GitLab Patches Six Security Flaws, Urges Immediate Update
GitLab, the widely-used code collaboration platform, released a security update today that addresses a half-dozen vulnerabilities across multiple versions of its software. While none of the flaws are...
View ArticleCVE-2024-41827: Expired Tokens Still Active in JetBrains TeamCity, Urgent...
JetBrains TeamCity, a widely used continuous integration and continuous delivery (CI/CD) platform, has been found to contain a high-severity security vulnerability (CVE-2024-41827). This flaw allows...
View ArticleCritical Flaws in Progress Telerik Reporting Tools Put Organizations at Risk...
Progress Software’s widely used Telerik Reporting tools are facing serious security vulnerabilities that could lead to full system compromise, the company warned today. Two flaws, one rated “critical,”...
View ArticleReddit Restricts Search Indexing, Google Gets Exclusive Pass
In a move that’s sending ripples through the tech world, Reddit has implemented a sweeping block on major search engine crawlers, with the notable exception of Google, according to a report from 404...
View ArticleResearchers Uncover Massive Quad7 Botnet Targeting Microsoft 365
Sekoia.io, in collaboration with Intrinsec, conducted an in-depth analysis of the Quad7 (7777) botnet, which utilizes TCP port 7777 on infected routers and carries out brute-force attacks on Microsoft...
View ArticleRed Art Games Hit by Major Cyberattack, Customer Data Exposed
Red Art Games has announced that it has fallen victim to a large-scale cyberattack, resulting in the compromise of numerous customer data. Order processing and returns will be suspended for the next...
View ArticleCritical Vulnerability in Windows Hello for Business Discovered by Researcher
Researcher Yehuda Smirnov has uncovered a critical vulnerability in Microsoft’s Windows Hello for Business (WHfB) authentication system. His discovery calls into question the reliability of biometric...
View ArticleEnhanced Security in Chrome: New Alerts for Suspicious File Downloads
Google Chrome has introduced a new warning system for downloading potentially dangerous, password-protected files. This two-tier warning system for downloads is based on the results of AI malware...
View ArticleServiceNow Exploits Used in Global Reconnaissance Campaign
Resecurity has uncovered a widespread campaign exploiting critical vulnerabilities in ServiceNow, a popular platform for digital workflows. The flaws, identified as CVE-2024-4879, CVE-2024-5217, and...
View ArticleNew Auto Blocker in Samsung OneUI 6.1.1: Blocking APK Sideloading for...
Starting with OneUI 6.1.1, Samsung has implemented a default setting that blocks users from sideloading APK files. This setting is now applied to Samsung’s latest Android devices, even if the...
View ArticleAcronis Cyber Infrastructure Users Urged to Patch Critical Vulnerability...
A critical vulnerability, CVE-2023-45249 (CVSS 9.8), has been discovered in Acronis Cyber Infrastructure (ACI), a popular software-defined infrastructure solution used by numerous organizations for...
View ArticleMalicious Stealer Campaign Exploits Windows SmartScreen Flaw (CVE-2024-21412)
A stealthy cyber campaign is leveraging a critical flaw in Microsoft Windows SmartScreen, the built-in security feature designed to protect users from malicious downloads. This vulnerability, tracked...
View ArticleCritical Flaws in LangChain Expose Millions of AI Apps to Attack
Researchers from Palo Alto Networks have recently detailed two significant security vulnerabilities in LangChain, a widely used open-source generative AI framework boasting nearly 90,000 stars on...
View ArticleFLUXROOT: Phishing Hackers Exploit Serverless Google Cloud
A financially motivated hacker group, codenamed FLUXROOT, has been identified in Latin America, utilizing serverless Google Cloud projects to orchestrate phishing attacks. These assaults aim to steal...
View ArticleHPE Servers Exposed: Critical Vulnerability Demands Urgent Firmware Update
A critical security vulnerability, CVE-2021-38578, has been discovered in a wide range of HPE ProLiant, Alletra, Synergy, Apollo, and Edgeline servers. This vulnerability, rated with a severity score...
View ArticleCVE-2024-40767: OpenStack Nova Vulnerability Exposes Cloud Servers to Data...
A critical vulnerability (CVE-2024-40767) has been discovered in OpenStack Nova, the open-source cloud computing platform’s core component for managing virtual servers. This flaw could allow...
View ArticleOpenAI Introduces SearchGPT Prototype
In May, there were rumors that OpenAI would launch its search engine. However, during the OpenAI Spring Release on May 13th, this search engine was not announced. At that time, Sam Altman stated...
View ArticleInside the Operations of Stargazer Goblin: Unveiling the Malicious Repositories
Check Point has uncovered a network of 3,000 fake accounts on GitHub, actively disseminating malicious programs and phishing links. The activities began at least as early as May of the previous year....
View Article10 Million Users Compromised in Z-Library Phishing Site Hack
On the popular pirate e-book site Z-Library, or rather its phishing clone Z-lib, created in late 2022, there was a recent data breach affecting nearly 10 million users. On June 27, 2024, the...
View ArticleChina Targets U.S. Tech Startups through Investments, NCSC Reveals
The National Counterintelligence and Security Center (NCSC) of the United States has issued a warning to technology startups about the risks associated with foreign investments. According to the NCSC,...
View Article