SugarGh0st RAT Targets U.S. Artificial Intelligence Experts
Proofpoint, a leading cybersecurity firm, has uncovered a concerning campaign targeting American organizations and individuals involved in artificial intelligence (AI) research. The campaign, dubbed...
View ArticleCVE-2024-22476 (CVSS 10): Intel’s Critical AI Flaw Leaves Systems Open to Attack
Recently, Intel released 41 security bulletins, addressing over 90 vulnerabilities across its product line, a substantial number. The primary focus of these security flaws lies in the software domain,...
View ArticleIvanti EPMM CVE-2024-22026 Vulnerability: Potential for Full System Takeover,...
Ivanti’s Enterprise Mobility Management Platform (EPMM), a widely used mobile device management solution, has been found to contain a high-severity vulnerability (CVE-2024-22026) that could allow...
View ArticleLog4j Campaign Exploited to Deploy XMRig Cryptominer
The Uptycs Threat Research Team has uncovered a large-scale, ongoing operation within the notorious Log4j campaign. Initially detected within their honeypot collection, the team promptly initiated an...
View ArticleCVE-2024-22120 (CVSS 9.1): Zabbix SQLi Vulnerability Exposes IT...
A new critical-severity security vulnerability, tracked as CVE-2024-22120, has been discovered in Zabbix, the popular open-source IT infrastructure monitoring tool. With a CVSS score of 9.1, this...
View ArticleCritical Security Flaws Uncovered in Popular WordPress eCommerce Theme XStore
A series of critical vulnerabilities have been discovered in the XStore theme and its accompanying XStore Core plugin, both widely used tools for building online stores on the WordPress platform. These...
View ArticleNorth Korean Espionage Group Springtail Unveils New Linux Backdoor in...
Symantec’s Threat Hunter Team has revealed a concerning development in the cyber espionage landscape: the North Korean state-sponsored group Springtail (also known as Kimsuky) has added a new Linux...
View ArticleCritical Git Vulnerability CVE-2024-32002: Researcher Unveils RCE Exploit...
Security researcher Amal Murali recently published the technical details and proof-of-concept (PoC) for critical remote code execution (RCE) vulnerability in Git, tracked as CVE-2024-32002 (CVSS 9.1)....
View ArticleLATRODECTUS Malware Loader: Threat Poised to Replace ICEDID
Cybersecurity researchers at Elastic Security Labs have issued a warning about the increasing prominence of LATRODECTUS, a malware loader exhibiting concerning similarities to the notorious ICEDID...
View ArticlePoC Exploit Published for Chrome 0-day CVE-2024-4947 Vulnerability
A proof-of-concept (PoC) exploit code for a recently patched zero-day CVE-2024-4947 vulnerability in Google Chrome has surfaced, making it crucial for users to immediately update their browsers to the...
View ArticleMetamorfo Banking Trojan: A Deep Dive into a Deceptive Malspam Campaign
A new wave of cyberattacks targeting financial institutions has been uncovered, with the notorious Metamorfo banking Trojan at its center. Cybersecurity researchers at Forcepoint have recently detailed...
View ArticleCVE-2024-3368 Vulnerability in All in One SEO Plugin Threatens Millions of...
A security vulnerability has been discovered in All in One SEO (AIOSEO), a widely used WordPress plugin with over 3 million active installations. This vulnerability, designated as CVE-2024-3368,...
View ArticleBeware of Malicious OneNote Files: Phishing Attacks Evolve with Embedded...
A new report from the Unit 42 Incident Response team reveals a disturbing trend in cyber attacks: the increasing use of Microsoft OneNote files to deliver malicious payloads. Analyzing around 6,000...
View ArticleCVE-2024-34359: Critical Vulnerability in AI Integration Package Threatens...
A recent security vulnerability discovered in the popular llama_cpp_python package, used for integrating AI models with Python, has raised concerns about the security of AI platforms and the broader...
View ArticleNew ‘Cuckoo’ Mac Malware Mimics Homebrew, Threatens User Data
Security researchers at Intego have uncovered a new variant of the “Cuckoo” Mac malware, a strain of the notorious Atomic macOS Stealer (AMOS). This latest variant, discovered on May 15th, employs a...
View ArticleUnauthenticated Attackers Can Hijack 400K+ WordPress Sites via Fluent Forms...
Fluent Forms, a popular WordPress plugin with over 400,000 active installations, has been found to contain multiple critical security vulnerabilities, leaving websites at risk of exploitation. The...
View ArticleKeylogger in Microsoft Exchange Server Breaches Government Agencies Worldwide
A recent report from Positive Technologies Expert Security Center (PT ESC) reveals a concerning security breach impacting Microsoft Exchange Servers. The incident response team discovered a...
View ArticleCISA Warns of Actively Exploited Flaws in NextGen Healthcare Mirth Connect...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark warning to federal agencies and organizations worldwide: two critical security vulnerabilities are currently being...
View ArticleLinguistic Lumberjack (CVE-2024-4323): Critical Vulnerability Shakes Cloud...
A critical memory corruption vulnerability, dubbed Linguistic Lumberjack (CVE-2024-4323), has been uncovered in Fluent Bit, a widely-used open-source logging tool. This discovery by Tenable Research...
View ArticleCVE-2024-4985 (CVSS 10): Critical Authentication Bypass Flaw Found in GitHub...
GitHub, the world’s leading software development platform, has disclosed a critical security vulnerability (CVE-2024-4985) in its self-hosted GitHub Enterprise Server (GHES) product. The vulnerability,...
View Article