New PostgreSQL Threat: PG_MEM Malware Strikes Databases
A new and insidious threat has emerged, targeting the widely used PostgreSQL database management system. Aqua Nautilus researchers have identified a novel malware strain, named “PG_MEM,” which employs...
View ArticleALBeast Vulnerability Exposes Thousands of AWS Applications to Critical...
A new configuration-based vulnerability, dubbed ALBeast, has been uncovered by Miggo Research, affecting a staggering number of applications relying on AWS Application Load Balancers (ALBs) for...
View ArticleCVE-2024-39717: Versa Networks Director GUI Flaw Under Active Attack, CISA...
In a recent cybersecurity alert, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has highlighted the active exploitation of a severe vulnerability identified as CVE-2024-39717. This...
View ArticleMoscow Hacker Arrested in Georgia, Faces U.S. Court for Cybercrimes
Deniss Zolotarjovs, a 33-year-old resident of Moscow, has recently been charged with participating in the activities of an international cybercriminal organization. A federal grand jury in Ohio has...
View ArticleCertiK Issues Public Apology to Kraken Over $3M Bug Bounty Incident
The cybersecurity firm CertiK has publicly confirmed its involvement in the incident with the cryptocurrency exchange Kraken, which had earlier accused an unnamed “whitehat research” of stealing $3...
View ArticleQilin Ransomware: Beyond Encryption, a New Threat of Credential Theft
The Qilin ransomware group, already infamous for its “double extortion” tactics, has now added a new strategy to its repertoire: credential harvesting from Google Chrome browsers. A recent...
View ArticlePEAKLIGHT Malware: A New Stealthy Memory-Only Threat Emerges
Cybersecurity researchers at Mandiant have unveiled a sophisticated new memory-only dropper and downloader that’s been silently delivering a variety of malware-as-a-service infostealers, including...
View ArticleShellSweepX: A Precision Tool for Web Shell Detection
In the realm of cybersecurity, the ever-present threat of web shells demands specialized solutions. These malicious scripts, often concealed within legitimate web applications, can provide attackers...
View ArticleCVE-2024-43399: Critical Zip Slip Vulnerability Discovered in Mobile Security...
A serious security flaw has been uncovered in Mobile Security Framework (MobSF), a widely-used open-source tool for mobile app security analysis. The vulnerability, identified as CVE-2024-43399 (CVSS...
View ArticleUser Outcry Forces Google to Resume Chrome Support on Ubuntu 18.04
Google unexpectedly discontinued support for the Chrome browser on the current long-term support operating system, Ubuntu 18.04 LTS “Bionic Beaver,” with the release of Chrome 128. This decision...
View ArticleCyberattack on Magento: Hackers Inject Skimmer, Card Data Stolen
During a recent cyberattack on numerous online stores utilizing the Magento platform, a skimmer was injected into the sites, stealing customers’ payment card data, including the card number, expiration...
View ArticleChina-Nexus Group Velvet Ant Exploits Cisco Zero-Day (CVE-2024-20399)
At the beginning of 2024, the Chinese group Velvet Ant exploited a patched zero-day vulnerability (CVE-2024-20399, CVSS 6.7) in Cisco switches to gain control over devices and bypass threat...
View ArticleHacking the Hacker: Researcher Found Critical Flaw (CVE-2024-45163) in Mirai...
Security researcher Jacob Masse has exposed a critical vulnerability within the Mirai botnet, the infamous malware that has plagued the Internet of Things (IoT) and server landscapes since 2016....
View ArticleMalicious Browser Extension Hijacks Solana Transactions
Jupiter Research has published the findings of an investigation into an incident in which some users of DeFi applications on the Solana platform lost their funds. The culprit behind the... The post...
View ArticleCheana Stealer Targets VPN Users Across Windows, Linux, and macOS in...
In the ever-evolving landscape of cybersecurity, threat actors are continuously refining their tactics to bypass defenses and exploit unsuspecting users. The latest threat identified by Cyble Research...
View ArticleCritical Flaw Discovered in Popular Python Library Pandas: No Patch Available...
A critical security vulnerability has been identified in the widely-used Python library, pandas, which could expose millions of systems to unauthorized access. The vulnerability, tracked as...
View ArticleWindows Endpoint Security Summit: Microsoft and CrowdStrike Unite to Protect...
Following a significant global outage of Microsoft services caused by an internal CrowdStrike verifier error, which rendered approximately 8.5 million Windows devices unusable, Microsoft has announced...
View ArticleHillstone Networks Addresses Critical RCE Vulnerability in WAF...
Hillstone Networks, a global leader in network security solutions, has released a security advisory addressing a critical vulnerability (CVE-2024-8073) in its Web Application Firewall (WAF) product....
View ArticleARRL Confirms $1 Million Ransom Payment Following May Attack
The American Radio Relay League (ARRL) recently confirmed the payment of a $1 million ransom to restore its systems following a ransomware attack that occurred in May. Upon discovering the... The post...
View ArticleUber Hit with €290 Million GDPR Fine by Dutch DPA
Uber, the renowned ride-hailing service provider, was recently hit with a record-breaking fine of €290 million by the Dutch privacy regulator for failing to comply with EU regulations by...
View Article