Jenkins Script Console used for cryptocurrency mining attacks by hackers
Researchers discovered that attackers can exploit improperly configured Jenkins Script Console for criminal activities like cryptocurrency mining. "Misconfigurations, such as weak authentication settings, expose the '/script' endpoint," noted Trend Micro's [...]
Ghostscript Rendering Platform Flaw Enables Remote Code Execution
A critical vulnerability, CVE-2024-29510, has been discovered in the Ghostscript rendering platform. This format string flaw affects versions up to 10.03.0, allowing attackers to bypass the -dSAFER sandbox and execute [...]
Info-Stealing Malware Posing as Accessibility Tools and Chrome Extensions
The first half of 2024 has witnessed a notable surge in info-stealing malware masquerading as AI tools and Chrome extensions. This trend underscores cybercriminals' growing sophistication and adaptability, leveraging emerging [...]
Orcinius Trojan Targets Users Through Dropbox & Google Docs
A new multi-stage trojan, "Orcinius," exploits Dropbox and Google Docs. It starts with an Excel spreadsheet containing a 'VBA stomping' macro. When executed, this macro hooks into Windows, enabling the [...]
ScreenConnect Remote Access Client Exploited by Hackers to Deploy AsyncRAT
eSentire’s Threat Response Unit (TRU) has uncovered a sophisticated campaign in which threat actors exploit the ScreenConnect remote access client to deliver the AsyncRAT trojan, revealing the evolving tactics of [...]
Get Social