Adapters Flaw Let Attackers Execute Arbitrary Code
Cisco SPA112 2-Port Phone Adapters have been reported to be vulnerable to arbitrary code execution via a malicious firmware upgrade. Cisco has classified this vulnerability as Critical, with a CVSS Score as [...]
New ‘Cactus’ Ransomware Encrypts Itself to Evade Detection
A novel ransomware strain dubbed ‘Cactus’ has been found to be exploiting vulnerabilities in Fortinet VPN devices to gain initial access to corporate or other large-scale networks. What is Cactus Ransomware? Cactus, [...]
Sandworm Attackers Use WinRAR to Wipe Data from Government Devices
Sandworm (UAC-0165), a Russian hacking group, has been linked to an attack on Ukrainian state networks that involved wiping data from government devices using WinRAR, according to an advisory from the Ukrainian [...]
Windows admins can sign up for “known issue” email alerts
The Windows Known Issue Email Alerts is a new feature recently introduced. The Email Alerts for Windows known issue was the highly-requested feature for IT administrators who are responsible for [...]
South Korean Lures Used to Deploy ROKRAT Malware
The North Korean threat actor known as APT37 has been observed changing deployment methods and using South Korean foreign and domestic affairs-themed lures with archives containing Windows shortcut (LNK) files [...]
New LOBSHOT Malware Deployed Via Google Ads
Cybersecurity researchers have discovered a new malware, called ‘LOBSHOT,’ distributed through Google ads. What is LOBSHOT Malware ? The ads, which promoted the legitimate AnyDesk remote management software, led users [...]
Global Malverposting Campaign Infecting Over 500,000 Devices
A recent ‘malverposting’ campaign linked to a Vietnamese threat actor has been ongoing for months and is estimated to have infected over 500,000 devices worldwide in the past three months alone. [...]
How to Use GitHub Desktop in Windows 10 and 11
Git and GitHub are essential tools for developers. However, the learning curve to adapting git version control into your daily workflow can be difficult at first. Newbie developers are often [...]
Atomic macOS Malware Steals Auto-fills, Passwords, Cookies, Wallets
Recently, the cybersecurity researchers at Cyble discovered a new macOS malware, ‘Atomic’ (aka ‘AMOS’), sold for $1,000/month on private Telegram channels. Buyers pay a high price to receive a DMG [...]
RTM Locker Ransomware Variant Targeting ESXi Servers
RTM Locker ransomware-as-a-service operators have now turned their attention to Linux, network-attached storage devices and ESXi hosts. Since 2015, the RTM cybercrime group has been involved in financial fraud, using [...]
Clop and LockBit Ransomware Gangs Target PaperCut Servers
Microsoft has recently revealed that the Clop and LockBit ransomware gangs are responsible for the attacks on PaperCut servers, exploiting vulnerabilities to steal corporate data. In April, two vulnerabilities, CVE-2023-27350 and CVE-2023-27351, were [...]
VMware Resolves Crucial Pwn2Own Zero-Day Exploit Chain
To address zero-day vulnerabilities that might be used to achieve code execution on computers using unpatched versions of VMware’s Workstation and Fusion software hypervisors, the company has provided security upgrades. [...]
-
Evasive Panda’s Malicious Campaign Exploits Software Update Channels Gallery
Evasive Panda’s Malicious Campaign Exploits Software Update Channels
BOTNET, Compromised, cyberattack, Exploitation, Internet Security, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update
Evasive Panda’s Malicious Campaign Exploits Software Update Channels
Evasive Panda's malicious campaign uses the update channels of legitimate Chinese applications to deliver their infamous backdoor, MgBot malware, to unsuspecting victims. Researchers at ESET have recently uncovered a new cyber attack [...]
Code Insight – VirusTotal Launched AI-Powered Malware Analysis Features
An AI-powered code analysis feature was recently launched by VirusTotal, dubbed “Code Insight.” Google Cloud Security AI Workbench’s Sec-PaLM large language model (LLM), optimized for security use cases, powers VirusTotal’s latest [...]
-
Yellow Pages Canada confirms cyberattack as BlackBasta leaks its data GalleryYellow Pages Canada confirms cyberattack as BlackBasta leaks its data
BOTNET, Compromised, Data Breach, Evilproxy, Exploitation, Internet Security, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update
Yellow Pages Canada confirms cyberattack as BlackBasta leaks its data
Yellow Pages Group, a Canadian directory publisher has confirmed to BleepingComputer that it has been hit by a cyber attack. Yellow Pages Data Leaked Black Basta ransomware and extortion gang [...]
New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks
The Service Location Protocol (SLP) is intended to allow the automated discovery of shared services within a local area network (LAN) without the need for prior configuration on the part [...]
Finding Decoy Dog Toolkit via Anomalous DNS Traffic
The ‘Decoy Dog’ malware toolkit, aimed at enterprises, was uncovered recently by the security analysts at Infoblox by analyzing 70 billion DNS records and traffic that differs from typical online [...]
Bumblebee malware: Distributed via Google Ads and used for ransomware attacks
The bumblebee malware, first spotted last year targeting enterprise users is now distributed via SEO poisoning and Google Ads, which promote popular software such as Zoom, Cisco AnyConnect, the Chat GPT and Citrix Workspace. Bumblebee malware [...]
EvilExtractor Stealer Malware Attacks Peaked in March 2023
The attack tool known as Evil Extractor and developed by a company called Kodex as an “educational tool,” has been used by threat actors to target Windows-based machines. What Is [...]
LockBit ransomware encryptors found targeting Mac devices
Researchers at MalwareHunterTeam uncovered a ZIP archive on VirusTotal that was found to contain encryptors for devices running macOS. What is LockBit ransomware? LockBit is the name of a ransomware targeting Mac [...]
-
New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware GalleryNew QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware
Banking Trojan, BOTNET, Internet Security, malicious cyber actors, Malicious extension, Malware, Mobile Security, phishing, Security Advisory, Security Update, Tips
New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware
Researchers are seeing a “significant increase” in attacks deploying the Qakbot malware, which have targeted victims in Germany, Argentina, Italy, Algeria, Spain, the U.S. and other countries with emails containing [...]
WhatsApp introduces new security features
WhatsApp has announced several new security features which include an extra check when an account is transferred to a new device. Account Protect, a new security feature from the instant messaging platform, [...]
How to install the Android 14 Beta on Google Pixel
After a few early developer previews, the Android 14 Beta program has officially arrived. Here’s how to get Android 14 on your Google Pixel smartphone. To enjoy the benefits of [...]
Kyocera: Exploited to distribute malware
The Kyocera Android print app is vulnerable to unauthorized manipulation, providing malicious applications the opportunity to download and potentially install malware on vulnerable people Appliances. The security flaw has been tracked as CVE-2023-25954. Specifically, [...]
Hacked sites are spreading malware using fake Chrome updates
Hackers are once again using fake Google Chrome updates as means to infect unsuspecting users with malware. According to NTT security analyst Rintaro Koike, the attack starts off with the threat [...]
Two New Emergency Patches from Apple
Apple just issued a short, sharp series of security fixes for Macs, iPhones and iPads. The following list of devices has reportedly had the issues fixed, according to the tech [...]
Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit
Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the [...]
Microsoft and SAP Release Security Updates to Address Critical Vulnerabilities
The most important of the new notes deals with two critical vulnerabilities in SAP Diagnostics Agent that could be exploited to execute commands on all monitored SAP systems. The bugs [...]
Balada Injector malware campaign: It has infected 1 million WordPress sites
A cyber attack campaign targeting WordPress websites has recently caused significant concern, with experts estimating that up to one million websites may have been compromised. Sucuri has reported that the Balad Injector campaign [...]
FusionCore – An Emerging Malware-as-a-Service Group in Europe
An up-and-coming cybercrime group, FusionCore, is likely composed of English-speaking European teenagers with distinct skills. All about FusionCore Malicious activities associated with a new and upcoming cybercrime group, dubbed FusionCore, [...]
New Rilide Malware Strikes Chromium-Based Browsers to Steal Cryptocurrency
Researchers discovered a new malware that fakes legitimate Google Drive extensions to inject malicious scripts and steal cryptocurrency. The new Rilide malware targets Chromium-based browsers like Google Chrome, Microsoft Edge, [...]
-
ALPHV Ransomware Affiliate targets vulnerable backup installations to gain initial access GalleryALPHV Ransomware Affiliate targets vulnerable backup installations to gain initial access
BOTNET, Compromised, Exploitation, malicious cyber actors, Malicious extension, Malware, Ransomware, Targeted Attacks, vulnerability
ALPHV Ransomware Affiliate targets vulnerable backup installations to gain initial access
Mandiant has identified a new affiliate of ALPHV (BlackCat ransomware), identified as UNC4466, that targets publicly exposed Veritas Backup Exec installations that are vulnerable to CVE-2021-27876, CVE-2021-27877, and CVE- 2021-27878 [...]
CryptoClippy: New Clipper malware targets Portuguese crypto users
Portuguese users should be wary of CryptoClippy, a new form of malware targeting them in a malvertising campaign. This malware is capable of stealing cryptocurrency if unsuspecting users are not [...]
New Rorschach Ransomware: The Fastest Encryptor
A sophisticated and fast ransomware family, dubbed Rorschach, has emerged in the threat landscape. The ransomware was spotted for the first time when deployed against a U.S.-based company. Its uniqueness [...]
Hackers Exploit WinRAR SFX Archives to Install Backdoors Undetected
Threat actors exploit WinRAR self-extracting (SFX) archives containing decoy files by adding malicious functionality to install backdoors in target systems without detection. SFX archives, which have been used for legitimate purposes, are [...]
New AlienFox toolkit steals credentials for 18 cloud services
A recently discovered comprehensive toolset dubbed AlienFox toolkit is circulating on Telegram. It’s a modular set of tools that enables malicious actors to scan for poorly configured servers, potentially leading [...]
QNAP Issues Urgent Warning to Customers Regarding Critical Linux Vulnerability
QNAP, a manufacturer of network-attached storage (NAS) systems, issued a warning to its users regarding a critical vulnerability that can be exploited through the Sudo program for Linux. CVE-2023-22809 The [...]
Microsoft Bing Search Results Altered Through AAD Misconfiguration
Recently, cybersecurity company Wiz discovered a misconfiguration issue in Azure Active Directory (AAD) that resulted in unauthorized access to several applications, which could have also led to a Bing.com takeover. What is [...]
Mélofée: The latest malware targeting Linux servers
The malware may be linked to another state-sponsored APT group called Earth Berberoka (or GamblingPuppet), which mainly targets gambling websites in China. ExaTrack, a cybersecurity company based in France, recently [...]
Researchers warn of two new variants of potent IcedID malware loader
New IcedID variants found without the usual bank fraud feature. Instead, they appear to be aiming to install additional malware on infected devices. Proofpoint has specified two new versions of [...]
