AI Agents Exploit Zero-Day Vulnerabilities with 53% Success
In a groundbreaking development, researchers at the University of Illinois Urbana-Champaign have demonstrated that teams of AI agents, powered by large language models (LLMs), can successfully exploit...
View ArticleCommand Injection Vulnerability Discovered in PHP: CVE-2024-5585
A high-severity vulnerability (CVE-2024-5585) has been identified in multiple versions of PHP, the widely used server-side scripting language. This flaw, rated 7.7 on the CVSS scale, allows attackers...
View ArticlePHP Vulnerability (CVE-2024-4577) Actively Exploited in TellYouThePass...
The cybersecurity world is on high alert following the discovery of a critical vulnerability (CVE-2024-4577) in PHP, a widely-used scripting language for web development. This vulnerability is...
View ArticleVeeam Patches Critical Security Flaw in Recovery Orchestrator (CVE-2024-29855)
Veeam, a prominent backup and disaster recovery solutions provider, has recently addressed a critical vulnerability (CVE-2024-29855) within its Recovery Orchestrator (VRO) software. This vulnerability,...
View ArticleSchneider Electric Issues Urgent Patches for SAGE RTU Vulnerabilities
Schneider Electric, a global specialist in energy management and automation, has released a critical security patch to address multiple vulnerabilities in its SAGE Remote Terminal Unit (RTU) devices....
View ArticleCritical Security Flaws Discovered in Popular PHP Package Manager
Composer, the widely-used PHP dependency manager, has issued urgent security updates to address two critical vulnerabilities that could allow attackers to execute malicious code on affected systems....
View ArticleNoodle RAT Exposed: A New Backdoor Threat Linked to Chinese-Speaking Groups
Cybersecurity researchers at Trend Micro have unveiled a previously undocumented backdoor malware dubbed “Noodle RAT,” believed to be utilized by Chinese-speaking groups in espionage and cybercrime...
View ArticleUrgent Security Alert: SuiteCRM Users Urged to Patch Multiple Critical...
SuiteCRM, a widely adopted open-source Customer Relationship Management (CRM) platform, has released urgent security patches to address multiple critical vulnerabilities that could expose sensitive...
View ArticleVLC Media Player Patches Two Vulnerabilities: Users Urged to Update Immediately
Videolan, the organization behind the popular VLC media player, has released urgent security updates to address two critical vulnerabilities that could expose users to serious risks. The flaws,...
View ArticleCVE-2024-27801: Critical Vulnerability Discovered in Apple Ecosystem, PoC...
A security researcher has published a proof-of-concept (PoC) exploit code for a CVE-2024-27801 vulnerability affecting multiple Apple platforms, including macOS Sonoma, iOS/iPadOS, and visionOS. This...
View ArticleCVE-2024-26169: Windows Zero-Day Vulnerability Abused by Black Basta Ransomware
In a recent investigation, Symantec’s Threat Hunter Team has identified evidence suggesting that the Black Basta ransomware group may have exploited a previously unknown vulnerability (CVE-2024-26169)...
View ArticleBondnet Threat Actor Still Active, Using Bots as C2 Servers
AhnLab Security Emergency response Center (ASEC) has published a report detailing a significant shift in the tactics employed by the Bondnet threat actor. Traditionally associated with cryptocurrency...
View ArticleAdobe Patches Critical Flaws in Multiple Products, Urging Users to Update
Adobe has released crucial security updates to address multiple critical vulnerabilities across several of its widely-used software products. The patches address flaws that could potentially lead to...
View ArticleSmishing Triad Targets Pakistan with Large-Scale Banking Scam
Cybersecurity firm Resecurity has disclosed a sophisticated smishing campaign targeting customers of major Pakistani mobile carriers. The threat actor group, dubbed “Smishing Triad,” is leveraging...
View ArticleCVE-2024-35213: Critical Vulnerability Discovered in BlackBerry QNX SDP
BlackBerry has issued a critical security advisory for its QNX Software Development Platform (SDP), urging users to promptly patch a severe vulnerability in the SGI Image Codec. This flaw, identified...
View ArticleBeware the Windows Search Scam: Clever Phishing Campaign Exploits User Trust
A new, sophisticated malware campaign is targeting Windows users, leveraging the operating system’s built-in search functionality to deceive and potentially infect victims. This attack, dubbed “Search...
View ArticleCVE-2024-37051: Critical JetBrains Flaw Exposes GitHub Tokens in IntelliJ...
A security researcher has published details and proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-37051) that impacts users of its IntelliJ integrated development environment...
View ArticleCVE-2024-32896: Google Patches Actively Exploited Zero-Day Vulnerability in...
Google has released a critical security update for Pixel devices, addressing a zero-day vulnerability (CVE-2024-32896) that has been actively exploited in the wild. The flaw, classified as a...
View ArticleBrazil’s Cybersecurity Landscape: A Fusion of Global and Local Threats
In a new and comprehensive report, Google’s Threat Analysis Group (TAG) and Mandiant’s frontline intelligence team have detailed the unique and intricate cyber threat landscape facing Brazil. This...
View ArticleJava-Based STR RAT Returns: Keylogging and Credential Theft on the Rise
A recent analysis by security researcher Jacob Malimban at Cofense has revealed a resurgence in activity from the STR RAT malware, a Java-based Remote Access Trojan (RAT) known for its credential theft...
View Article