CVE-2024-37079, CVE-2024-37080: Critical VMware vCenter Server...
In a security advisory released today, Broadcom revealed multiple critical vulnerabilities in VMware vCenter Server, the widely used virtualization management platform. The flaws, identified as...
View ArticleTails 6.4 releases: privacy-focused operating system based on Debian Linux
Tails OS, also known as “The Amnesic Incognito Live System,” is a privacy-focused operating system based on Debian Linux. It is designed to protect your online privacy and anonymity by routing all your...
View ArticleMalvertising Campaign Uses Fake Installers to Spread Oyster Backdoor
Rapid7, a cybersecurity firm, has uncovered a recent malvertising campaign using fake software installers to distribute the Oyster backdoor, also known as Broomstick. This sophisticated malware targets...
View Article2FA Bypass and More: Inside ONNX Store, the Phishing Threat to Your Finances
EclecticIQ analysts have recently discovered a sophisticated phishing-as-a-service (PhaaS) platform called ONNX Store, targeting financial institutions worldwide. This platform, believed to be a...
View ArticleQR Code Phishing Attacks Escalate: Sophisticated Campaign Targets Chinese...
A new wave of cybercrime is sweeping across China, exploiting the convenience and widespread use of QR codes. A comprehensive report by Cyble Research and Intelligence Labs (CRIL) has revealed a...
View ArticleCVE-2024-5671 (CVSS 9.8) Exposes Trellix Intrusion Prevention System to...
Trellix, a prominent cybersecurity provider, has issued urgent patches for two critical vulnerabilities discovered in its Intrusion Prevention System (IPS). The flaws, tracked as CVE-2024-5671 and...
View ArticleNew Undetected Diamorphine Rootkit Targets Linux Systems
Cybersecurity researchers at Avast have unearthed a new and previously undetected variant of the Diamorphine Linux kernel rootkit, a sophisticated piece of malware known for its ability to conceal...
View ArticleCVE-2023-32191 (CVSS 10) in Rancher Kubernetes Engine Exposes Sensitive...
A critical vulnerability has been discovered in the Rancher Kubernetes Engine (RKE), a widely used Kubernetes distribution that simplifies the installation and operation of Kubernetes. This...
View ArticleFickle Stealer: A Rust-Based Stealer with Evolving Attack Chains and Flexible...
FortiGuard Labs’ recent report on Fickle Stealer reveals a sophisticated and adaptable cyber threat that warrants closer examination. The malware, crafted in the Rust programming language, showcases a...
View ArticleAWS Under Siege: Attackers Target Vaults, Buckets, and Secrets in Widespread...
DataDog Security Labs has uncovered a concerning campaign targeting Amazon Web Services (AWS) environments, revealing a new wave of malicious activity aimed at compromising valuable cloud resources....
View ArticleChina-Linked UNC3886: Mandiant Reveals Extensive Espionage TTPs
Cybersecurity firm Mandiant has unveiled a comprehensive report detailing the extensive cyber espionage campaign of UNC3886, a suspected Chinese state-sponsored threat actor. The report exposes the...
View ArticleGreyNoise Warns of Active Exploitation Attempts Targeting SolarWinds Serv-U...
On June 5, 2024, SolarWinds issued a critical advisory regarding a newly discovered path-traversal vulnerability in Serv-U, identified as CVE-2024-28995. The vulnerability, found by Hussein Daher,...
View ArticleFortra Warns: Hard-Coded Password Vulnerability in FileCatalyst – CVE-2024-5275
Fortra, the developer of the popular FileCatalyst file transfer solutions, has issued a critical security advisory warning users of a high-severity vulnerability (CVE-2024-5275) in both FileCatalyst...
View ArticleChinese Cyberspies Breach Asian Telecoms in Long-Running Espionage Campaign
Symantec’s Threat Hunter Team has uncovered a long-running and highly sophisticated cyber espionage campaign targeting numerous telecommunications operators in a specific Asian country. The...
View ArticleNobelium Continues to Strike High-Profile Targets
The French National Cybersecurity Agency (ANSSI) has issued a warning about the continued activity of the Nobelium intrusion set, also known as Midnight Blizzard. This group, believed to be linked to...
View ArticleSocGholish Malware: The Silent Threat Lurking in Fake Browser Updates
SocGholish, a sophisticated JavaScript malware framework, has been a persistent threat since its emergence in 2017. Designed to deceive users into downloading and executing malicious files under the...
View ArticlePoC Published for Critical Nvidia Triton Inference Server Vulnerabilities
Cybersecurity researcher Zhiniang Peng published the technical details and proof-of-concept for two serious vulnerabilities in NVIDIA’s widely used Triton Inference Server, potentially exposing...
View ArticleZergeca Botnet Exposed: Advanced Capabilities Beyond DDoS
Cybersecurity researchers at XLab have uncovered a sophisticated new botnet dubbed “Zergeca.” Discovered in May 2024, this Golang-based threat exhibits advanced features beyond typical DDoS...
View ArticleGhostscript Patches Multiple Vulnerabilities, Potential for Arbitrary Code...
Ghostscript, a widely-used open-source software for rendering and converting PostScript and PDF files, has released a critical security update, version 10.03.1. The update addresses five...
View ArticleCosmicSting (CVE-2024-34102): A Critical E-Commerce Vulnerability Threatening...
A newly discovered vulnerability dubbed “CosmicSting” (CVE-2024-34102) has sent shockwaves through the e-commerce world, potentially jeopardizing millions of online stores built on Adobe Commerce and...
View Article