UAC-0184’s XWorm RAT Campaign Targets Ukraine with Python and DLL Sideloading
The Cyble Research and Intelligence Labs (CRIL) has uncovered a persistent malware campaign specifically targeting Ukrainian individuals and organizations. This campaign, attributed to the threat actor...
View ArticlePoC Released for Unauthenticated RCE Vulnerability in TP-Link VIGI NVR4032H...
A critical security vulnerability has been discovered in TP-Link’s VIGI NVR4032H network video recorder, a device widely used in professional surveillance systems. This flaw could allow remote...
View ArticleCVE-2024-2973 (CVSS 10): Juniper Session Smart Router Authentication Bypass...
In a recent cybersecurity advisory, Juniper Networks disclosed a critical vulnerability identified as CVE-2024-2973, which has earned a severity rating of 10 on the CVSS scale. This vulnerability...
View ArticleCritical Supply Chain Breach: Beware of Trojanized Notezilla, RecentX,...
Rapid7, a prominent cybersecurity firm, has uncovered a sophisticated supply chain attack targeting users of well-known Windows software tools Notezilla, RecentX, and Copywhiz. The attack involves the...
View ArticleTeamViewer Confirms Cyberattack by Notorious APT Group
TeamViewer, a remote control tool trusted by millions of users globally, has disclosed a significant cyberattack. A sophisticated hacker group identified as APT29, or “Midnight Blizzard,” successfully...
View ArticleMerkSpy Spyware Campaign Exploits Microsoft Office Flaw
Cybersecurity researchers at FortiGuard Labs have uncovered a sophisticated cyberattack that leverages a known vulnerability in Microsoft Office to deliver a potent spyware payload known as MerkSpy....
View ArticleCVE-2024-36072 (CVSS 10): Unauthenticated RCE Flaw in CoSoSys Endpoint Protector
CoSoSys, a leading data loss prevention (DLP) solutions provider, has urgently released patches to address four severe vulnerabilities discovered in their Endpoint Protector and Unify products. These...
View ArticleInnoLoader Malware Evades Detection Posing as Cracked Software
The AhnLab Security Intelligence Center (ASEC) has issued a warning about a new breed of malware that disguises itself as cracked software and legitimate tools. This malware, dubbed “InnoLoader,” is...
View ArticleMicrosoft Issues CVE Numbers for Cloud Service Vulnerabilities
In a move towards greater transparency and security, Microsoft has announced a new practice of assigning Common Vulnerabilities and Exposures (CVE) numbers for significant vulnerabilities found and...
View ArticleAttackers Leveraging Public Cobalt Strike Profiles to Evade Detection
In a recent report, Unit 42 researchers have revealed a concerning trend: threat actors are increasingly exploiting publicly available Cobalt Strike profiles to mask their malicious activities and...
View ArticleCritical Vulnerability in WebRTC Media Servers Threatens Real-Time Communication
A critical denial-of-service (DoS) vulnerability has been identified in media servers handling WebRTC’s DTLS-SRTP. This flaw, stemming from a race condition between ICE and DTLS traffic, can disrupt...
View ArticleWater Sigbin Threat Actor Targets Oracle WebLogic Servers to Deploy XMRig...
Security researchers at Trend Micro have uncovered a sophisticated campaign by the Water Sigbin threat actor, also known as the 8220 Gang, targeting Oracle WebLogic servers to deploy XMRig...
View ArticleIndirector – High-Precision Branch Target Injection Attacks: A New Threat to...
Researchers at the University of California San Diego have published a groundbreaking paper detailing a new class of security vulnerabilities in Intel’s high-end CPUs. These vulnerabilities, dubbed...
View ArticleCVE-2024-5261 (CVSS 10): LibreOffice Patches Critical Vulnerability in...
The Document Foundation, the organization behind the popular open-source office suite LibreOffice, has issued an urgent security advisory regarding a critical vulnerability (CVE-2024-5261) in its...
View ArticlePoC Exploit Published for Linux Kernel Privilege Escalation Flaw (CVE-2024-0193)
A security researcher has released proof-of-concept (PoC) exploit code targeting a high-severity vulnerability (CVE-2024-0193) within the Linux kernel. This use-after-free flaw in the netfilter...
View ArticleGoogle to Drop Entrust Certificates from Chrome Starting November 2024
In a significant move that underscores the critical nature of digital security, Google has announced that, starting November 1, 2024, Chrome 127 and all subsequent versions will no longer trust newly...
View ArticleCVE-2024-6387: Critical OpenSSH Unauthenticated RCE Flaw ‘regreSSHion’...
The Qualys Threat Research Unit (TRU) has detailed a severe security flaw, dubbed ‘regreSSHion,’ that leaves millions of Linux systems vulnerable to remote code execution. The vulnerability, identified...
View ArticleCVE-2024-20399: Cisco NX-OS Zero-Day Vulnerability Under Active Attack
A zero-day vulnerability (CVE-2024-20399) has been discovered in Cisco NX-OS Software, the operating system powering a wide range of Cisco’s networking devices. This flaw could allow an attacker with...
View ArticleNorth Korean Hackers Target South Korean Academics with New Chrome Extension...
Zscaler ThreatLabz, a leading cybersecurity research team, has uncovered a new cyber espionage campaign by the North Korean state-sponsored hacking group Kimsuky. The group is deploying a malicious...
View ArticleCritical RCE Vulnerability Discovered in Spotfire Products: CVE-2024-3330...
Cloud Software Group has issued an urgent security advisory regarding a critical vulnerability (CVE-2024-3330) in its popular data visualization and analytics platform, Spotfire. This vulnerability,...
View Article