Vuls: A Comprehensive Vulnerability Management Solution for Modern IT...
The ever-growing complexity of modern IT infrastructure, coupled with the relentless proliferation of cyber threats, places a substantial burden on system administrators tasked with maintaining a...
View ArticleCVE-2024-38200: Zero-Day Vulnerability in Microsoft Office: A Call for Urgent...
In a recent advisory published on August 8th, Microsoft disclosed a high-severity zero-day vulnerability affecting multiple versions of its Office software suite. The vulnerability tracked as...
View ArticleSeqrite Labs Uncovers New Cronus Ransomware Campaign Utilizing Fake PayPal...
In a recent report, the Seqrite Labs APT-Team has exposed a series of malicious campaigns employing fake PayPal documents to spread a new fileless ransomware variant known as Cronus. This... The post...
View ArticleDark Skippy: New Threat Steals Secret Keys from Signing Devices
A serious security threat called Dark Skippy has emerged in the cryptocurrency world. This method allows malicious actors to extract private keys from transaction signing devices, such as hardware...
View ArticleNew Mac Stealer “AMOS” Poses as Loom Screen Recorder, Targets Crypto Wallets
A sophisticated cybercriminal operation, potentially linked to the mysterious threat group “Crazy Evil,” has set its sights on Mac users, leveraging the popularity of the screen recorder Loom to...
View ArticleNorth Korean Hackers Exploit VPN Vulnerabilities to Breach Networks
Cybercriminal groups supported by the North Korean government, such as Kimsuky (APT43) and Andariel (APT45), have recently escalated cyberattacks on South Korea’s construction and engineering sectors....
View ArticleLoanDepot Cyberattack: $27 Million Fallout
The major American mortgage lender LoanDepot has disclosed the financial repercussions of a January cyberattack. According to the company’s report, the expenses associated with the incident have...
View ArticleSimple Coding Errors Lead to Major Ransomware Takedown
A security researcher averted significant financial losses for six companies that could have fallen victim to cyberattacks. Vangelis Stykas, the Chief Technical Officer of Atropos.ai, uncovered...
View ArticleHacker Leaks 1.4 Billion Tencent Records: Mobile, Email, and QQ IDs Exposed
A threat actor known as “Fenice” has unleashed a staggering 1.4 billion records containing personal information from the tencent.com database. This breach, disclosed on August 11th, involves the...
View ArticlePoC Exploit Releases for Cisco SSM On-Prem Account Takeover (CVE-2024-20419)...
A critical vulnerability, identified as CVE-2024-20419, has been publicly disclosed by security researcher Mohammed Adel, who published a detailed writeup along with proof-of-concept (PoC) exploit...
View ArticleCVE-2024-7589: OpenSSH Pre-Authentication Vulnerability in FreeBSD Exposes...
In a recent security advisory, the FreeBSD Project disclosed a critical vulnerability (CVE-2024-7589) in OpenSSH, the widely-used implementation of the SSH protocol suite. This vulnerability could...
View ArticleCVE-2024-5651: RCE Vulnerability in Fence Agents Exposes Critical...
A high-severity security vulnerability (CVE-2024-5651, CVSS 8.8) has been discovered in fence agents, a vital component of many enterprise storage environments. This flaw could enable remote code...
View ArticleQuickShell Security Flaw Exposes Google Quick Share Users to Remote Attacks
Google’s Quick Share, a popular tool for file sharing across Android, Windows, and Chrome OS devices, has recently come under scrutiny following the discovery of serious security vulnerabilities....
View ArticleGhostWrite: New RISC-V Vulnerability Enables Full Device Takeover
A team of researchers from the CISPA Helmholtz Center for Information Security has disclosed a critical vulnerability, named GhostWrite, affecting T-Head XuanTie C910 and C920 RISC-V CPUs. This...
View ArticleFrom 7,000 to 13,000: The Alarming Growth of the 7777 Botnet
Security researchers from Team Cymru have identified a significant expansion in the activities of the “7777” botnet, first detected in October 2023 and named for its use of TCP port... The post From...
View ArticleSecurity Flaw in PostgreSQL: CVE-2024-7348 Allows Arbitrary SQL Execution
The PostgreSQL project has issued a security advisory, warning users of a serious vulnerability (CVE-2024-7348). The flaw, which carries a CVSS score of 8.8, exposes users to the risk of... The post...
View ArticleAkamai Unveils New VPN Post-Exploitation Techniques: Major Vulnerabilities...
Akamai researchers have exposed a series of vulnerabilities and techniques that could allow threat actors to further escalate their attacks after compromising a Virtual Private Network (VPN) server....
View ArticleCVE-2024-22116 (CVSS 9.9): Critical RCE Vulnerability Found in Zabbix...
Zabbix, a widely-adopted open-source solution for enterprise-level IT infrastructure monitoring, has disclosed a critical security vulnerability that could lead to full system compromise. The...
View ArticleBYOVDLL: New Exploit Bypasses Microsoft’s LSASS Defenses
In July 2022, Microsoft made modifications to its Protected Process Light (PPL) system aimed at mitigating a vulnerability that allowed bypassing the protection of LSASS, a critical process responsible...
View ArticleX Faces GDPR Heat Over AI Training on 60 Million European Users’ Data
European privacy advocacy organization NOYB has recently lodged a complaint with EU regulators against Elon Musk’s social media platform, X/Twitter, accusing it of violating users’ privacy rights. The...
View Article