Card Skimming Attack Targets WooCommerce Websites
Online transactions ease our daily lives but also pose a serious risk to both businesses and their customers. Magecart attacks are one of them. Magecart is a type of malware that can [...]
SharePoint Phishing Scam Targets 1600 Across US, Europe
A new Phishing campaign based on legitimate servers from the Microsoft SharePoint platform aims at least 1600 people throughout the Europe, the USA and other areas around the world using one native notification mechanism. Kaspersky security researchers described the findings in [...]
-
Nexus Android Malware targets customers of 450 financial institutions worldwide GalleryNexus Android Malware targets customers of 450 financial institutions worldwide
BOTNET, Compromised, Exploitation, infostealer, Internet Security, malicious cyber actors, Malware, Mobile Security, Security Advisory, Security Update
Nexus Android Malware targets customers of 450 financial institutions worldwide
The recently evolved version of Nexus has targeted more than 450 banks and cryptocurrency services. Multiple threat actors are already found to be using Nexus to conduct fraudulent campaigns. About [...]
Adobe Acrobat Sign Abused to Distribute Malware
Cybercriminals have been observed abusing Adobe’s Acrobat Sign service to deliver emails leading to a RedLine stealer infection, cybersecurity firm Avast warns. Adobe Acrobat Sign is an online tool designed [...]
The new HinataBot botnet could launch massive DDoS attacks
Researchers have discovered a new DDoS botnet capable of launching attacks with data volumes reaching several Tbps. Akamai said the malware itself was christened “Hinata” by its author after a character [...]
SAP Fixes Multiple Critical Vulnerabilities on March 2023 Patch Day
SAP has recently fixed 19 vulnerabilities as part of its March 2023 patch day. Five vulnerabilities are rated critical and have also been labeled “hot news” by the vendor. The critical vulnerabilities [...]
-
Android malware “FakeCalls” targets financial firms in South Korea GalleryAndroid malware “FakeCalls” targets financial firms in South Korea
BOTNET, Compromised, Exploitation, Internet Security, malicious cyber actors, Malicious extension, Malware, Mobile Security, phishing, Security Advisory, Security Update
Android malware “FakeCalls” targets financial firms in South Korea
A new Android vishing (voice phishing) malware tool called “FakeCalls” has been detected targeting victims in South Korea by impersonating 20 leading financial institutions in the region. Dubbed “FakeCalls” by the Check [...]
Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection
A piece of malware designed to load Cobalt Strike beacons onto victim machines has been traced back to both Chinese and Russian threat actors. SILKLOADER Malware Finnish security vendor WithSecure claimed in [...]
Microsoft fixes Windows zero-day exploited in ransomware attacks
Microsoft fixed zero-day vulnerability that malicious actors were exploiting to bypass its anti-malware service windows smart screen based on cloud and deliver ransomware payloads Magniber without any warning. About CVE-2023-23397 “CVE-2023-23397 is a critical EOP Vulnerability [...]
-
GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks GalleryGoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks
Compromised, Data Breach, Exploitation, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update
GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks
A recently identified Golang-based botnet is targeting web servers running FTP, MySQL, phpMyAdmin, and Postgres services, Palo Alto Networks reports. How GoBruteforcer works and what devices it targets Cybersecurity researchers [...]
Clop ransomware: Breached companies via GoAnywhere MFT zero-day
The gang behind it Clop ransomware has begun extorting companies whose data were stolen thanks to the use of a zero-day vulnerability in your file sharing solution Fortra GoAnywhere MFT. The Clop ransomware gang, responsible for [...]
Xenomorph Android malware: Now stealing data from 400 banks
A new version of the Xenomorph Android malware has been released with increased malicious capabilities, such as the Automatic Transfer System framework and the ability to steal credentials from 400 [...]
Proof-of-Concept released for critical Microsoft Word RCE bug
A PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly available. Joshua [...]
Google Is Giving VPN Access to Every Google One Subscriber
Google is announcing more features that are being expanded to include all Google One subscribers. What is the new addition ? The new additions include VPN access for every Google [...]
Dangerous emotet botnet resumes email activity
Successful compromises by the notorious Emotet malware are occurring again. After several months of inactivity, the botnet resumed its email activity on 07.03.2023. Emotet is one of the most well-known [...]
The rise of phishing scams and how to avoid them
Cybersecurity scams continue to be on the rise. As scammers get smarter, it’s important to stay up to date on the latest trends. One of the best things you can [...]
Apple iOS 16.4: new features!
Apple is in the process of being finalized iOS 16.4 for its official public release this spring! If all goes according to plan, users can expect access to a variety of new and [...]
Google announces new features for Android and Wear OS
Google has announced a slew of new features for Android, Chromebook and Wear OS that are designed to improve connectivity, productivity and accessibility. Google new features: Once you install the latest update [...]
DoppelPaymer ransomware: Two key gang members targeted by authorities
An international law enforcement operation has led to the arrests of suspected core members of the prolific DoppelPaymer ransomware operation. The operation included "raids" on many locations in the two countries during the past [...]
Aruba Networks fixes six critical vulnerabilities in ArubaOS
Aruba Networks has issued a security advisory addressing six critical vulnerabilities that exist in various versions of its proprietary operating system – ArubaOS. Aruba Networks, formerly known as Aruba Wireless [...]
Bitdefender releases MortalKombat decryptor to help recover your files
Cybersecurity company Bitdefender has recently announced the release of a new decryptor for the MortalKombat ransomware. The decryptor is now available for download and can help victims of ransomware to recover [...]
New Exfiltrator-22 post-exploitation kit linked to LockBit ransomware
Exfiltrator-22 is a new post-exploitation kit that can spread ransomware undetected. Researchers speculate that the creators of this kit are former LockBit 3.0 affiliates, experts in anti-analysis and defense evasion. [...]
Critical vulnerabilities in Houzez WordPress theme lead to privilege escalation attacks
Two critical severity vulnerabilities in the Houzez theme and plugin for WordPress are actively being exploited to hijack websites. The vulnerabilities, tracked as CVE-2023-26540 and CVE-2023-26009 are both privilege escalation flaws having a CVSS [...]
Beware! New WhiteSnake Malware Attack Windows & Linux Users
The Cyber Research and Intelligence Labs have recently identified a novel malware variant known as the “White Snake” Stealer, which has the potential to cause significant harm to computer systems [...]
Hydrochasma hackers target medical research labs
A new threat actor has been seen targeting shipping companies and medical laboratories in Asia with phishing emails. Dubbed "Hydrochasma" by Symantec cybersecurity researchers, the threat actor appears to have had [...]
VMware Fixes Critical Vulnerability in Carbon Black App Control (CVE-2023-20858)
VMware has fixed a critical vulnerability (CVE-2023-20858) in Carbon Black App Control, its enterprise solution for preventing untrusted software from executing on critical systems and endpoints. Affected Carbon Black App [...]
Exploit released for critical Fortinet RCE flaws, patch now
Security researchers have released a proof-of-concept exploit for a critical vulnerability (CVE-2022-39952) in Fortinet's FortiNAC network access control suite. The vulnerability has been detected in FortiNAC versions 9.4.0, 9.2.0 through [...]
New Stealc malware emerges with a wide set of stealing capabilities
A new information stealer advertised as "Stealc" has been discovered by Sekoia researchers. Security researchers at cyber threat intelligence company SEKOIA spotted the new strain in January and noticed it started to gain tractionin [...]
Samsung has created a zero-click antivirus for messages
Samsung has introduced a new Message Guard security feature for its Galaxy range of smartphones and tablets that can better protect users against “zero-click” cyberattacks disguised as image attachments in [...]
Coinbase cyberattack targeted employees with fake SMS alert
A sneaky cyber attack has recently surfaced with the aim of deceiving Coinbase employees through fake SMS alerts. Coinbase is one of the most popular cryptocurrency exchanges on the market [...]
GODADDY CLAIMS HACKERS STOLE SOURCE CODE AND PUT MALWARE ON ITS SERVERS
GoDaddy, a web hosting company, has disclosed that during a multi-year period, hackers broke into its systems, planted malware on its network, and stole some of its source code. The [...]
Fuser-master: Compromises WordPress Sites
WordPress is an immensely popular content management system (CMS) powering over 43% of all websites. Many webmasters will monetize their sites by running ads and need to draw particular attention to [...]
Microsoft Exchange ProxyShell flaws exploited in new crypto-mining attack
ProxyShellMiner is being distributed to Windows endpoints by a very elusive malware operation, according to Morphisec. ProxyshellMiner Malware ProxyShell is the name of three Exchange vulnerabilities discovered and fixed by [...]
Cloudflare Thwarts Largest DDoS Attack on Record: 71M Requests
Cloudflare stated that it had managed to mitigate multiple “hyper-volumetric” DDoS attacks that originated from more than 30,000 IP addresses. The 71 rps attack is 35% higher than the previous DDoS attack [...]
Microsoft Patch Tuesday February: Fixes over 75 vulnerabilities
Microsoft released it Patch Tuesday for February 2023 correcting over 75 security vulnerabilities, which include all three zero-day bugsthat have been used in attacks. Five of the others flaws which earned a 9.8 CVSS score [...]
RedEyes: Uses M2RAT malware to steal data from Windows and phones
RedEyes Hacking Group (aka APT37), a threat group known for its cyber espionage activities, has recently adopted a new tactic in its efforts to collect intelligence from targeted individuals. This [...]
MortalKombat ransomware: Targets systems in the US
Hackers running a new financially motivated campaign are using a variant of the Xortist ransomware called 'MortalKombat', along with the Laplas clipper in cyberattacks. How it targets ? Infected computers [...]
7 Types of Social Engineering Attacks Targeting You
Social engineering has been an observable phenomenon since the beginning of history. People with something to gain have always found avenues to manipulate others’ fears or willingness to trust. In [...]
Malicious PyPi packages contained the W4SP Stealer malware
Five malicious packages were found on the Python Package Index (PyPI), stealing passwords, Discord authentication cookies, and cryptocurrency wallets from unsuspecting developers. Having already been acquired by hundreds of software [...]
Patch Released for CVE-2023-25194 RCE Vulnerability in Apache Kafka
A vulnerability addressed by the latest update for Apache Kafka is an unsafe Java deserialization issue that could be exploited to execute code remotely, with authentication. CVE-2023-25194 Tracked as CVE-2023-25194, Apache Kafka [...]
Linux Variant of Cl0p Ransomware Emerges
Cl0p has been one of the most active ransomware families over the past several years, targeting numerous private and public organizations globally, in sectors such as aerospace, energy, education, finance, [...]
ESXiArgs Ransomware Attack Targets VMware Servers Worldwide
The vulnerability, tracked as CVE-2021-21974, is caused by a stack overflow issue in the OpenSLP service that unauthenticated threat actors in low-complexity attacks can exploit. What is ESXiArgs Ransomware ? ESXiArgs is a [...]
Clop ransomware for Linux: Flaw allows file recovery
The Clop ransomware operation now also uses a variant of the malware that only targets Linux servers, but a flaw in the encryption system allows victims to recover their files [...]
