Log4j Exploited Again: New Campaign Targets Vulnerable Systems with...
Despite its discovery over two years ago, the Log4j vulnerability, known as Log4Shell (CVE-2021-44228), continues to pose a significant threat to global cybersecurity. A recent report from Datadog...
View ArticleIranian APT GreenCharlie Escalates Threats Against US Political Targets Using...
A recent report from Insikt Group has shed light on the covert operations of GreenCharlie, an Iran-backed Advanced Persistent Threat (APT) group, which has been linked to the targeting of... The post...
View ArticleCVE-2024-43403: Kanister Vulnerability Opens Door to Cluster-Level Privilege...
A critical vulnerability in the popular data protection workflow management tool, Kanister, has been discovered, potentially allowing attackers to gain full control over Kubernetes clusters. The...
View ArticleMicrosoft Signals End of an Era: Control Panel to be Phased Out
After over a decade of speculation, Microsoft has officially confirmed that the traditional Control Panel, a cornerstone of Windows system management for nearly three decades, is set to be...
View ArticleDMCA Takedown: Bypass Paywalls Clean Extension Banned for Copyright Infringement
The browser extension Bypass Paywalls Clean (BPC), which allowed users to circumvent paywalls and access content on websites without subscribing, has been blocked along with its 3,879 forks. The...
View ArticleSolarWinds Web Help Desk Hit by Critical Vulnerability (CVE-2024-28987)
SolarWinds has issued an urgent security advisory for its Web Help Desk (WHD) software, warning of a critical hardcoded credential vulnerability (CVE-2024-28987) that poses a significant risk to...
View ArticleiOS Text String Bug: A Few Characters Can Crash iPhone
Mysterious codes that can cause system crashes frequently appear in the iOS system. Typically, these enigmatic codes do not pose security concerns, as attackers cannot remotely input these codes on......
View ArticlePoC Exploit Released for RCE 0-day CVE-2024-41992 in Arcadyan FMIMG51AX000J...
A critical vulnerability, identified as CVE-2024-41992, has been discovered in the Arcadyan FMIMG51AX000J model, and potentially other WiFi Alliance-affiliated devices using the same firmware version...
View ArticleNew Phishing Campaign Targets US Government Organizations
Researchers at ANY.RUN have identified a new campaign using Tycoon 2FA phish-kit. This time, attackers are targeting US government organizations with fake Microsoft pages. Tycoon 2FA and Its Latest...
View ArticleCVE-2024-28000 in LiteSpeed Cache Plugin Actively Exploited: Over 30,000...
A critical security vulnerability in the widely used LiteSpeed Cache plugin for WordPress has come under active exploitation, with over 30,000 attack attempts blocked in just the past 24 hours,... The...
View ArticleTodoSwift: North Korean Cybercriminals Use Bitcoin Lure to Spread macOS Malware
A signed application known as “TodoTasks” has been discovered to be a sophisticated malware dropper targeting macOS users. Uploaded to VirusTotal on July 24, 2024, this malicious application is...
View ArticleEscalating Cyber Threats: Q2 2024 Vulnerability Report
The cybersecurity landscape in Q2 2024 was marked by a notable increase in new vulnerabilities and exploitation techniques targeting both applications and operating systems. According to Kaspersky...
View ArticleMcDonald’s Falls Victim to Cyberattack: Instagram Hijacked to Promote Grimace...
In a surprising turn of events, McDonald’s, the global fast-food giant, fell victim to a cyberattack that leveraged the brand’s Instagram account to promote a meme coin called “Grimace.” On... The post...
View ArticleCVE-2024-38206: SSRF Vulnerability in Microsoft Copilot Studio Exposes...
Tenable Research has discovered a critical server-side request forgery (SSRF) vulnerability in Microsoft’s Copilot Studio, potentially allowing attackers to gain access to sensitive internal resources....
View ArticleNGate Android Malware Steals NFC Payment Data at ATMs
Researchers from ESET have uncovered a new malicious campaign targeting customers of three Czech banks. The attackers employed a unique malware known as NGate, which transmitted payment card data...
View ArticleCybercriminals Mimic Slack in Sophisticated Malvertising Campaign
A recently discovered malvertising campaign targeting Slack users has highlighted the increasingly sophisticated tactics employed by cybercriminals. Security researchers at Malwarebytes Labs have...
View ArticleSonicWall Issues Urgent Patch for Critical Firewall Vulnerability...
SonicWall, a prominent network security provider, has released a security advisory warning users of a critical vulnerability (CVE-2024-40766) affecting their SonicOS operating system. The...
View ArticleCritical Vulnerabilities Uncovered in Progress WhatsUp Gold (CVE-2024-6670 &...
The Progress WhatsUp Gold team has recently disclosed multiple critical vulnerabilities affecting all versions of the software released before 2024.0.0. These vulnerabilities, identified as...
View ArticleExploit for CVE-2024-38054 Released: Elevation of Privilege Flaw in Windows...
Security researcher ‘Frost’ has released proof-of-concept exploit code for the CVE-2024-38054 vulnerability, escalating concerns over a recently patched Windows security flaw. This high-severity...
View ArticleUrgent Edge Security Update: Microsoft Patches Zero-day & RCE Vulnerabilities
Microsoft has released an urgent security update for its Edge browser, patching a critical vulnerability that is currently being exploited by malicious actors. This zero-day flaw, tracked as...
View Article