BadSpace Backdoor: New Malware Threat Infecting High-Ranking Websites
In a recent discovery, cybersecurity researchers have unveiled a sophisticated new backdoor, dubbed “BadSpace,” that poses a significant threat to internet users. First brought to the community’s...
View ArticleNorth Korean Hackers Exploit Old Office Flaw to Deploy Keylogger
AhnLab Security Emergency response Center (ASEC) has disclosed a new cyberespionage campaign attributed to the North Korean state-sponsored group Kimsuky. The group is exploiting a known vulnerability...
View ArticleNew Phishing Technique Exploits Progressive Web Apps for Credible Attacks
A new phishing technique exploiting Progressive Web Apps (PWAs) has been brought to light by cybersecurity researcher Mr.d0x, highlighting a potential vulnerability in this increasingly popular web...
View ArticleAMD Processors Vulnerable to Serious SPI Lock Bypass Flaw (CVE-2022-23829)
A high-severity vulnerability, identified as CVE-2022-23829 (CVSS 8.2), has been discovered in various AMD processors, potentially impacting millions of devices worldwide. The flaw allows malicious...
View ArticleScam Alert: Fake Olympic Ticketing Websites Target Sports Fans
Cybersecurity firm Proofpoint has uncovered a widespread scam targeting eager Olympic fans. Hundreds of fraudulent websites have been identified, falsely claiming to sell tickets to the Paris 2024...
View ArticleCVE-2024-26229: Windows Elevation of Privilege Flaw Weaponized, PoC Exploit...
Security researchers are raising the alarm as proof-of-concept (PoC) exploit code targeting a recently patched high-severity vulnerability (CVE-2024-26229) in Microsoft Windows has surfaced on GitHub....
View ArticleASUS Issues Critical Security Update for Router Vulnerability CVE-2024-3080...
ASUS has released an urgent firmware update to address a critical security vulnerability affecting seven of its router models. The flaw, tracked as CVE-2024-3080 with a CVSS v3.1 score of 9.8, allows...
View ArticleNew Cryptojacking Campaign Targets Exposed Docker APIs
Datadog Security Labs has published a comprehensive analysis of a new cryptojacking campaign that specifically targets publicly exposed Docker Engine hosts. This campaign, suspected to be an evolution...
View ArticleSolarMarker Impersonates Indeed to Spread Malware
Recently, eSentire’s Threat Response Unit (TRU) has uncovered a new campaign by the SolarMarker threat group, which involves the impersonation of the global employment website Indeed. This latest...
View ArticleCVE-2024-3105 (CVSS 9.9) in Woody Code Snippets Plugin Threatens 70,000+...
A critical security vulnerability has been discovered in the Woody Code Snippets plugin for WordPress, a popular tool used by over 70,000 websites to create and manage code snippets. The flaw,...
View ArticleNew Cybercrime Wave: UNC3944 Exploits SaaS Vulnerabilities
Mandiant, a renowned cybersecurity firm, has issued a warning about the evolving tactics of the financially motivated threat group UNC3944. This group, previously associated with ransomware attacks,...
View ArticleLinux Malware DISGOMOJI Targets Indian Officials
Cybersecurity firm Volexity has revealed a new cyber-espionage campaign targeting Indian government entities, employing a custom-built malware dubbed DISGOMOJI. This Linux-based malware, a modified...
View ArticleCritical Security Vulnerability CVE-2024-3912 (CVSS 9.8) Hits ASUS Routers
Taiwan’s CERT has issued a critical security alert regarding a severe vulnerability (CVE-2024-3912) found in multiple ASUS router models. The flaw, discovered by security researcher Carlos Köpke,...
View ArticleD-Link Routers Exposed: Critical Backdoor Vulnerability Discovered...
Taiwan’s CERT (Computer Emergency Response Team) has issued a critical security advisory regarding a high-severity vulnerability (CVE-2024-6045) affecting numerous models of D-Link wireless routers....
View ArticleTA571 and ClearFake Use Social Engineering to Deliver PowerShell Malware
Proofpoint researchers have discovered a sophisticated social engineering technique that leverages clipboard manipulation to deliver malware through PowerShell scripts. This new method has been...
View ArticlePandora FMS Reveals High-Risk Security Flaws Affecting 50,000+ Installations
Pandora FMS, the renowned open-source monitoring application with over 50,000 installations globally, has issued a critical security advisory highlighting multiple vulnerabilities in versions 700...
View ArticleOperation Celestial Force: A Persistent Multi-Component Threat Targeting...
Cisco Talos, the threat intelligence division of Cisco Systems, has published a comprehensive report detailing a long-running cyber espionage campaign dubbed “Operation Celestial Force.” This...
View ArticleXenForo Issues Urgent Security Patch to Thwart Remote Code Execution Threat
Popular forum software platform, XenForo, has released an urgent security patch to address a critical vulnerability that could leave websites open to remote code execution and cross-site scripting...
View ArticleCVE-2024-6047 (CVSS 9.8): Urgent Security Risk for GeoVision Users
Taiwan’s CERT has issued a critical security warning regarding a severe vulnerability (CVE-2024-6047) affecting various end-of-life (EOL) GeoVision devices, including IP cameras, video servers, and...
View ArticleCVE-2024-37902 (CVSS 10): Critical Flaw in Deep Java Library Opens Door to...
A critical vulnerability (CVE-2024-37902) has been discovered in the Deep Java Library (DJL), a widely-used open-source framework for deep learning projects. The flaw allows attackers to overwrite...
View Article