Google Fi data breach let hackers perform SIM swapping
Google Fi, Google’s U.S.-only telecommunications and mobile internet service, has notified customers that personal data was exposed by a data breach at one of its primary network providers. Some of [...]
New HeadCrab Malware Hijacks 1,200 Redis Servers
Since September 2021, over a thousand vulnerable Redis servers online have been infected by a stealthy malware dubbed “HeadCrab”, designed to build a botnet that mines Monero cryptocurrency. New HeadCrab Malware ? [...]
Hackers Use New IceBreaker Malware to Breach Gaming Companies
Hackers have been targeting online gaming and gambling companies with what appears to be a previously unseen backdoor that researchers have named IceBreaker. Researchers at incident response firm Security Joes believe [...]
New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices
A new exploit called ‘Sh1mmer’ can be used to “unenrolling” enterprise-managed Chromebooks to install apps and bypass device restrictions. What is SH1MMER Exploit? SH1MMER (Shady Hacking 1nstrument Makes Machine Enrollment [...]
Attacks Targeting Realtek SDK Vulnerability Ramping Up
Palo Alto Networks warns of an increase in cyberattacks targeting CVE-2021-35394, a remote code execution (RCE) vulnerability in the Realtek Jungle SDK. The first in-the-wild attacks targeting CVE-2021-35394 were observed days after [...]
Yandex Code Repositories Leaked Allegedly by Former Employee
The threat actor has dumped a whopping 44.7 GB worth of Yandex data, including its source code repository, on a popular hacker forum. Yandex Code Repositories The source code repository [...]
VMware Patches Critical RCE Vulnerabilities in vRealize Log Insight
VMware addresses multiple vulnerabilities, including two rated as critical, in the vRealize Log Insight product. The vRealize Log Insight by VMware is a virtual appliance that allows administrators to gather [...]
Remote Code Execution Vulnerability in Microsoft Teams
Researchers discovered an RCE vulnerability in Microsoft Teams during Pwn2Own 2022. The application is used by a wide range of people, including professionals, and an exploit could cause significant harm to its [...]
Chinese Hackers Exploited Recent Fortinet Flaw as 0-Day to Drop Malware
A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) [...]
Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud
Two new vulnerabilities have been found in the Galaxy App Store application allowing local attackers to install arbitrary applications or execute JavaScript by launching a specific web page. The findings [...]
CISA Warns for Vulnerabilities in Industrial Control Systems (ICS)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released several Industrial Control Systems (ICS) advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The [...]
New Backdoor Created Using Leaked CIA’s Hive Malware Discovered in the Wild
Netlab recently released a report confirming that this sample was adapted from the leaked Hive project server source code from the U.S. CIA. This new variant of the HIVE kit, [...]
Attackers Infected a CircleCI Employee with Malware to Steal Customer Session Tokens
Software development service CircleCI has revealed that a recently disclosed data breach was the result of information stealer malware being deployed on an engineer’s laptop. How its infected? According to [...]
RAT malware campaign tries to evade detection using polyglot files
Operators of the StrRAT and Ratty distant entry trojans (RAT) are operating a brand new marketing campaign utilizing polyglot MSI/JAR and CAB/JAR information to evade detection from safety instruments. What [...]
Cacti Patched CVE-2022-46169 Critical RCE Vulnerability
Open-source, web-based network monitoring and graphing tool Cacti received an update recently to fix a critical-severity security vulnerability that enabled executing arbitrary code on a server running Cacti. CVE-2022-46169 It is an open-source, web-based network [...]
-
Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App GalleryExpert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App
BOTNET, Data Breach, Exploitation, hackers, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Mobile Security, Security Advisory, Security Update
Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App
A comprehensive analysis of the cryptographic protocols used in the Swiss encrypted messaging application Threema has revealed a number of loopholes. What is Threema? Threema's end-to-end inner protocol, the one [...]
Microsoft ends Windows 7 extended security updates on Tuesday
Windows 7 Professional and Enterprise editions will no longer receive extended security updates for critical and important vulnerabilities starting Tuesday, January 10, 2023. Alongside this, the Redmond company encourages Windows [...]
-
Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors GalleryRussian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors
Backdoor, Compromised, Darknet, Data Breach, Exploitation, hackers, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware
Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors
Organisations that fell victim to Andromeda, a commodity malware that dates back 12 years, seem to be at risk of compromise by the Moscow-backed advanced persistent threat (APT) group tracked variously [...]
Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
South African threat actors known as 'Automated Libra' has been improving their techniques to make a profit by using cloud platform resources for cryptocurrency mining. PURPLEURCHIN first came to light [...]
Synology Fixes a Max Severity RCE Vulnerability in VPN Server Products
"Taiwan-based NAS maker Synology has addressed a maximum (10/10) severity vulnerability affecting routers configured to run as VPN servers.The vulnerability, tracked as CVE-2022-43931, was discovered internally by Synology's Product Security Incident [...]
-
RCE Vulnerability (CVE-2022-45359) in Yith WooCommerce Gift Cards Plugin Exploited in Attacks GalleryRCE Vulnerability (CVE-2022-45359) in Yith WooCommerce Gift Cards Plugin Exploited in Attacks
BOTNET, Compromised, Exploitation, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update, Software Issues, Targeted Attacks, Tips, vulnerability, wordpress
RCE Vulnerability (CVE-2022-45359) in Yith WooCommerce Gift Cards Plugin Exploited in Attacks
Hackers are actively exploiting a critical vulnerability, tracked as CVE-2022-45359 (CVSS v3: 9.8), affecting the WordPress plugin YITH WooCommerce Gift Cards Premium. CVE-2022-45359 Vulnerability The CVE-2022-45359 vulnerability allows unauthenticated attackers to upload [...]
PyTorch Machine Learning Framework Compromised with Malicious Dependency
The PyTorch team has issued a warning to users who installed PyTorch-nightly over the holidays, advising them to uninstall the framework and the counterfeit 'torchtriton' dependency. Originally developed and released [...]
Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities
Two critical vulnerabilities tracked as CVE-2022-27510 and CVE-2022-27518 still affect thousands of Citrix Application Delivery Controller (ADC) and Gateway devices, NCC Group’s Fox IT team said in a blog post. [...]
-
APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector GalleryAPT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector
BOTNET, Compromised, Data Breach, Exploitation, Internet Security, malicious cyber actors, Malicious extension, Malware, Microsoft, Security Advisory, Security Update
APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector
In July 2022, Microsoft made a crucial development to its Office software that blocks macros in Office files attached to email messages. While this block only applies to new versions of [...]
-
Critical Linux Kernel Vulnerability Let Attackers Execute Remote Code Gallery
Critical Linux Kernel Vulnerability Let Attackers Execute Remote Code
Compromised, Exploitation, hackers, Internet Security, IOC's, Linux Malware, malicious cyber actors, Malware, Security Advisory, Security Update, vulnerability
Critical Linux Kernel Vulnerability Let Attackers Execute Remote Code
A critical remote code execution vulnerability (CVE-2022-47939) has been identified in the ksmbd module of the Linux kernel. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux [...]
-
PrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware GalleryPrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware
Compromised, Exploitation, hackers, infostealer, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update, windows
PrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware
PrivateLoader is an active malware in the loader market, used by multiple threat actors to deliver various payloads, mainly information stealer. The pay-per-install (PPI) malware downloader service PrivateLoader is being used to [...]
GuLoader Malware Utilizing New Techniques to Evade Security Software
Cybersecurity researchers exposed new evasion techniques adopted by an advanced malware downloader called GuLoader. GuLoader malware GuLoader is a first-stage trojan designed to infect a system and drop a final payload. Typically other trojans or [...]
CVE-2022-47633 Vulnerability Allows Attackers to Bypass Kyverno Signature Verification
The vulnerability could let attackers introduce malicious code into cloud production environments. Kyverno’s admission controller offers a signature verification mechanism to ensure that only signed container images can enter a Kubernetes cluster. The [...]
Vice Society Ransomware Attackers Adopt Robust Encryption Methods
SentinelLabs disclosed that the Vice Society group has adopted a new custom-branded ransomware payload in recent intrusions, dubbed ‘PolyVice,’ which implements an encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms. Vice [...]
-
LastPass Admits to Severe Data Breach, Encrypted Password Vaults Stolen GalleryLastPass Admits to Severe Data Breach, Encrypted Password Vaults Stolen
BOTNET, Compromised, Evilproxy, Exploitation, infostealer, Internet Security, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update
LastPass Admits to Severe Data Breach, Encrypted Password Vaults Stolen
LastPass has confirmed that cybercriminals stole its customers’ encrypted password vaults, which store its customers’ passwords and other secrets, in a data breach earlier this year. LastPass revealed that this repository of customer [...]
-
ProxyNotShell Vulnerabilities Being Actively Exploited (CVE-2022-41040 and CVE-2022-41082) GalleryProxyNotShell Vulnerabilities Being Actively Exploited (CVE-2022-41040 and CVE-2022-41082)
Compromised, Data Breach, Evilproxy, Exploitation, hackers, Internet Security, IOC's, malicious cyber actors, Malicious extension, vulnerability
ProxyNotShell Vulnerabilities Being Actively Exploited (CVE-2022-41040 and CVE-2022-41082)
Reports says, the zero-day vulnerabilities CVE-2022-41040 and CVE-2022-41082, dubbed ProxyNotShell, are still being actively exploited. ProxyNotShell vulnerabilities are exploited by adversaries for remote code execution (RCE) in vulnerable Exchange servers in the wild. [...]
Raspberry Robin Worm Strikes Again, Targeting Telecom and Government Systems
Researchers at Trend Micro have been tracking Raspberry Robin since September and are warning the worm is notable for its 10 layers of obfuscation and its ability to deploy a [...]
-
Cybercriminals Launch New BrasDex Android Trojan Targeting Brazilian Banking Users Gallery
Cybercriminals Launch New BrasDex Android Trojan Targeting Brazilian Banking Users
BOTNET, Compromised, Exploitation, hackers, infostealer, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Mobile Security, phishing, Security Advisory, Security Update
Cybercriminals Launch New BrasDex Android Trojan Targeting Brazilian Banking Users
The threat actors behind the Windows banking malware known as Casbaneiro has been attributed as behind a novel Android trojan called BrasDex that has been observed targeting Brazilian users. What is BrasDex? BraDex is [...]
-
Malicious PyPI package posed as SentinelOne SDK to serve info-stealing malware GalleryMalicious PyPI package posed as SentinelOne SDK to serve info-stealing malware
BOTNET, Compromised, Exploitation, hackers, infostealer, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update, Tips
Malicious PyPI package posed as SentinelOne SDK to serve info-stealing malware
Cybersecurity researchers at ReversingLabs have discovered a new malicious package, named ‘SentinelOne,’ on the Python Package Index (PyPI) repository that impersonates a legitimate software development kit (SDK) for SentinelOne. The [...]
