Cross Fork Object Reference (CFOR): GitHub’s New Security Vulnerability
Experts at Truffle Security have discovered that data from deleted forks, repositories, and even private repositories on GitHub may remain accessible indefinitely. This issue is not only known to the...
View Article“ConfusedFunction” Flaw Opens Google Cloud Platform to Privilege Escalation...
Cybersecurity researchers have uncovered a privilege escalation vulnerability in the Cloud Functions service on the Google Cloud Platform. This vulnerability, dubbed ConfusedFunction, could allow an...
View ArticleLummaC2 Malware Uses Gaming Platform as C2 Server
Security researchers from AhnLab Security (ASEC) recently identified a new variant of the LummaC2 malware, which utilizes the popular gaming platform Steam as a C2 server. This method significantly...
View Article“TuDoor” Attack: New DNS Vulnerability Threatens Internet Security
Researchers have discovered a new critical vulnerability in the Domain Name System (DNS), which enables a specialized attack termed “TuDoor.” This attack can be used to poison DNS caches, initiate...
View ArticleHackers Leak Sensitive Documents from Major Pentagon IT Contractor, Leidos
Cybercriminals have leaked internal documents stolen from Leidos Holdings Inc., one of the largest IT service providers for the U.S. government, Bloomberg reports. According to a source familiar with...
View ArticleFrance Leads International Effort to Eradicate PlugX Trojan from 3,000 Systems
A large-scale operation to remove the PlugX trojan from infected devices has commenced in six countries. This campaign was organized by the French police with the support of Europol and the French...
View ArticleMalicious Emails Bypass Secure Email Gateways, Delivering FormBook Malware
A new wave of cyberattacks has exposed a critical weakness in Secure Email Gateways (SEGs), allowing malicious emails to bypass security filters and deliver dangerous malware payloads. Cofense...
View ArticleSpytech Hacked: Thousands of Devices Exposed in Spyware Maker Breach
Recently, TechCrunch‘s technical specialists uncovered a rather intriguing incident in the IT world. A small Minnesota-based company, Spytech, specializing in spyware production, fell victim to a cyber...
View ArticleCVE-2024-39676: Apache Pinot Flaw Exposes Sensitive Data, Urgent Upgrade Needed
Apache Pinot, a real-time analytics open-source platform for lightning-fast insights, effortless scaling, and cost-effective data-driven decisions, has recently disclosed a serious security...
View ArticleMonoSwap Hacked: Urgent Withdrawal Alert
The popular decentralized cryptocurrency exchange platform MonoSwap recently suffered a cyberattack. The platform’s administration urges users not to add liquidity or participate in farming pools until...
View ArticleFinancial Fallout: CrowdStrike Downtime Leaves $5.4 Billion Hole in Fortune 500
A recent report by Parametrix, a leading cloud monitoring and insurance firm, has revealed the staggering financial fallout of the July 19th CrowdStrike outage. The report estimates that Fortune 500...
View ArticleSpyware Targets MEP Daniel Freund Before EU Elections
German Member of the European Parliament, Daniel Freund, revealed that he was targeted by sophisticated spyware two weeks before the European Parliament elections. Politico provided a detailed account...
View ArticleFrom Cheating to Thievery: EvolvedAim’s Creator Exposed as Malware Distributor
The developer of EvolvedAim, a popular cheat for the game Escape From Tarkov, recently found himself at the center of a major scandal. It was discovered that, alongside his paid subscription cheat, the...
View ArticlePKfail Vulnerability: A New Threat to UEFI Security Unveiled by Binarly...
In a recent and alarming discovery, cybersecurity specialists from Binarly have identified a critical flaw affecting hundreds of UEFI products from 10 prominent suppliers. The vulnerability, dubbed...
View ArticleCVE-2024-40897: Vulnerability in Orc Compiler Opens Door to Code Execution...
Security researchers have disclosed a critical vulnerability (CVE-2024-40897) in the Orc compiler, a widely-used tool for compiling and executing simple data-array programs. The vulnerability, stemming...
View ArticleX (Formerly Twitter) Silently Trains AI on User Data, Sparks Privacy Concerns
X, the social media platform previously known as Twitter, has sparked privacy concerns by enabling a data-sharing feature by default. This feature allows X to share user data, including posts and...
View ArticleBSNL Data Breach: State Telecom Giant Exposed on Hacker Forum
On May 27, a user with the alias “kiberphant0m” on Breach Forums, a site renowned among hackers, offered for sale data allegedly hacked from Bharat Sanchar Nigam Limited (BSNL) for $5000. Bharat...
View ArticleW2 Form Phishing Campaign Delivers Brute Ratel and Latrodectus Malware
Rapid7, a leading cybersecurity firm, has issued a warning about a new phishing campaign targeting individuals seeking W2 tax forms online. The campaign leverages fake IRS websites that appear in Bing...
View ArticlePalo Alto Networks’ AI-Powered Tool Exposes 15 Vulnerabilities in...
Palo Alto Networks is actively developing security technologies leveraging artificial intelligence. In 2023, the company’s researchers created an automated tool for detecting BOLA (Broken Object-Level...
View ArticleAI’s Dark Side: Hackers Harnessing ChatGPT and LLMs for Malicious Attacks
In a concerning trend, cybercriminals are increasingly leveraging Large Language Models (LLMs) like ChatGPT to craft sophisticated and deceptive attacks, according to a recent report from Symantec....
View Article