StrelaStealer Malware Intensifies Attacks on European Email Users, Avoiding...
A renewed wave of cyberattacks orchestrated by the StrelaStealer malware is raising concerns across Europe, with a particular focus on compromising email credentials from popular platforms like Outlook...
View ArticleBeware of Word: Remcos RAT Lurks in Malicious Documents
A new and sophisticated cyber attack campaign has surfaced, leveraging a weaponized Microsoft Word document to deliver the notorious Remcos Remote Access Trojan (RAT). This insidious malware grants...
View ArticleSEOPress Plugin Alert: CVE-2024-5488 Flaw Exposes 300K Sites
A critical vulnerability tracked as CVE-2024-5488 has been discovered in SEOPress, a popular WordPress plugin with over 300,000 active installations. This flaw enables unauthorized users to bypass...
View ArticleCVE-2024-5805: Critical SFTP Authentication Bypass Vulnerability in MOVEit...
A critical vulnerability (CVE-2024-5805) has been identified in the MOVEit Gateway software, exposing organizations to the risk of unauthorized access via SFTP. Progress Software, the developer of...
View ArticleCybercriminals Target Singaporeans: Digital IDs Flood Dark Web
Singapore’s digital landscape is facing a mounting threat as cybercriminals exploit stolen digital identities of its citizens on the Dark Web, according to a recent report by cybersecurity firm...
View ArticleCVE-2024-5806: MOVEit Transfer Vulnerability Under Active Exploit, PoC Published
A critical vulnerability (CVE-2024-5806) in the widely used MOVEit Transfer file transfer software has been disclosed and is already under active exploitation. Progress Software, the developer of...
View ArticlePoC Exploit Published for Windows Kernel Elevation of Privilege Vulnerability...
A security researcher has published a proof-of-concept (PoC) exploit code targeting a recent high-severity vulnerability (CVE-2024-30088) in Microsoft Windows. This critical flaw holds a risk severity...
View ArticleWordPress Issues Urgent Security Update to Patch Multiple Vulnerabilities
WordPress, the world’s leading content management system (CMS), has released a critical security update, “WordPress 6.5.5,” to address three significant vulnerabilities that could potentially expose...
View ArticleSpyMax – A New Android RAT Targeting Telegram Users
Cybersecurity researchers at K7 Security Labs have pulled back the curtain on a sophisticated and insidious Android Remote Administration Tool (RAT) they’ve dubbed “SpyMax.” This malicious software,...
View ArticleCritical Vulnerabilities in Progress WhatsUp Gold Demand Immediate Action
Progress Software Corporation has issued a dire warning to all users of its WhatsUp Gold network monitoring software, revealing a series of severe vulnerabilities that could have devastating...
View ArticleCVE-2024-38373: FreeRTOS-Plus-TCP Flaw Exposes Millions of IoT Devices to...
A critical vulnerability (CVE-2024-38373) has been discovered in FreeRTOS-Plus-TCP, a popular TCP/IP stack widely used in Internet of Things (IoT) devices and embedded systems. This high-severity flaw,...
View ArticleCISA Issues Warning on Actively Exploited Flaws in GeoServer, Linux Kernel,...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These security flaws, impacting...
View ArticleBeyond Crypto: 8220 Gang Expands Arsenal with k4spreader
Xlab uncovered a new threat emerging from the notorious “8220” mining gang, also known as “Water Sigbin.” This gang, originating from China and active since 2017, has been a persistent menace in the...
View ArticleCVE-2024-5276 (CVSS 9.8): Critical SQLi Flaw in Fortra FileCatalyst Workflow,...
A critical SQL Injection vulnerability (CVE-2024-5276) has been discovered in Fortra FileCatalyst Workflow, a popular enterprise file transfer solution. This vulnerability could allow attackers to...
View ArticleGitLab Releases Critical Updates to Address Multiple Vulnerabilities
GitLab, a leading platform for DevOps lifecycle tools, has announced the release of critical updates for both its Community Edition (CE) and Enterprise Edition (EE). The new versions, 17.1.1, 17.0.3,...
View ArticleCanonical Unveils ‘Everything LTS’: 12-Year Security for Custom Docker Images
Canonical, the company behind Ubuntu, today announced a significant expansion of its Long Term Support (LTS) offering, extending beyond traditional ‘deb’ packages to include a new distroless Docker...
View ArticleDBatLoader: A Malware Distribution via CMD Files
AhnLab Security Intelligence Center (ASEC) has issued a warning regarding the re-emergence of the DBatLoader malware, a notorious downloader known for its historical involvement in phishing campaigns....
View ArticleCritical Vulnerabilities Uncovered in Rockwell Automation’s ThinManager:...
Rockwell Automation, a global leader in industrial automation and digital transformation, has issued a security advisory urging users of its ThinManager software to update to the latest versions...
View ArticleMalicious npm Package Exposes AWS Users to Backdoor
ReversingLabs researchers have uncovered a malicious package named “legacyreact-aws-s3-typescript” on the npm registry. The package, designed to mimic a legitimate tool for uploading files to Amazon S3...
View ArticleAvaya IP Office Users Urged to Patch Critical Flaws (CVE-2024-4196 &...
The Avaya IP Office, a popular telephony system used by businesses worldwide, is facing a critical security threat. Two newly discovered vulnerabilities, CVE-2024-4196 and CVE-2024-4197, have been...
View Article