Apple patches active exploit vulnerability for iPhones
Apple has confirmed that an iPhone software update it released two weeks ago fixed a zero-day security vulnerability that it now says was actively exploited. The update, iOS 16.1.2, landed on [...]
Microsoft Reevaluates SPNEGO NEGOEX Vulnerability CVE-2022-37958 as Critical
A critical remote code execution vulnerability has been discovered in the SPNEGO (Simple and Protected GSS-API Negotiation Mechanism). CVE-2022-37958 The Vulnerability CVE-2022-37958, has been rated as having a CVSS score [...]
-
Microsoft CVE-2022-44693: Microsoft SharePoint Server Remote Code Execution Vulnerability GalleryMicrosoft CVE-2022-44693: Microsoft SharePoint Server Remote Code Execution Vulnerability
Compromised, Exploitation, Internet Security, IOC's, malicious cyber actors, Microsoft, Security Advisory, Security Update
Microsoft CVE-2022-44693: Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft on Tuesday released patches for 48 vulnerabilities in seven Microsoft product families. This includes 6 Critical-class issues affecting Microsoft Dynamics, SharePoint, and Windows. Of the 53 patches released in [...]
Fortinet Released Patch for FortiOS SSL-VPN RCE Vulnerability CVE-2022-42475
Fortinet has released a patch for a critical zero-day security vulnerability affecting its FortiOS SSL-VPN product. The vulnerability could lead to remote code execution and is actively exploited. CVE-2022-42475 CVE-2022-42475 is a heap-based buffer overflow vulnerability in [...]
Amazon ECR Public Gallery flaw could have wiped or poisoned any image
Security flaw has been disclosed in Amazon Elastic Container Registry (ECR) Public Gallery that could have been potentially exploited according to cloud security firm Lightspin. Amazon ECR Public Gallery The Amazon [...]
-
MegaRAC flaws, IP leak impact multiple server brands Gallery
MegaRAC flaws, IP leak impact multiple server brands
BOTNET, Compromised, Exploitation, hackers, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Mobile Security, Security Advisory, Security Update, Software Issues, Targeted Attacks, Tips
MegaRAC flaws, IP leak impact multiple server brands
Research team has found three different vulnerabilities in the MegaRAC Baseboard Management Controller (BMC) software. CVE-2022-40259 and CVE-2022-40242 vulnerabilities have CVSS scores of 9.8, while the CVE-2022-2827 vulnerability has a CVSS score of 7.5 on the National Vulnerability [...]
-
Cryptocurrency Mining Campaign Hits Linux Users with Go-based CHAOS Malware GalleryCryptocurrency Mining Campaign Hits Linux Users with Go-based CHAOS Malware
BOTNET, Compromised, Exploitation, hackers, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update, Woody RAT malware
Cryptocurrency Mining Campaign Hits Linux Users with Go-based CHAOS Malware
A cryptocurrency mining attack targeting the Linux operating system also involved the use of an open source remote access trojan (RAT) dubbed CHAOS. The potency of the Chaos malware stems from [...]
-
Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver GalleryResearchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver
BOTNET, Compromised, Exploitation, infostealer, Internet Security, IOC's, malicious cyber actors, Malware, Security Advisory, Security Update
Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver
Secureworks Counter Threat Unit (CTU) researchers are investigating the Drokbk malware, which is operated by a subgroup of the Iranian government-sponsored COBALT MIRAGE threat group. Drokbk Malware The Drokbk malware was detected [...]
-
Researchers Uncover Darknet Service Allowing Hackers to Trojonize Legit Android Apps GalleryResearchers Uncover Darknet Service Allowing Hackers to Trojonize Legit Android Apps
BOTNET, Compromised, Darknet, Exploitation, hackers, infostealer, Internet Security, IOC's, Malware, Mobile Security, Security Advisory, Security Update
Researchers Uncover Darknet Service Allowing Hackers to Trojonize Legit Android Apps
Researchers have shed mild on a new hybrid malware campaign targeting the two Android and Windows running programs in a bid to broaden its pool of victims. “This campaign resulted [...]
Lazarus group uses fake cryptocurrency apps to plant AppleJeus malware
Lazarus hacking group spreads malware using a fake cryptocurrency app called BloxHolder. This made-up brand pretends to offer cryptocurrency applications, tricking users to install AppleJeus malware. AppleJeus malware AppleJeus malware, [...]
-
New Go-based Zerobot Botnet Exploiting Dozen of IoT Vulnerabilities to Expand its Network GalleryNew Go-based Zerobot Botnet Exploiting Dozen of IoT Vulnerabilities to Expand its Network
BOTNET, Compromised, DDOS, Exploitation, hackers, Internet Security, IOC's, malicious cyber actors, Malicious extension, Security Advisory, Security Update
New Go-based Zerobot Botnet Exploiting Dozen of IoT Vulnerabilities to Expand its Network
Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen security vulnerabilities in the internet of things (IoT) devices and other software. It contains several modules, [...]
Critical Ping bug potentially allows remote hack of FreeBSD systems
A critical stack-based buffer overflow bug, tracked as CVE-2022-23093, in the ping service can allow to take over FreeBSD systems. CVE-2022-23093 The vulnerability exists due to a boundary error within the pr_pack() [...]
GoTo’s Cloud Storage and Dev Environment Breached by Hackers
GoTo, maker of the popular virtual meeting and desktop-sharing software, and its affiliate LastPass confirmed on Wednesday that their shared cloud-storage service was hit by unknown hackers. Remote access company [...]
LastPass breach affects customer data—but not passwords
Password manager LastPass has told customers that some of their information has been accessed in a cybersecurity breach, but says passwords remain safe. LastPass owner LogMeIn stresses that customer passwords have [...]
Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, & Windows Zero-Days
Google researchers said on Wednesday they have linked a Barcelona, Spain-based IT company to the sale of advanced software frameworks that exploit vulnerabilities in Chrome, Firefox, and Windows Defender. According [...]
ManageEngine Vulnerability (CVE-2022-40300)
ManageEngine recently patched a SQL injection vulnerability bug in their Password Manager Pro, PAM360, and Access Manager Plus products. CVE-2022-40300 A remote attacker can exploit the vulnerability by sending a [...]
Google discovers Windows exploit framework used to deploy spyware
A Spanish company that offers “tailor made Information Security Solutions” may have exploited vulnerabilities in Chrome, Firefox and the Microsoft Defender antivirus program to deploy spyware, researchers with Google’s Threat [...]
Windows 11 is getting a VPN status indicator in the taskbar
Microsoft already released the big Windows 11 update for the year, 22H2, but the company isn’t slowing down on development. A new feature is now in testing that aims to [...]
Hackers Using Trending TikTok ‘Invisible Challenge’ to Spread Malware
Hackers are always coming up with clever ways to exploit the latest trends, and the latest example leverages a popular TikTok challenge to trick unsuspecting users into installing malware on their devices. The trend, [...]
Amazon addresses vulnerability affecting AWS AppSync
Researchers from security company Datadog discovered a cross-tenant vulnerability in a popular Amazon Web Services (AWS) tool, which Amazon has now addressed. What does the vulnerability do ? The bug allows attackers [...]
Patch now! Google Chrome’s GPU code has a zero-day
Google has released an important update to Chrome web browser that fixes another zero-day vulnerability. CVE-2022-413 The high-severity flaw has been in existence since 2022 and has been misused by [...]
WhatsApp data leak: 500 million user records for sale
The latest WhatsApp data leak has reportedly affected as many as 80 countries, including Russia, Italy, Egypt, Brazil, Spain, and more. The list also includes India. Threat actor claims there [...]
Researchers Warn of Cyber Criminals Using Go-based Aurora Stealer Malware
Researchers at SEKOIA identified 7 traffers teams on Dark Web forums that announced the availability of the Aurora Stealer in their arsenal, a circumstance that confirms the increased popularity of [...]
-
Ducktail Malware Operation Evolves with New Malicious Capabilities GalleryDucktail Malware Operation Evolves with New Malicious Capabilities
BOTNET, Compromised, Exploitation, hackers, IOC's, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update, Targeted Attacks, Tips
Ducktail Malware Operation Evolves with New Malicious Capabilities
A Vietnam-based hacking operation dubbed "Ducktail" is targeting individuals and companies operating on Facebook's Ads and Business platform. Ducktail Ducktail has been around since 2021, and is attributed to a [...]
Google Chrome extension used to steal cryptocurrency, passwords
A Google Chrome extension named "VenomSoftX" is being used to steal cryptocurrency from wallets and breach passwords. The malware has been tracked over 93,000 times so far in 2022. What does VenomSoftX do? [...]
New AXLocker Ransomware Steals Victims’ Discord Tokens
Security researchers have warned of a new ransomware variant that not only encrypts the victim’s files but also attempts to steal data by enabling a Discord account takeover (ATO). AXlocker [...]
Notorious Emotet Malware Returns With High-Volume Malspam Campaign
The Emotet malware-delivery botnet is back after a short hiatus, quickly ramping up the number of malicious emails it's sending and sporting additional capabilities, including changes to its binary and [...]
Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign
Security researchers have uncovered a sophisticated phishing campaign using tens of thousands of malicious domains to spread malware and generate advertising revenue. Fangxiao Fangxiao- The threat actor has been active [...]
-
North Korean Hackers Targeting Europe and Latin America with Updated DTrack Backdoor GalleryNorth Korean Hackers Targeting Europe and Latin America with Updated DTrack Backdoor
Compromised, Exploitation, Internet Security, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update
North Korean Hackers Targeting Europe and Latin America with Updated DTrack Backdoor
North Korea-linked APT Lazarus is using a new version of the DTrack backdoor to attack organizations in Europe and Latin America, Kaspersky researchers warn. What is Dtrack backdoor? DTrack allows criminals to upload, [...]
F5 Released Hotfixes for BIG-IP and iControl REST Vulnerabilities
The vulnerability CVE-2022-41622 makes BIG-IP and BIG-IQ vulnerable to unauthenticated remote code execution (RCE) via cross-site request forgery due to Big-IP’s SOAP API lacking CSRF protection and other protective measures. CVE-2022-41622 and CVE-2022-41800 Vulnerabilities An attacker may trick [...]
Critical vulnerability in Spotify’s Backstage discovered, patched
A critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in their environments. What is all [...]
Windows Kerberos authentication breaks after November updates
Microsoft on Sunday reported that after installing updates released on the most recent Patch Tuesday on Nov. 8, security teams might have issues with Kerberos authentication on Windows Servers with [...]
Over 15,000 WordPress Sites Compromised in Malicious SEO Campaign
Security researchers have spotted an intriguing malware campaign designed to increase the search engine rankings of spam websites under the control of threat actors. Over 15,000 WordPress and other sites have [...]
-
New “Earth Longzhi” APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders GalleryNew “Earth Longzhi” APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders
Internet Security, IOC's, malicious cyber actors, Malware, Mobile Security, Security Advisory, Security Update
New “Earth Longzhi” APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders
A new APT group, Earth Longzhi, reportedly targeted organizations in East Asia, Southeast Asia, and Ukraine using a Cobalt Strike loader. The group, active since at least 2020, is considered [...]
