PrestaShop Sites Under Attack via Facebook Module Vulnerability (CVE-2024-36680)
A critical vulnerability in a popular PrestaShop module, “Facebook” (pkfacebook) by Promokit.eu, has been discovered and is being actively exploited by cybercriminals to deploy web skimmers and steal...
View ArticleCVE-2024-28397: js2py Vulnerability Exposes Millions of Python Users to RCE
A critical vulnerability in js2py, a widely-used Python library with over 1 million monthly downloads, has left countless web scrapers and applications exposed to remote code execution (RCE) attacks....
View ArticleOver 30,000 WooCommerce Sites Exposed by Critical Plugin Flaw (CVE-2024-6027)
Over 30,000 WooCommerce-powered online stores may be at risk of a serious data breach due to a critical security flaw in the popular “Themify – WooCommerce Product Filter” plugin. The vulnerability,...
View ArticleANY.RUN Confirms Security Incident Involving Employee Email Compromise
ANY.RUN, a popular malware analysis service, has reported a recent security incident involving a phishing attack that compromised one of its customer accounts. The breach has prompted a swift...
View ArticleSneakyChef Espionage Campaign Targets Governments Across the Globe
A newly identified espionage group dubbed “SneakyChef” has been targeting government agencies in Europe, the Middle East, Asia, and Africa, according to Cisco Talos. The threat actor employs a variety...
View ArticleESET Issues Security Patch for Privilege Escalation Flaw in Windows Products
ESET, a leading cybersecurity provider, has addressed a high-severity vulnerability in its range of Windows security products. The flaw, designated CVE-2024-2003 (CVSS 7.3) and discovered by the Zero...
View ArticleAdsExhaust: New Adware Masquerading as Oculus Installer Wreaks Havoc
In a recent report, the eSentire Threat Response Unit (TRU) has uncovered a sophisticated adware strain dubbed AdsExhaust, cunningly disguised as the Oculus installer application. Discovered in June...
View ArticleRansomHub: A New Ransomware-as-a-Service Threatens Multiple Operating Systems
A new ransomware-as-a-service (RaaS) called RansomHub has emerged, targeting Windows, Linux, and ESXi operating systems. This multi-OS capability makes it a significant threat to a wide range of...
View ArticleCVE-2024-5756 (CVSS 9.8): Critical Icegram Express Flaw Puts 90,000 WordPress...
A critical vulnerability in Icegram Express, a popular email marketing plugin for WordPress with over 90,000 active installations, could put sensitive user data at risk. Tracked as CVE-2024-5756 (CVSS...
View ArticleRafel RAT Malware: A Growing Cybersecurity Threat to Android Devices
Check Point Research has released a comprehensive report detailing the alarming rise of Rafel RAT, an open-source Android malware that has been weaponized by a diverse range of threat actors, from...
View ArticleZyxel NAS Devices Under Attack: CVE-2024-29973 Exploitation Attempts by...
Shadowserver, a leading threat monitoring platform, has raised a red flag regarding the active exploitation of a critical vulnerability in Zyxel NAS devices. The flaw, tracked as CVE-2024-29973 (CVSS...
View ArticleGrimResource: A New Cybersecurity Threat Exploiting Microsoft Management Console
Elastic Security Labs has recently uncovered a novel cyberattack technique dubbed “GrimResource,” which leverages specially crafted MSC files to gain unauthorized code execution within Microsoft...
View ArticleCVE-2024-27815: Apple XNU Kernel Vulnerability Uncovered, PoC Code Released
A security researcher has published details and proof-of-concept (PoC) code for a CVE-2024-27815 vulnerability in the XNU kernel that could be exploited to execute arbitrary code with kernel...
View ArticleChinese State-Sponsored Group RedJuliett Escalates Cyber Espionage Against...
In a concerning development, cybersecurity researchers at Insikt Group have revealed a widespread cyber espionage campaign orchestrated by a Chinese state-sponsored group known as RedJuliett. This...
View ArticleBludit CMS Faces Critical Security Vulnerabilities: RCE and More, No Patch...
Recently, cybersecurity researcher Andreas Pfefferle at Redguard has unearthed five critical security vulnerabilities in Bludit, a popular open-source flat-file content management system (CMS) used by...
View ArticleCVE-2024-29868 in Popular IoT Toolbox StreamPipes Opens Door to Account...
A serious security vulnerability in StreamPipes, a widely-used Industrial Internet of Things (IIoT) data processing platform, has left potentially thousands of users at risk of account hijacking. The...
View ArticleNew North Korean Backdoor ‘Niki’ Targets Aerospace and Defense Sectors
Cybersecurity firm CyberArmor has unveiled a new wave of cyberattacks attributed to North Korean state-sponsored hackers, revealing a sophisticated campaign targeting the aerospace and defense sectors....
View ArticleWyze Cam v3 Urgent Update: Critical Vulnerability Grants Hackers Full Control
Wyze, a popular smart home security company, has issued an urgent firmware update for its Wyze Cam v3 after the discovery of multiple critical vulnerabilities that could allow attackers to take...
View ArticleBreaking News: Widespread WordPress Plugin Compromise in Active Supply Chain...
WordPress, the world’s most popular content management system, is facing a significant security threat in the form of a widespread supply chain attack. Five popular plugins available on the official...
View ArticleResearcher Unveils PoC for Windows Bluetooth Service RCE Vulnerability
Recently, security researcher Miloš published the technical details and proof-of-concept (PoC) exploit code for a high severity vulnerability in the Bluetooth Low Energy library in Windows, designated...
View Article