CosmicBeetleās ScRansom Ransomware: A Growing Threat to European and Asian...
In a significant development tracked by ESET researchers, the threat actor known as CosmicBeetle has intensified its ransomware operations, replacing its previous Scarab ransomware with a custom tool...
View ArticleCVE-2024-45409 (CVSS 10): Critical Ruby-SAML Flaw Leaves User Accounts Exposed
A critical security vulnerability, CVE-2024-45409, has been identified in the Ruby-SAML library, a widely used tool for implementing SAML (Security Assertion Markup Language) authorization on the...
View ArticleGitLab Issues Critical Security Patch for CVE-2024-6678 (CVSS 9.9), Urges...
In a recent security advisory, GitLab announced the release of critical security patches for its Community Edition (CE) and Enterprise Edition (EE). The patches address several vulnerabilities,...
View ArticleCVE-2024-8522 & CVE-2024-8529 (CVSS 10): LearnPress SQLi Flaw Leaves 90K+...
Two critical SQL injection vulnerabilities have been discovered in LearnPress, a popular WordPress plugin used to create and manage online courses. The flaws, tracked as CVE-2024-8522 and...
View ArticleCisco Issues Security Advisories: Critical Vulnerabilities Impact Multiple...
Cisco Systems has released a series of urgent security advisories, revealing a total of nine vulnerabilities affecting various products, including Cisco IOS XR Software, Crosswork Network Services...
View ArticleCritical Vulnerabilities in Kakadu JPEG 2000 Library Expose Systems to Remote...
Researchers from the Google Chrome Vulnerability Rewards (CVR) team have identified a series of critical vulnerabilities within the Kakadu image library, a widely deployed software component used for...
View ArticleWhatsUp Gold Under Attack: New RCE Vulnerabilities Exploited
Trend Micro researchers have uncovered a series of remote code execution (RCE) attacks targeting WhatsUp Gold, a popular network monitoring software provided by Progress Software Corporation. The...
View ArticleBeware the New TrickMo Banking Trojan: Enhanced Features, Increased Danger
In a recent report, the Cleafy Threat Intelligence Team uncovered a new variant of the infamous TrickMo banking trojan, which now carries even more dangerous capabilities than its predecessors....
View ArticleFortinet Faces Potential Data Breach, Customer Data at Risk
In a concerning development for cybersecurity giant Fortinet, a potential data breach has come to light, raising alarms about the security of sensitive customer information. The incident reportedly...
View ArticleMassive Android TV Box Infection: Over 1.3 Million Devices Compromised by...
In a startling new report from Doctor Web, experts have uncovered a large-scale malware infection impacting Android-based TV boxes worldwide. The malware, dubbed Android.Vo1d, has infiltrated nearly...
View ArticleTeenager Arrested in Connection to Transport for London Cyber Attack
In a significant development in the ongoing investigation into the Transport for London (TfL) cyber attack, a 17-year-old male has been arrested in Walsall. The United Kingdomās National Crime...
View ArticleCVE-2024-35783 (CVSS 9.4): Critical-Severity Flaw Exposes Siemens Industrial...
Siemens has issued a critical security advisory regarding a remote code execution (RCE) vulnerability in several of its SIMATIC products, including SIMATIC Process Historian, SIMATIC PCS 7, and SIMATIC...
View ArticleCyber Threats Intensify in Mexico: Insights from Mandiant on Espionage and...
A new report from Mandiant revealed the increasing cyber threats faced by Mexico, with a complex mix of global espionage and local cybercrime targeting both users and enterprises. As the... The post...
View ArticleFileless Remcos RAT Campaign Leverages CVE-2017-0199 Flaw
In a newly uncovered advanced malware campaign, threat actors are using a complex, fileless approach to deliver the Remcos Remote Access Trojan (RAT), leveraging a benign-looking Excel document as...
View ArticleBeyond HTML: The Hidden Danger of Phishing in HTTP Response Headers
Unit 42 researchers from Palo Alto Networks have uncovered a wave of large-scale phishing campaigns exploiting a lesser-known technique: phishing pages delivered through the HTTP Refresh Response...
View ArticleCrimson Palace Returns: Chinese State-Sponsored Cyber Espionage Operation...
After a brief hiatus, the Crimson Palace operation, a Chinese state-directed cyber espionage campaign, has resurfaced, armed with new tactics and an expanded target list. According to the latest...
View ArticleCVE-2024-28991 (CVSS 9.0): SolarWinds Access Rights Manager RCE Flaw
In a recent security advisory, SolarWinds has disclosed two vulnerabilities affecting their Access Rights Manager (ARM) software. ARM is widely used by IT and security administrators to manage and...
View ArticleCybersecurity Alert: Python Libraries Exploited for Malicious Intent
A recent report from Xavier Mertens, a Senior ISC Handler and Freelance Cyber Security Consultant, sheds light on a concerning trend in the cyber threat landscape. Cybercriminals are increasingly...
View ArticleHackers target Apache OFBiz RCE flaw CVE-2024-45195 after PoC exploit released
According to a report from Imperva, over 25,000 malicious requests targeting 4,000 unique sites have been detected since the CVE-2024-45195 vulnerability in Apache OFBiz was disclosed. These attacks,...
View ArticleCVE-2024-8695 & CVE-2024-8696: Two Critical RCE Flaws Discovered in Docker...
Docker Desktop, the go-to application for containerized application development, has recently been found to harbor two critical security vulnerabilities that could enable remote code execution (RCE)...
View Article