Warning: New Massive Malicious Campaigns Targeting Top Indian Banks’ Customers
Trend Micro researchers observed an uptick in attacks targeting bank customers in India, the common entry point being a text message with a phishing link. The SMS content urges the [...]
Several Cyber Attacks Observed Leveraging IPFS Decentralized Network
A new web3 technology is being abused widely by threat actors, according to security researchers from tech giant Cisco. What is IPFS ? The InterPlanetary File System (IPFS) is a [...]
-
Microsoft November 2022 Patch Tuesday Fixed 11 Critical Vulnerabilities and 6 Zero-Days GalleryMicrosoft November 2022 Patch Tuesday Fixed 11 Critical Vulnerabilities and 6 Zero-Days
Forensic Investigation, Internet Security, malicious cyber actors, Microsoft, Security Advisory, Security Update, vulnerability
Microsoft November 2022 Patch Tuesday Fixed 11 Critical Vulnerabilities and 6 Zero-Days
Microsoft November 2022 Patch Tuesday has been released with patches for a total of 68 vulnerabilities, which include 6 actively exploited zero days and 11 critical vulnerabilities. Microsoft has fixed [...]
New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader
Threat actors have developed a new approach to deceive cryptocurrency users. They are using Laplas Clipper, a new feature-rich clipboard stealer that allows hackers to gain more control and insights [...]
Experts Find URLScan Security Scanner Inadvertently Leaks Sensitive URLs and Data
Sensitive URLs to shared documents, password reset pages, team invites, payment invoices and more are publicly listed and searchable on urlscan.io, a security tool used to analyze URLs. What is urlscan.io? [...]
-
Robin Banks Phishing Service for Cybercriminals Returns with Russian Server GalleryRobin Banks Phishing Service for Cybercriminals Returns with Russian Server
Exploitation, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware, phishing, Security Advisory, Security Update, Tips
Robin Banks Phishing Service for Cybercriminals Returns with Russian Server
A phishing-as-a-service (PhaaS) platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. DDoS-Guard takes over from Cloudflare after the latest caused a [...]
Researchers Find Links b/w Black Basta Ransomware and FIN7 Hackers
A new analysis of tools put to use by the Black Basta ransomware operation has identified ties between the threat actor and the FIN7 (aka Carbanak) group. Black Basta has [...]
OpenSSL Announced Two High-Severity Vulnerabilities Are Fixed
OpenSSL released patches for two vulnerabilities that have caused widespread concern among cybersecurity experts and researchers over the last week and a half. OpenSSL is a commonly used code library [...]
Dropbox breached, GitHub repositories stolen
File-hosting company Dropbox revealed on Tuesday that it has suffered a phishing incident. Attackers took 130 code repositories using stolen credentials after gaining access to one of Dropbox's GitHub accounts. The attacker eventually [...]
Emotet botnet starts blasting malware again after 5 month break
The malicious program operators have been silent for five months and have now again started to spam emails with malicious programs after the vacation. Emotet is the malware typically spread [...]
A New Rising Social Engineering Trend: Callback Phishing
Callback phishing emerged as a hybrid social engineering technique that combines phishing and vishing. The phishing technique used to steal sensitive data or transmit harmful packages via email and vishing. Malicious attachments [...]
Fodcha DDoS Botnet Resurfaces with New Capabilities
Researchers have discovered a new version of the Fodcha DDoS botnet, featuring upgrades to deter analysis by security researchers and the ability to inject ransom demands into packets. Fodecha DDOS [...]
Actively exploited Windows MoTW zero-day gets unofficial patch
A free unofficial patch is available for a Mark-of-the-web (MoTW) security vulnerability impacting Windows 10 and 11, Bleeping Computer reports. The actively exploited zero-day flaw lets files signed with malformed signatures [...]
Chrome issues urgent zero-day fix – update now!
Google has announced an update for Chrome issues that fixes an in-the-wild exploit. Mitigation for chrome issues If you’re a Chrome user on Windows, Mac, or Linux, you should update as soon [...]
Newly Unsealed Indictment Charges the Operator of Raccoon Infostealer
U.S. officials have charged a Ukrainian national over his alleged role in the Raccoon Infostealer malware-as-a-service operation that infected millions of computers worldwide. The U.S. Department of Justice accused Sokolovsky [...]
Microsoft links Raspberry Robin worm to Clop ransomware attacks
Microsoft has discovered recent activity that links the Raspberry Robin worm to human-operated ransomware attacks. The experts noticed that threat actors tracked as DEV-0950 used Clop ransomware to encrypt the network of organizations previously [...]
Windows 10 KB5018482 update released with nineteen improvements
Despite the release of Windows 11 this early October, there have been updates for Windows 10, still. There are 19 improvements released in the KB5018482 Preview cumulative update for Windows [...]
Apple Releases Patch for Exploited Zero-Day
Apple on Monday disclosed and patched a kernel-level zero-day vulnerability affecting many of its iOS devices. The severity of the flaw is unknown, and the bug was submitted by an [...]
22 Years Old Vulnerability in SQLite Allows Arbitrary Code Execution
The security expert Andreas Kellas detailed a high-severity vulnerability, tracked as CVE-2022-35737 (CVSS score: 7.5), in the SQLite database library, which was introduced in October 2000. The CVE-2022-35737 flaw is an integer [...]
SideWinder APT Using New WarHawk Backdoor to Target Entities in Pakistan
SideWinder, a prolific nation-state actor mainly known for targeting Pakistan military entities, compromised the official website of the National Electric Power Regulatory Authority (NEPRA) to deliver a tailored malware called WarHawk. [...]
Ursnif Malware Moving to Ransomware Operations from Bank Account Theft
Ursnif (a.k.a. Gozi), a former banking trojan, has been repurposed as a generic backdoor. Threat actors could use the new variant to distribute ransomware. Ursnif (a.k.a. Gozi), a former banking trojan, has been repurposed [...]
New Prestige Ransomware Targeting Polish and Ukrainian Organizations
The Prestige ransomware first appeared in the threat landscape on October 11 in attacks occurring within an hour of each other across all victims. A notable feature of this campaign [...]
Venus Ransomware targets publicly exposed Remote Desktop services
The malicious actors behind the relatively new Venus ransomware are hacking publicly exposed Remote Desktop Services to encrypt Windows devices. Venus Ransomware The Venus Ransomware seems to have started operating [...]
New Chinese Cyberespionage Group Targeting IT Service Providers and Telcos
Telecommunications and IT company providers in the Middle East and Asia are currently being specific by a beforehand undocumented Chinese-talking menace team dubbed WIP19. "Throughout this activity, the threat actor [...]
New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems
A beforehand undocumented command-and-manage (C2) framework dubbed Alchimist is most likely currently being used in the wild to focus on Windows, macOS, and Linux devices. The Alchimist C2 can generate [...]
Aruba Released Patches for EdgeConnect’s Critical Vulnerabilities
Aruba addressed multiple critical severity vulnerabilities in the EdgeConnect Enterprise Orchestrator that can be exploited by remote attackers to compromise the vulnerable host. According to the company, a network-based attacker [...]
Critical RCE Vulnerability with Max CVSS Score in VM2 Sandbox Library
A critical vulnerability in vm2 might let a remote attacker bypass the sandbox environment and execute shell commands on the device hosting the sandbox. About the Vulnerability The most widely used Javascript sandbox library is vm2, which receives [...]
Microsoft Patch Tuesday Fixes New Windows Zero-Day; No Patch for Exchange Server Bugs
Microsoft released fixes for a Windows zero-day and a publicly disclosed vulnerability on October Patch Tuesday but security updates for two Exchange Server zero-days discovered last month are still in [...]
Researchers Detail Malicious Tools Used by Cyberespionage Group Earth Aughisky
A brand new piece of analysis has detailed the more and more refined nature of the malware toolset employed by a sophisticated persistent risk (APT) group named Earth Aughisky. Earth Aughisky [...]
Unpatched RCE Vulnerability in Zimbra Actively Exploited
Zimbra-CVE-2022-41352 is an unpatched remote code execution vulnerability in Zimbra Collaboration Suite discovered in the wild due to active exploitation. The vulnerability is due to the method (cpio) in which Zimbra’s antivirus [...]
LilithBot Malware, a new MaaS offered by the Eternity Group
Zscaler researchers linked a recently discovered sample of a new malware called LilithBot to the Eternity group. What is LilithBot Malware? LilithBot, a multipurpose malware sample, was found by ThreatLabz. Further investigation [...]
Hackers Can Use ‘App Mode’ in Chromium Browsers’ for Stealth Phishing Attacks
In what’s a new phishing technique, it has been shown that the Application Mode attribute in Chromium-primarily based web browsers can be abused to generate “real looking desktop phishing applications.” [...]
Details Released for Recently Patched new macOS Archive Utility Vulnerability
Security researchers have shared facts about a now-addressed security flaw in Apple’s macOS functioning technique that could be possibly exploited to run destructive applications in a manner that can bypass [...]
BlackByte ransomware abuses legit driver to disable security products
The BlackByte ransomware gang is using a new technique that researchers are calling “Bring Your Own Driver,” which enables bypassing protections by disabling more than 1,000 drivers used by various [...]
Experts Warn of New RatMilad Android Spyware Targeting Enterprise Devices
A novel Android malware referred to as RatMilad has been observed concentrating on a Middle Jap business cell device by concealing by itself as a VPN and phone selection spoofing [...]
Researchers Link Cheerscrypt Linux-Based Ransomware to Chinese Hackers
The recently learned Linux-Based ransomware pressure acknowledged as Cheerscrypt has been attributed to a Chinese cyber espionage team regarded for working short-lived ransomware techniques. Cybersecurity agency Sygnia attributed the assaults [...]
Microsoft Exchange server zero-day mitigation can be bypassed
Last week, Microsoft confirmed that two zero-day vulnerabilities in Microsoft Exchange recently disclosed by researchers at cybersecurity firm GTSC are being actively exploited in the wild. The first flaw, tracked as CVE-2022-41040, [...]
Hackers Exploiting Dell Driver Vulnerability to Deploy Rootkit on Targeted Computers
The North Korea-backed Lazarus Team has been observed deploying a Windows rootkit by taking gain of an exploit in a Dell firmware driver, highlighting new tactics adopted by the state-sponsored [...]
Threat Actors Impersonate GitHub, Zoom, and Cloudflare to Steal User Information
On September 16, GitHub discovered phishing attacks by hackers impersonating CircleCI. During the attack, users are warned of session expiration and directed to log in again using their GitHub credentials. How GitHub Credentials Stolen [...]
Hacking group hides backdoor malware in Windows logo image
Security researchers have discovered a malicious campaign by the hacking group ‘Witchetty’, which uses steganography to hide backdoor malware in a Windows logo. Witchetty is believed to have close ties [...]
