PyPI Packages Leak User Data to Telegram Bot, Iraqi Cybercriminals Suspected
Experts at Checkmarx have uncovered PyPI packages containing a malicious script in the “init.py” file that transmits user data to a Telegram bot. The malicious packages, uploaded by a user named...
View ArticleCybersecurity Alert: FIN7 Expands Arsenal with New AvNeutralizer Variant
Experts at SentinelLabs have uncovered new evidence that the infamous hacker group FIN7 continues to refine its attack methods and expand its influence in the criminal underworld. According to recent...
View ArticleCritical Vulnerabilities in NI VeriStand Expose Industrial Systems to Remote...
National Instruments (NI) has issued a critical security advisory warning users of its widely-used real-time testing software, VeriStand, about two severe vulnerabilities that could allow attackers to...
View ArticleTexas Man Jailed for Running DDoS-for-Hire Website
A US resident has been sentenced to 9 months in prison for creating and managing the Astrostress service, which allowed users to launch powerful DDoS attacks. The defendant was also given a 2-year...
View ArticleCVE-2024-40075: XXE Vulnerability Found in Laravel v11.x
A significant vulnerability has been identified in Laravel v11.x, the popular PHP web framework renowned for building modern, elegant web applications. This vulnerability, designated as CVE-2024-40075,...
View ArticleDocker Users Beware: CVE-2024-41110 (CVSS 10) Could Lead to System Takeover
Docker has issued a security advisory for a critical vulnerability affecting certain versions of Docker Engine. This vulnerability, identified as CVE-2024-41110, has a CVSS score of 10, indicating a...
View ArticleCISA Warns: Critical Exploits Targeting Microsoft and Twilio Authy Discovered...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two actively exploited vulnerabilities affecting Microsoft Internet Explorer and Twilio Authy, a...
View ArticleLet’s Encrypt Announces Intent to End OCSP Support: A Move Towards Privacy...
Let’s Encrypt, a leading provider of free SSL/TLS certificates, has announced its intention to discontinue support for the Online Certificate Status Protocol (OCSP) in favor of Certificate Revocation...
View ArticleCVE-2024-3246: LiteSpeed Cache Plugin Vulnerability Puts Millions of...
A vulnerability was discovered in LiteSpeed Cache (LS Cache), a widely used WordPress plugin installed on over five million sites. The vulnerability, tracked as CVE-2024-3246, allows attackers to...
View ArticleLinux Users Hit by CrowdStrike Fallout: Kernel Panics Reported
Last Friday, the world experienced an unprecedented outage that disrupted multiple industries, including finance, media, transportation, and logistics. Many domestic users also encountered Windows...
View ArticleGoogle Chrome 127 Arrives with Security Patches: What Users Need to Know
Google has rolled out the latest version of its renowned browser, Chrome 127. This release brings a host of improvements, prominently featuring 24 security-related fixes. Available for Windows, macOS,...
View ArticleCybercriminals Exploit CrowdStrike Update Incident with New Stealer Malware,...
CrowdStrike, a leading cybersecurity firm, has issued a warning about a new information-stealing malware dubbed “Connecio” that’s being distributed by threat actors using a cunning disguise: a fake...
View ArticleSwiss Government Goes All-In on Open Source with New Law
After nearly 13 years of deliberation, the Swiss government has finally enacted the Federal Law on the Use of Electronic Means for the Performance of Government Tasks (EMBAG). This law mandates that...
View ArticleKnowBe4 Exposes North Korean Cyber Espionage: A Fake Employee Unmasked
KnowBe4, a cybersecurity company, has unveiled an attempt to infiltrate its IT system through a fake employee from North Korea. All company data remained secure thanks to the timely actions of the IT...
View ArticleRecord Cyberattack: Suffolk County’s $25.7M Recovery Plan
Suffolk County, New York, has approved an allocation of $25.7 million for recovery efforts following one of the most devastating cyberattacks on a municipality in the United States. On September 8,...
View ArticleEspionage Group Daggerfly Revamps Toolset, Expands Targets in Wake of Malware...
The notorious espionage group Daggerfly, also known as Evasive Panda and Bronze Highland, has undergone a significant overhaul of its cyber arsenal, likely spurred by the public disclosure of its older...
View ArticleEV Fast Chargers Vulnerable to Remote Hacking, Study Finds
Engineers at Southwest Research Institute (SwRI), located in Texas, discovered a vulnerability in fast charging stations for electric vehicles that allows hackers to gain unauthorized access and even...
View ArticleBIND Security Updates: Patch Your DNS Servers Now
The Internet Systems Consortium (ISC), the maintainers of the widely-used BIND Domain Name System (DNS) server software, has released critical security updates to address four high-severity...
View ArticleHotPage.exe Unmasked: Hidden Malware with Advanced Capabilities
At the end of 2023, researchers stumbled upon an intriguing discovery—a setup file named HotPage.exe. At first glance, this application appeared to be yet another piece of adware. However, deeper...
View ArticleSiemens SICAM Products Vulnerable to Critical Flaws, Urgent Update Needed
Siemens, a global industrial automation giant, has issued a critical security advisory warning users of multiple SICAM products about serious vulnerabilities that could lead to unauthorized access and...
View Article