UK Adolescents Plead Guilty in Multi-Million Pound Banking Fraud Scheme
Three UK adolescents have confessed to operating an online service that facilitated large-scale banking fraud by enabling criminals to circumvent multi-factor authentication protocols. The service,...
View ArticleWindows 11 Surpasses Windows 10 as Dominant PC Gaming Platform
In a notable development in the PC gaming landscape, Windows 11 has officially overtaken its predecessor, Windows 10, as the most widely adopted operating system among Steam users. This shift,... The...
View ArticleCVE-2024-38811: Code Execution Vulnerability Discovered in VMware Fusion
A high-severity security vulnerability (CVE-2024-38811, CVSS 8.8) has been identified in VMware Fusion, a popular virtualization software for macOS. The vulnerability, discovered by Mykola Grymalyuk of...
View ArticleInternational Cybercriminal Extradited to Face Charges in $7.5 Million...
Olusegun Samson Adejorin, a Nigerian national, has been extradited from Ghana to the United States. Adejorin faces a slew of federal charges, including wire fraud, aggravated identity theft, and...
View ArticleTravelers Targeted: Booking.com Phishing Scam Unveiled
A new report from OSINTMATTER has detailed a sophisticated phishing campaign targeting Booking.com, a leading online travel reservation platform. The attack involves a multi-phase approach, starting...
View ArticleResearcher Identifies ToddyCat-Inspired APT Attack Leveraging ICMP Backdoor...
Cybersecurity researchers at Kaspersky’s Global Emergency Response Team (GERT) have uncovered a sophisticated attack involving an ICMP backdoor, bearing striking similarities to the tactics used by the...
View ArticleGoogle Patches Actively Exploited Zero-Day in September Android Update
Google’s September 2024 Android security patch addresses 36 vulnerabilities, one of which has already been exploited in active targeted attacks. The zero-day flaw, tracked as CVE-2024-32896 (CVSS score...
View ArticleCISA Issues Alert: Three Actively Exploited Vulnerabilities Demand Immediate...
The Cybersecurity and Infrastructure Security Agency (CISA) has added three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting their active exploitation in the...
View ArticleRomCom Group’s Underground Ransomware Exploits Microsoft Zero-Day Flaw
FortiGuard Labs found a new ransomware variant, Underground, that has been linked to the Russia-based RomCom group (also known as Storm-0978). This insidious malware encrypts files on victims’ Windows...
View ArticleEmansrepo Stealer: A Multi-Faceted Threat Evolving in Complexity
Cybersecurity researchers at FortiGuard Labs have been tracking the activities of a persistent and adaptable Python-based infostealer dubbed “Emansrepo.” First observed in November 2023, Emansrepo has...
View ArticleCVE-2024-38106: 0-Day Windows Kernel Vulnerability Exploited in the Wild, PoC...
Recently, security researcher Sergey Kornienko from PixiePoint Security published an analysis and proof-of-concept (PoC) exploit for a critical zero-day vulnerability in the Windows Kernel, identified...
View ArticleClearview AI Faces Record €30.5 Million Fine for Privacy Breach
The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million on Clearview AI and has ordered the company to cease its violations, warning that failure to... The post Clearview AI...
View ArticleTransport for London Under Cyberattack, Transport Services Remain Unaffected
Transport for London (TfL) has disclosed an ongoing cyberattack targeting its systems. The incident has yet to disrupt the city’s transport services, and TfL assures the public that there is... The...
View ArticleRevival Hijack: A New PyPI Hijacking Technique Threatens Thousands of Packages
The JFrog security research team has uncovered a novel PyPI package hijacking method known as “Revival Hijack,” which has put over 22,000 packages at risk of exploitation. Unlike traditional...
View ArticleECDSA Vulnerability in YubiKey: What You Need to Know
In a recent security advisory, Yubico disclosed a moderate vulnerability (CVE-2024-45678) affecting several of its hardware security devices, including the widely-used YubiKey 5 Series, Security Key...
View ArticleNigerian National Receives 5-Year Sentence for Multi-Million Dollar BEC Fraud
The U.S. Department of Justice announced that Franklin Ifeanyichukwu Okwonna, a 34-year-old Nigerian national, has been sentenced to five years and three months in prison for his role in a... The post...
View ArticleWebmin/Virtualmin Vulnerability Opens Door to Loop DoS Attacks (CVE-2024-2169)
System administrators and web hosting providers relying on the popular Webmin and Virtualmin control panels are urged to take immediate action following the disclosure of a critical vulnerability...
View ArticleWarning: CVE-2024-20469 in Cisco ISE with PoC Code Puts Networks at Risk
A vulnerability, tracked as CVE-2024-20469, has been discovered in Cisco Identity Services Engine (ISE). With a CVSS score of 6.0, this vulnerability allows authenticated, local attackers to elevate...
View ArticleGoffloader: In-Memory Execution, No Disk Required
The security company Praetorian has released GoffLoader, a tool designed to simplify the execution of BOF files and unmanaged Cobalt Strike PE files directly in memory, without writing any files... The...
View ArticleNew KTLVdoor Backdoor Discovered in Multiplatform Intrusion Campaign Linked...
Cybersecurity researchers from Trend Micro have uncovered a new and highly sophisticated multiplatform backdoor dubbed KTLVdoor, linked to the notorious Chinese-speaking threat actor Earth Lusca. The...
View Article