Researchers Warn of New Go-based Malware Targeting Windows and Linux Systems
A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers [...]
Sophisticated Covert Cyberattack Campaign Targets Military Contractors
A cyberattack campaign, potentially bent on cyber espionage, is highlighting the increasingly sophisticated nature of cyberthreats targeting defense contractors in the US and elsewhere. The covert campaign, which researchers at Securonix detected [...]
Threat Actors Utilize PowerPoint Files to Distribute Graphite Malware
Threat actors started utilizing PowerPoint presentations as a code execution method and delivering Graphite malware in targeted attacks. APT28 (Fancy Bear), a threat actor group linked to Russia, has recently been seen [...]
FARGO ransomware targets vulnerable Microsoft SQL servers in new wave of attacks
Microsoft SQL servers are succumbing to FARGO ransomware, security researchers at AhnLab Security Emergency Response Center (ASEC) have warned. Cybersecurity researchers from AhnLab Security say that the newly detected malware [...]
China-linked TA413 group targets Tibetan entities with new backdoor
A China-linked cyberespionage group, tracked as TA413 (aka LuckyCat), is exploiting recently disclosed flaws in Sophos Firewall (CVE-2022-1040) and Microsoft Office (CVE-2022-30190) to deploy a never-before-detected backdoor called LOWZERO in attacks aimed at [...]
BlackCat Ransomware Attackers Spotted Fine-Tuning Their Malware Arsenal
BlackCat Ransomware attackers fine-tuning their malware arsenal in a bid to remain undercover and expand their reach. According to Symantec, “Among some of the more notable developments has been the use of [...]
CISA Urges to Patch ManageEngine Against RCE Vulnerability
The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical Java deserialisation bug affecting multiple Zoho ManageEngine products to its Known Exploited Vulnerabilities (KEV) catalogue and warned that the [...]
Hackers Using Malicious OAuth Apps to Take Over Email Servers
Microsoft on Thursday warned of a consumer-facing attack that made use of rogue OAuth applications on compromised cloud tenants to ultimately seize control of Exchange servers and spread spam. “The [...]
Record DDoS Attack with 25.3 Billion Requests Abused HTTP/2 Multiplexing
Cybersecurity company Imperva has disclosed that it mitigated a dispersed denial-of-company (DDoS) attack with a whole of more than 25.3 billion requests on June 27, 2022. According to reports, the [...]
Europol and Bitdefender Release Free Decryptor for LockerGoga Ransomware
Cybersecurity firm Bitdefender published a new decryptor on Friday for LockerGoga, a strain of ransomware best known for its 2019 attack on Norwegian aluminum giant Norsk Hydro. The new decryptor is a [...]
Microsoft Teams’ GIFShell Attack
The newly published GIFShell attack method, which occurs through Microsoft Teams, is a perfect example of how threat actors can exploit legitimate features and configurations that haven't been correctly set. [...]
Trend Micro Warnes for Actively Exploited RCE Flaw in Apex One
Trend Micro recently released a patch for an actively exploited flaw in its endpoint security platform, Apex One. The security software provider published an advisory to report six vulnerabilities and advised their customers [...]
Hackers Had Access to LastPass’s Development Systems for Four Days
Password management solution LastPass shared more details pertaining to the security incident last month, disclosing that the threat actor had access to its systems for a four-day period in August [...]
North Korean Hackers Spreading Trojanized Versions of PuTTY Client Application
Researchers believe that hackers with links to North Korean government have been pushing the Trojanized Version of PuTTY networking tool in a bid to hack the networks of organizations they [...]
WordPress Sites Compromised Due to FishPig Supply Chain Attack
Threat actors infected FishPig’s distribution server as part of a supply chain attack. The vendor’s service integrates Adobe’s Magento eCommerce platform into WordPress websites. Attackers injected malicious code into FishPig’s software to [...]
Phishing page embeds keylogger to steal passwords as you type
A novel phishing campaign is underway, targeting Greeks with phishing sites that mimic the state's official tax refund platform and steal credentials as they type them. The campaign aims to [...]
Loader Malware Emotet is Now Led by Quantum and BlackCat
Emotet (also known as SpmTools) is a sophisticated, modular banking trojan. Emotetmostly serves as a downloader or dropper of other banking trojans. It is a loader-as-a-service (LaaS). It is mainly distributed by spam emails (malspam). [...]
Microsoft’s Latest Security Update Fixes 64 New Flaws, Including a Zero-Day
Microsoft on Tuesday released fixes to eliminate 64 new security flaws across its software lineup, including a zero-day flaw that has been actively exploited in real-world attacks. Of the 64 [...]
Apple Releases iOS and macOS Updates to Patch Actively Exploited Zero-Day Flaw
Apple iPhone, iPad, and Mac security update fixes actively exploited zero-day vulnerability, which allows hackers to carry out cyberattacks. Apple iPhone, Mac Security Update Fixes Zero-Day Flaw As per the [...]
Cisco Patches High-Severity Vulnerability in SD-WAN vManage
The patches for a high-severity vulnerability in the binding configuration of SD-WAN vManage software containershas been announced by Cisco. The vulnerability tracked as CVE-2022-20696, the issue exists because of insufficientprotection [...]
Lampion Banking Malware Reappears in WeTransfer Phishing Attacks
Lampion malware operators use the free file-sharing platform WeTransfer to perform phishing attacks. This way, attackers can avoid security alerts since they are tricking users into downloading from a trustworthy service. The malware [...]
High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices
A set of six high-severity firmware vulnerabilities impacting a broad range of HP Enterprise devices are still waiting to be patched, although some of them were publicly disclosed since July [...]
Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in ~5 Million Attempts
A zero-day flaw in a WordPress plugin known as BackupBuddy is being actively exploited, WordPress safety firm Wordfence has disclosed. BackupBuddy The BackupBuddy vulnerability impacts versions 8.5.8.0 through 8.7.4.1 and is under attack [...]
North Korean Lazarus hackers take aim at U.S. energy providers
The North Korean state-sponsored crime ring Lazarus Group is behind a new cyberespionage campaign with the goal to steal data and trade secrets from energy providers across the US, Canada [...]
Cisco Released Patches for Vulnerabilities Affecting Several Products
Cisco has released updates to address vulnerabilities affecting multiple products. The vulnerability, identified as CVE-2022-28199 (CVSS 8.6), is due to improper error handling in the network stack of DPDK, which enables a remote attacker to cause [...]
The North Face Warns of Major Credential Stuffing Campaign
Outdoor clothing giant The North Face has notified customers that their account may have been compromised, after noticing unusual activity on its website last month. It detected the credential stuffing attack on [...]
North Korean Hackers Deploying New MagicRAT Malware in Targeted Campaigns
The Lazarus Group, a well-known North Korean nation-state actor, has been connected to the MagicRAT remote access trojan. Lazarus Team, also known as APT38, Dark Seoul, Hidden Cobra, and Zinc, refers [...]
New Stealthy Shikitega Malware Targeting Linux Systems and IoT Devices
A stealthy new form of malware is targeting Linux systems in attacks that can take full control of infected devices – and it is using this access to install crypto-mining [...]
QNAP Fixes Zero-Day Recently Leveraged by DeadBolt Ransomware
The Taiwanese company QNAP cautions customers about DeadBolt ransomware attacks upon exploiting a zero-day vulnerability in Photo Station. QNAP detected the issue on September 3. In its security bulletin, QNAP explains that the ransomware exploits this [...]
New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security
A new Phishing-as-a-Service (PhaaS) named EvilProxy (also known as Moloch) was seen for sale in dark web forums, according to the Resecurity team. What Does EvilProxy Phishing do ? "EvilProxy actors [...]
SharkBot malware found on Google Play Store stealing login info again
The information stealing and banking data-targeting Android malware was found installed with the help of applications masquerading as antivirus or cleaner applications on the official Google Play Store. SharkBot The [...]
Critical RCE Vulnerability in the Atlassian Bitbucket Server and Data Center
A Vulnerability has been discovered in Atlassian Bitbucket Server and Data Center which could allow for remote code execution. Bitbucket is a Git-based source code repository hosting service owned by [...]
Apple Releases iOS Update for Older iPhones to Fix Actively Exploited Vulnerability
Apple has released a new iOS 12 build for customers using the older models of iPhones, iPads and even iPod. The software update comes with a fix for security vulnerability [...]
New Golang-based ‘Agenda Ransomware’ Can Be Customized For Each Victim
Cybersecurity company Trend Micro is raising the alarm on a new ransomware family called Agenda, which has been used in attacks on organizations in Asia and Africa. Agenda Ransomware Agenda targets [...]
Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks
Google on Tuesday announced it's launching a new bug bounty program that focuses specifically on open-source software. The payouts will range from $100 to $31,337 depending on the severity of the [...]
Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers
The danger actor behind the SolarWinds source chain attack has been connected to still a further “extremely specific” publish-exploitation malware that could be utilized to manage persistent accessibility to compromised [...]
Okta Hackers Behind Twilio and Cloudflare Breach Hit Over 130 Organizations
The threat actor behind the attacks on Twilio and Cloudflare earlier this month has been linked to a broader phishing campaign aimed at 136 organizations that resulted in a cumulative [...]
LastPass developer systems hacked to steal source code
Password management firm LastPass was hacked last week, allowing threat actors to steal the company’s source code and proprietary technical information. LastPass Developer It is one of the largest password [...]
Crypto Miners Using Tox P2P Messenger as Command and Control Server
Threat actors have begun to make use of the Tox peer-to-peer on the spot messaging service as a command-and-control methodology, marking a shift from its earlier function as a contact [...]
Hackers Using Fake DDoS Protection Pages to Distribute Malware
Recently security experts from Sucuri, spotted JavaScript injections targeting WordPress sites to display fake DDoS Protection pages which lead victims to download remote access trojan malware. WordPress, DDoS, malware Hacked [...]
GitLab Issues Patch for Critical Flaw in its Community and Enterprise Software
GitLab released patches where they fixed a critical remote code execution vulnerability. It is labeled CVE-2022-2884 with a CVSS score of 9.9. This critical vulnerability in the GitHub Import API can be exploited by [...]
Meet Borat RAT, a New Unique Triple Threat
Atlanta-based mostly cyber risk intelligence corporation, Cyble found out a new Remote Accessibility Trojan (RAT) malware. RAT Malware RAT malware generally aids cybercriminals achieve total command of a victim’s program, [...]
New Grandoreiro Banking Malware Campaign Targeting Spanish Manufacturers
Organizations in the Spanish-speaking nations of Mexico and Spain are in the crosshairs of a new campaign designed to deliver the Grandoreiro banking trojan. Grandoreiro Malware KeyloggingAuto-Updation for newer versions and modulesWeb-Injects and [...]
Apple security updates fix 2 zero-days used to hack iPhones, Macs
Apple has launched emergency safety updates at the moment to repair two zero-day vulnerabilities beforehand exploited by attackers to hack iPhones, iPads, or Macs. Apple has released an emergency security [...]
