CISA Adds Apache Flink CVE-2020-17519 Vulnerability to KEV Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has raised a critical alarm for users of the Apache Flink framework. A dangerous directory traversal vulnerability (CVE-2020-17519) has been...
View ArticleResearchers Reveals Ikaruz Red Team’s Rising Threat to Philippine Cybersecurity
SentinelOne, a leading cybersecurity firm, has released a comprehensive report detailing the activities of the Ikaruz Red Team (IRT), a hacktivist group increasingly targeting the Philippines with...
View ArticleCVE-2024-5274: Google Patches Zero-Day Vulnerability Actively Exploited in...
Google issued an emergency security update for its Chrome browser Thursday, urgently addressing a zero-day vulnerability (CVE-2024-5274) that threat actors are actively exploiting. The flaw, a...
View ArticleRansomhub’s SCADA Hack: A Wake-Up Call for Industrial Cybersecurity
The cybersecurity landscape is witnessing an alarming trend as ransomware groups increasingly set their sights on industrial control systems (ICS), the digital backbone of essential infrastructure. A...
View ArticleCVE-2024-28064: Critical Flaw Discovered in Totemomail Email Encryption Software
Cybersecurity researchers have uncovered two serious vulnerabilities in Totemomail, a widely used email encryption software now part of Accellion’s Kiteworks platform. These flaws, identified as...
View ArticleCVE-2024-34710: Wiki.js Vulnerability Exposes Users to Potential Account...
Wiki.js, a popular open-source wiki engine, has patched a critical security vulnerability that could have allowed attackers to inject malicious code and potentially compromise user accounts, including...
View ArticleThe Hidden Threat in Man Pages: Kinsing Malware Targets Apache Tomcat Servers
The persistent cyber threat known as Kinsing malware has taken a new and sophisticated approach to its cryptojacking campaign. Tenable Research recently uncovered that the malware is now targeting...
View ArticleCVE-2024-36077: Remote Code Execution Threatens Qlik Sense Users
Qlik, a prominent player in the data analytics space, has issued a critical security advisory warning users of a high-risk vulnerability (CVE-2024-36077) in their Qlik Sense Enterprise for Windows...
View ArticleDNSBomb: New DDoS Attack Explodes DNS Traffic, Threatening Critical Internet...
Researchers from Tsinghua University have unveiled a potent new method for launching distributed denial-of-service (DDoS) attacks, dubbed DNSBomb (CVE-2024-33655). This innovative attack weaponizes DNS...
View ArticleAttackers Exploit Obscure WordPress Plugin to Steal Credit Card Data
Cyber attackers are continually refining their methods to inject malware into websites, and the recent discovery by Sucuri security analyst Ben Martin sheds light on their latest tactics. Researcher...
View ArticleResearchers Detail Critical Vulnerability in AI-as-a-Service Provider Replicate
Recently, the Wiz Research team revealed a critical vulnerability in the AI-as-a-Service provider, Replicate. This vulnerability had the potential to expose millions of private AI models and...
View ArticleCVE-2024-5148: GNOME Remote Desktop Vulnerability Exposes Sensitive Information
Security researcher Matthias Gerstner has discovered a critical vulnerability (CVE-2024-5148) in GNOME Remote Desktop versions 46.0 and 46.1, potentially exposing sensitive information and allowing...
View ArticleTransparent Tribe Targets Indian Government and Defense Sectors with Evolving...
The BlackBerry Threat Research and Intelligence Team has revealed a sustained campaign by Pakistani-based cyber espionage group Transparent Tribe (APT36) targeting critical Indian government, defense,...
View ArticleCLOUD#REVERSER: Threat Actors Exploit Legitimate Cloud Services for Stealthy...
Securonix’s Threat Research team has uncovered a novel cyberattack campaign, dubbed CLOUD#REVERSER, that leverages legitimate cloud storage services like Google Drive and Dropbox as a covert...
View ArticleUnfading Sea Haze: A New Cyber Espionage Threat in the South China Sea
Bitdefender Labs has uncovered a previously unknown cyberespionage group, dubbed “Unfading Sea Haze,” responsible for a string of attacks targeting high-level government and military organizations in...
View ArticleCatDDoS-Related Gangs Ramp Up Attacks Exploiting Over 80 Vulnerabilities
A recent report from XLab’s Cyber Threat Insight Analysis (CTIA) system paints a concerning picture of the ever-evolving threat landscape. CatDDoS-related botnets, a family of malware strains derived...
View ArticleVuFind Libraries Face Critical Vulnerabilities – CVE-2024-25737 & CVE-2024-25738
VuFind, the widely used open-source library discovery platform, has issued an urgent security advisory, disclosing two critical vulnerabilities that could expose libraries and their users to serious...
View ArticleChina’s Cyber Espionage Actors Employ ORB Networks to Evade Detection
Mandiant Intelligence has revealed a concerning trend among China-linked cyber espionage groups: the use of Operational Relay Box (ORB) networks to enhance their espionage capabilities. These ORB...
View ArticlemacOS Under Threat: PoC Exploit for CVE-2024-27842 Allows Kernel-Level Code...
Recently, security researcher Wang Tielei published a proof-of-concept (PoC) exploit codes for a significant privilege escalation vulnerability (CVE-2024-27842) in macOS. The vulnerability has been...
View ArticleGoogle Cloud Report Reveals Accidental Deletion of Customer Data
Google Cloud has publicly addressed an incident in which a misconfiguration during the setup of a Google Cloud VMware Engine (GCVE) private cloud led to the unintended deletion of Australian customer...
View Article