Windows KB5012170 update causing BitLocker recovery screens, boot issues
Windows users who have installed a new KB5012170 security update for Secure Boot have encountered various issues, ranging from boots failing with BitLocker Recovery prompts to performance issues. During the [...]
Researchers found one-click exploits in Discord and Teams
A group of security researchers found a series of vulnerabilities in the software underlying popular apps like Discord, Microsoft Teams, Slack and many others, which are used by tens of [...]
Chinese Hackers Backdoored MiMi Chat App to Target Windows, Linux, macOS Users
Reports from cybersecurity firms SEKOIA and Trend Micro confirm that a new effort by the Chinese threat actor Lucky Mouse involves using a trojanized version of a cross-platform messaging software to backdoor devices. An [...]
SOVA malware adds ransomware feature to encrypt Android devices
Sova malware adds new features that make it more dangerous to a wider range of Android payment and banking app users. SOVA Malware The Sova Android banking malware first appeared [...]
Palo Alto Networks: New PAN-OS DDoS flaw exploited in attacks
Threat actors are exploiting a vulnerability, tracked as CVE-2022-0028 a high severity issue in Palo Alto Networks devices running the PAN-OS to launch reflected amplification denial-of-service attacks. PAN-OS DDOS flaw The root [...]
Researchers Warn of Ongoing Mass Exploitation of Zimbra RCE Vulnerability
The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two disadvantages of it Catalog of known vulnerabilities in useciting evidence of active exploitation. Two high-severity issues are related to vulnerabilities in [...]
Cisco hacked by Yanluowang ransomware gang, 2.8GB allegedly stolen
Cisco confirmed today that the Yanluowang ransomware group infiltrated its corporate network in late May and that the actor attempted to blackmail them, threatening to leak stolen files online. Yanluowang [...]
Experts Uncover Details on Maui Ransomware Attack by North Korean Hackers
The first-ever incident possibly linked to the ransomware family known as Maui occurred on April 15, 2021, and targeted an unnamed Japanese housing company. Kaspersky’s disclosure comes a month after [...]
Windows 11 KB5016629 update fixes Start Menu, File Explorer issues
Microsoft has released the Windows 11 KB5016629 cumulative update with security updates, improvements, including fixes for File Explorer and the Start Menu and a new Focus Assist feature. What's new [...]
Microsoft: Exchange ‘Extended Protection’ needed to fully patch new bugs
Microsoft says that some of the Exchange Server flaws addressed as part of the August 2022 Patch Tuesday also require admins to manually enable Extended Protection on affected servers to [...]
CISA warns of Windows and UnRAR flaws exploited in the wild
The U.S. Cybersecurity and Infrastructure Security Agency has added two more flaws to its catalog of Known Exploited Vulnerabilities, based on evidence of active exploitation. CVE-2022-34713 and informally referred to [...]
-
New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack GalleryNew IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack
Exploitation, IOC's, Linux Malware, malicious cyber actors, Malware, Mobile Security, Security Advisory, Security Update, Targeted Attacks
New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack
A new IoT botnet malware dubbed RapperBot has been noticed promptly evolving its capabilities because it was 1st discovered in mid-June 2022. RapperBot Malware RapperBot has limited DDoS capabilities, it [...]
New GwisinLocker ransomware encrypts Windows and Linux ESXi servers
A new ransomware family called ‘GwisinLocker’ targets South Korean industrial and pharmaceutical companies. GwisinLocker ransomware ReversingLabs researchers discovered a new ransomware family targeting Linux-based systems. The malware, dubbed GwisinLocker was [...]
Critical RCE vulnerability impacts 29 models of DrayTek routers
Researchers at Trellix have discovered a critical unauthenticated remote code execution (RCE) vulnerability impacting 29 models of the DrayTek Vigor series of business routers. The vulnerability is tracked as CVE-2022-32548 [...]
Russian organizations attacked with new Woody RAT malware
On Wednesday, Hackers attacks Russian organizations with the newly discovered malware, allowing them to take control and steal information from compromised devices remotely. According to Malwarebytes, one of the Russian [...]
VMware Releases Patches for Several New Flaws Affecting Multiple Products
VMware on Tuesday released updates to address 10 security flaws affecting several products that could be used by unauthenticated attackers to perform malicious activities. CVE-2022-31656 to CVE-2022-31665 Issues tracked from [...]
VirusTotal Reveals Most Impersonated Software in Malware Attacks
Threat actors are increasingly mimicking legitimate applications like Skype, Adobe Reader, and VLC Player as a means to abuse trust relationships and increase the likelihood of a successful social engineering [...]
Gootkit Loader Resurfaces with Updated Tactic to Compromise Targeted Computers
The operators of the Gootkit access-as-a-service (AaaS) malware have resurfaced with updated techniques to compromise unsuspecting victims. All about GootKit : The Gootkit Access-as-a-Service (AaaS) malware's operators have reemerged with [...]
North Korean Hackers Using Malicious Browser Extension to Spy on Email Accounts
A group of North Korean hackers is using a rogue Microsoft Edge or Chrome plugin to track or access user email accounts. Cybersecurity firm Volexity attributed the malware to an activity cluster it calls SharpTongue, [...]
Researchers Warns of Increase in Phishing Attacks Using Decentralized IPFS Network
The decentralized file system solution known as IPFS is becoming the new "hotbed" for hosting phishing sites, researchers have warned. What’s with IPFS and why do attackers use it? IPFS [...]
LibreOffice Releases Software Update to Patch 3 New Vulnerabilities
The team behind LibreOffice has released security updates to fix three security flaws in the productivity software, one of which could be exploited to achieve arbitrary code execution on affected [...]
-
Malicious IIS Extensions Gaining Popularity Among Cyber Criminals for Persistent Access Gallery
Malicious IIS Extensions Gaining Popularity Among Cyber Criminals for Persistent Access
Compromised, Internet Security, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update, Tips
Malicious IIS Extensions Gaining Popularity Among Cyber Criminals for Persistent Access
Risk actors are significantly abusing Internet Details Services (IIS) extensions to backdoor servers as a means of establishing a “long lasting persistence mechanism.” Microsoft 365 Defender Research Team released a [...]
Experts Find Similarities Between New LockBit 3.0 and BlackMatter Ransomware
Cybersecurity researchers have reiterated similarities involving the hottest iteration of the LockBit ransomware and BlackMatter, a rebranded variant of the DarkSide ransomware strain that closed store in November 2021. The [...]
Windows 11 now blocks RDP brute-force attacks by default
Recent Windows 11 builds come with the Account Lockout Policy policy enabled by default which will automatically lock user accounts (including Administrator accounts) after 10 failed sign-in attempts for 10 [...]
Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists
An Israeli spyware outfit turned the actively exploited, but now patched, Google Chrome zero-day issue into a weapon that it deployed to assault Middle Eastern journalists. Candiru Spyware The exploitation [...]
Microsoft Resumes Blocking Office VBA Macros by Default After ‘Temporary Pause’
Microsoft announced today that it resumed the rollout of VBA macro auto-blocking in downloaded Office documents after temporarily rolling it back earlier this month following user feedback. Earlier this February, Microsoft [...]
New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems
A never ever-in advance of-observed Linux malware has been dubbed a “Swiss Military Knife” for its modular architecture and its functionality to set up rootkits. Lightning Framework This previously undetected [...]
Atlassian fixes critical Confluence hardcoded credentials flaw
Atlassian has patched a crucial hardcoded credentials vulnerability in Confluence Server and Information Heart that would let distant, unauthenticated attackers log into weak, unpatched servers. One of the flaws – CVE-2022-26136 – [...]
Experts Uncover New CloudMensis Spyware Targeting Apple macOS Users
Cybersecurity researchers have taken the wraps off a earlier undocumented spyware focusing on the Apple macOS working technique. The malware, codename CloudMensis by Slovakian cybersecurity company ESET, is said to exclusively use [...]
Russian Hackers Using DropBox and Google Drive to Drop Malicious Payloads
State-backed hackers part of Russia's Federation Foreign Intelligence Service (SVR) have started using Google Drive legitimate cloud storage service to evade detection. APT29, also tracked beneath the monikers Cozy Bear, [...]
New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals
Researchers , have published a paper that demonstrates how a hacker could extract data from an otherwise secure system via its SATA cable. The attack uses the SATA cable itself [...]
7 Phases of Incident Response
Incident Response :Sensitive data and confidential information are the new gold in the digital age, and cyber criminals are naturally always in pursuit of this goldmine. To streamline the process [...]
Netwrix Auditor Bug Could Lead to Active Directory Domain Compromise
Netwrix IT asset tracker and compliance auditor, used across more than 11,500 organizations, contains a critical Insecure Object Deserialization vulnerability that could lead to Active Directory domain compromise. Netwrix The firm [...]
Juniper Releases Patches for Critical Flaws in Junos OS and Contrail Networking
Juniper Networks this week announced the release of patches for more than 30 vulnerabilities across its portfolio, including severe flaws in Contrail Networking and Junos OS. Two advisories describing a total of [...]
New UEFI firmware flaws impact over 70 Lenovo laptop models
The UEFI firmware used in several laptops made by Lenovo is vulnerable to three buffer overflow vulnerabilities that could enable attackers to hijack the startup routine of Windows installations. Lenovo [...]
Amazon squashes years-old authentication bugs in AWS Kubernetes service
AWS fixed three authentication bugs present in one line of code in its IAM Authenticator for Kubernetes, used by the cloud giant's popular managed Kubernetes service Amazon EKS, that could [...]
ChromeLoader: New Stubborn Malware Campaign
A new browser hijacker/adware campaign named ChromeLoader also known as Choziosi Loader and ChromeBack was discovered. Despite using simple malicious advertisements, the malware became widespread, potentially leaking data from thousands [...]
Microsoft: Windows Autopatch is now generally available
Microsoft on Monday announced the general availability of a feature called Autopatch that automatically keeps Windows and Office software up-to-date on enrolled endpoints. Microsoft Auto Patch Microsoft's new auto patch service It [...]
Checkmate Ransomware Targets QNAP SMB Services
New Checkmate ransomware has been discovered targeting QNAP NAS devices. Although the attacks are still being investigated, it is known that these new ransomware attacks through SMB services are accessible via the internet. QNAP [...]
TrickBot Gang Shifted its Focus on “Systematically” Targeting Ukraine
The operators of the TrickBot malware have resorted to systematically targeting Ukraine since the onset of the war. The group is believed to have orchestrated at minimum 6 phishing strategies [...]
Hive Ransomware Upgraded to Rust to Deliver More Sophisticated Encryption
Researchers from Microsoft Security have spotted an upgraded version of the ransomware-as-a-service (RaaS) dubbed Hive. Hive Ransomware Hive was first detected in June 2021, with the data-encrypting software being offered [...]
Researchers Warn of New OrBit Linux Malware That Hijacks Execution Flow
A new and entirely undetected Linux threat dubbed Orbit, signally a growing trend of malware attacks towards operating system. Orbit Malware The malware gets its name from one of the [...]
AsyncRAT being distributed to vulnerable MYSQL servers
The ShadowServer foundation has recently released a report showing that there are about 3.6 million MySQL servers exposed to outside. Along with MS-SQL server, MySQL server is one of the [...]
Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms
Researchers have uncovered a software supply-chain attack involving packages hosted on the Node Package Manager (npm), which is the package manager for the Node.js JavaScript platform. The campaign leveraged malicious [...]
Gitlab patches critical RCE bug in latest security release
Gitlab has patched a critical vulnerability that could allow an attacker to execute code remotely. The security issue, which has been rated as critical, has been discovered in all versions of GitLab, [...]
Microsoft: Raspberry Robin worm already infected hundreds of networks
Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malicious code uses Windows Installer to reach out to QNAP-associated [...]
Jenkins discloses dozens of zero-day bugs in multiple plugins
The Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open-source automation server. 29 of these bugs are zero-days still waiting to be patched. It is a [...]
AstraLocker 2.0 infects users directly from Word attachments
AstraLocker 2.0 is a ransomware variant belonging to the Babuk family. It recently released its second major release, and according to threat analysts, its operators are involved in rapid attacks that drop [...]
evilnum hackers return in new operation targeting migration orgs
The Evilnum hacking group have been targeting European organisations that are involved in international migration, showing renewed signs of malicious activity within the group. Campaign Details Zscaler’s analysts have discovered [...]
New ZuoRAT malware targets SOHO routers in North America, Europe
A multistage remote access trojan (RAT) named ZuoRAT has been targeting remote workers with the help of small office/ home office (SOHO) routers across North America and Europe since 2020. [...]
Android Malware Called ‘Revive’ Poses as 2FA App For Spain’s BBVA Bank
The 2FA application necessary to access BBVA bank accounts in Spain is impersonated by a new Android banking malware called Revive. Instead of aiming to infect consumers of various financial [...]
Microsoft Exchange bug abused to hack building automation systems
A Chinese-speaking threat actor has hacked into the building automation systems (used to control HVAC, fire, and security functions) of several Asian organizations to backdoor their networks and gain access [...]
Critical Security Flaws Identified in CODESYS ICS Automation Software
CODESYS has launched patches to handle as many as 11 safety flaws that, if efficiently exploited, may end in info disclosure and a denial-of-service (DoS) situation, amongst others. The vulnerability [...]
Attackers exploited a zero-day in Mitel VOIP devices to compromise a network
CrowdStrike researchers recently investigated the compromise of a Mitel VOIP appliance as an entry point in a ransomware attack against the network of an organization. Mitel VOIP Mitel VOIP devices [...]
Dark Web Profile: Netwalker Ransomware
Many ransomware gangs have attempted and failed to quake the cybersecurity landscape. But some have broken through and even rearranged it with their obfuscatory cyberattack methods. Netwalker ransomware is an example of such a [...]
Malicious Windows ‘LNK’ attacks made easy with new Quantum builder
Malware researchers have noticed a new tool that helps cybercriminals build malicious. LNK files to deliver payloads for the initial stages of an attack. Some of the prevalent malware families [...]
Chinese language hackers use ransomware as decoy for cyber espionage
Two Chinese language hacking teams conducting cyber espionage and stealing mental property from Japanese and western firms are deploying ransomware as a decoy. The use of ransomware in espionage operations [...]
Google patched 14 vulnerabilities with release of chrome 103
Google announced the release of Chrome 103 to the stable channel with patches for a total of 14 vulnerabilities, including nine reported by external researchers. CVE-2022-2156, which is described as [...]
Chinese hackers target script kiddies with info-stealer trojan
Cybersecurity researchers have discovered a new campaign attributed to the chinese "Tropic Trooper" hacking group. Tropic Trooper was previously observed targeting Philippines, Hong Kong and Taiwan; while the two latest [...]
Russian govt hackers hit Ukraine with Cobalt Strike, CredoMap malware
The Ukrainian CERT is warning that russian hacking groups are exploiting the Follina code execution vulnerability in new phishing campaigns to install the CredoMap malware and Cobalt Strike beacons. This [...]
VMware Spring Cloud Function Dos Vulnerability
In Vmware Spring Cloud Function versions 3.2.5 and older unsupported versions, it is possible for a user who directly interacts with framework provided lookup functionality to cause denial of service [...]
New ToddyCat APT group targets Exchange servers in Asia, Europe
A complicated persistent menace (APT) group dubbed ToddyCat has been focusing on Microsoft Trade servers all through Asia and Europe for greater than a year. Whereas monitoring the group’s exercise, [...]
BRATA Malware Becomes an Advanced Threat
The malicious attacker driving the BRATA banking trojan has upgraded its techniques and added information-stealing features to the malware. Cleafy, an Italian mobile security firm, has followed BRATA activity and [...]
730K WordPress Sites Force-Updated To Patch Critical Plugin Bug
WordPress sites using Ninja Forms, a forms builder plugin with more than 1 million installations, have been force-updated this week to a new build that addresses a critical security vulnerability. The [...]
High-Severity RCE Vulnerability Reported in Popular Fastjson Library
Cybersecurity researchers have detailed a recently patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution. Tracked as CVE-2022-25845 -The package com.alibaba:fastjson before [...]
Ransomware Gang Creates Site for Victims to Search for Their Stolen Data
The ALPHV ransomware gang, also known as BlackCat has created a dedicated website that allows the customers and employees of their victims to check if their data was stolen in [...]
Hackers exploit three-year-old Telerik flaws to deploy cobalt strike
The "Blue Mockingbird" group has targeted Telerik UI vulnerabilities to compromise servers. The threat actor installed the Cobalt Strike beacon and mined Monero. The flaw leveraged by the attacker is CVE-2019-18935, a critical severity that [...]
New Hertzbleed side-channel attack affects Intel,AMD CPUs
A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling(DVFS). This is [...]
Citrix Releases Security Updates for Application Delivery Management
Citrix has released security updates to address vulnerabilities in application delivery management. An attacker could exploit these vulnerabilities to take control of an affected system. Corruption of the system by [...]
New Zimbra Email Vulnerability Could Let Attackers Steal Your Login Credentials
Zimbra is an enterprise-level email solution, similar to Microsoft Exchange. It comes with mail servers, load balancing features, a powerful web interface, and more. Tracked as CVE-2022-27924 (CVSS score: 7.5), [...]
Hello XD ransomware now drops a backdoor while encrypting
Cybersecurity researchers report increased activity of the Hello XD ransomware, whose operators are now deploying an stronger encryption .Instead, it prefers to direct the impacted victim to negotiations through TOX [...]
Emotet Malware is Now Harvesting Credit Card Information from Google Chrome Browser
Google Chrome has been infected with a new type of malware known as Emotet, which steal users' confidential credit card information. Proofpoint security researchers have found that the botnet is now [...]
New Vytal Chrome extension hides location info that your VPN can’t
A new Google Chrome browser extension called Vytal prevents webpages from using programming APIs to find your geographic location leaked, even when using a VPN. Many people use VPNs to [...]
Newest Symbiote Malware Affects All Running Processes on Linux Systems
A newly discovered Linux malware known as Symbiote infects all running processes on compromised systems, steals account credentials, and gives its operators backdoor access. The main objective of this malware [...]
10 ways attackers gain access to networks
A joint multi-national cybersecurity advisory has revealed the top ten attackers vectors most exploited by cybercriminals in order to gain access to organisation networks, as well as the techniques they use to [...]
Cuba ransomware returns to extorting victims with updated encryptor
A new binary sampled by Trend Micro included minor additions and changes that make the malware more dangerous. More importantly, though, it shows that the operation is still alive and [...]
This WhatsApp Call Forwarding Trick Allows Hackers To Hijack Your Account
As we all know each WhatsApp account is tied to a phone number, and hackers are calling these phone numbers directly and employing social engineering techniques to trick victims into [...]
Qbot malware now uses windows MSDT Zer0-Day in phishing attacks
In phishing assaults, the Qbot malware now uses the Windows MSDT zero-day. A serious Windows zero-day vulnerability known as Follina is currently being actively exploited in continuing phishing campaigns to [...]
DeadBolt Ransomware Locks Out Vendors With Multitiered Extortion Scheme
The number of DeadBolt-infected devices is considerably high for a ransomware family that is exclusively targeting NAS devices.The goal of DeadBolt actors is to infect as many victims as possible [...]
LuoYu APT delivers WinDealer malware via man-on-the-side attacks
LuoYu, a Chinese-speaking hacking group, is infecting victims with the WinDealer information stealer that installs backdoors to maintain persistence. The stealer performs man-on-the-side attacks. WinDealer A malicious Windows tool named [...]
Unpatched Atlassian Confluence vulnerability is actively exploited
Researchers found a vulnerability in Atlassian Confluence by conducting an incident response investigation. Atlassian rates the severity level of this vulnerability as critical. Atlassian has issued a security advisory and is working on [...]
Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control
The CISA is releasing this CSA to warn organizations that malicious cyber actors, likely APT actors, are exploiting VMware vulnerabilities CVE-2022-22954 and CVE-2022-22960 separately. These vulnerabilities affect certain VMware versions [...]
Analysis of the Massive NDSW/NDSX Malware Campaign
The "Parrot TDS" campaign involving more than 16,500 infected websites. such massive infections don't go unnoticed by Sucuri and immediately recognized that the infection in their writeup belonged to the [...]
-
Microsoft Security: Exposing POLONIUM activity and infrastructure targeting Israeli organizations GalleryMicrosoft Security: Exposing POLONIUM activity and infrastructure targeting Israeli organizations
Internet Security, Microsoft, POLONIUM activity, Security Advisory, Security Update, Targeted Attacks
Microsoft Security: Exposing POLONIUM activity and infrastructure targeting Israeli organizations
Microsoft successfully detected and disabled attack activity abusing OneDrive by a previously undocumented Lebanon-based activity group Microsoft Threat Intelligence Center (MSTIC) tracks as POLONIUM . The associated indicators and tactics [...]
Conti ransomware targeted Intel firmware for stealthy attacks
Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks. The ME is an embedded [...]
VMware and F5 BIG-IP flaws are being exploited by EnemyBot
EnemyBot, a botnet derived from many pieces of malware codes, extends its overall reach by rapidly incorporating exploits for previously detected severe vulnerabilities in web servers, content management systems, IoT, [...]
XLoader botnet now uses probability theory to hide its servers
Threat analysts have spotted a new version of the XLoader botnet malware that uses probability theory to hide its command and control servers, making it difficult to disrupt the malware’s [...]
New Microsoft Office Zero-Day Exploit in the Wild
Security researchers recently discovered a new Microsoft Office zero-day flaw(Follina) exploited in PowerShell remote code execution attacks. The new vulnerability, tracked as CVE-2022-30190, would let hackers execute malicious PowerShell commands through [...]
