Hadooken Malware: A New Threat to WebLogic Servers
Cybersecurity researchers at Aqua Nautilus have discovered a new Linux malware strain, dubbed “Hadooken,” that is specifically targeting Oracle WebLogic servers. This sophisticated malware employs a...
View ArticleExploit Kits, Cryptominers, Proxyjackers: The New Face of Selenium Grid Abuse
Researchers at Cado Security Labs have uncovered two malicious campaigns that exploit misconfigured instances of Selenium Grid. Once a trusted tool for browser automation and testing, Selenium Grid has...
View ArticleCritical Flaws Found in VICIdial Contact Center Suite: CVE-2024-8503 and...
In a concerning development for call centers using VICIdial, a popular open-source contact center solution, two high-severity security vulnerabilities have been discovered that could lead to severe...
View ArticleTenable Exposes Critical “CloudImposer” Vulnerability in Google Cloud...
A critical vulnerability in Google Cloud Platform (GCP) Composer, discovered by security researchers at Tenable, could have enabled remote code execution on millions of servers, underscoring the...
View ArticleKiosk Mode Attack: New Cyber Threat Steals Browser Credentials
Cybersecurity researchers at OALabs have identified a new attack method actively exploited by cybercriminals to steal user credentials through web browsers. The technique involves tricking victims into...
View ArticleCISA Flags Two Actively Exploited Vulnerabilities: Critical Threats to...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning, adding two actively exploited security flaws to its Known Exploited Vulnerabilities (KEV) catalog, urging...
View ArticleFaraday: Open Source Vulnerability Management Platform
In today’s complex cybersecurity landscape, security teams face the dual challenge of uncovering new vulnerabilities and efficiently managing remediation efforts. Faraday emerges as a powerful...
View Article166k+ Projects at Risk: AutoGPT’s Critical Vulnerability Explained –...
A significant security vulnerability has been discovered in AutoGPT, a powerful AI tool designed to automate tasks through intelligent agents. With over 166k stars on GitHub, AutoGPT has gained...
View ArticleZero-Click Calendar Invite: Critical macOS Vulnerability Chain Uncovered
In a recent analysis, security researcher Mikko Kenttälä exposed a critical zero-click vulnerability chain in macOS, potentially affecting millions of users. This exploit, dubbed the “Zero-Click...
View ArticlePoC Exploit Released for Windows Hyper-V Zero-Day Vulnerability CVE-2024-38080
Security researcher Pwndorei published a detailed analysis alongside a proof-of-concept (PoC) exploit code for a patched zero-day vulnerability in Windows Hyper-V, tracked as CVE-2024-38080. This...
View ArticleCybercriminals Target US-Taiwan Defense Industry Conference with Stealthy...
In a concerning development, Cyble Research and Intelligence Labs (CRIL) has uncovered a sophisticated cyberattack aimed at individuals associated with the upcoming US-Taiwan Defense Industry...
View ArticleCVE-2024-38812: VMware’s 9.8 Severity Security Nightmare
In a recent security advisory from Broadcom, VMware disclosed a critical vulnerability in its vCenter Server platform that has the potential to impact organizations globally. Identified as...
View ArticleWooCommerce Skimmer Employs Stealthy Tactics to Pilfer Card Data
In a detailed report by Ben Martin, a security analyst at Sucuri, a new and sophisticated credit card skimming technique targeting WooCommerce stores has been uncovered. This novel approach uses... The...
View ArticleUNC2970’s Backdoor Deployed via Trojanized PDF Reader Targets Critical...
Mandiant has unveiled a new wave of cyber-espionage attacks orchestrated by the North Korea-linked group UNC2970. This group has recently employed a sophisticated method to deliver a custom backdoor...
View ArticlePoC Exploit Releases for Unauthenticated RCE CVE-2024-40711 in Veeam Backup &...
In a major revelation for cybersecurity professionals, security researcher Sina Kheirkhah (@SinSinology) of watchTowr has published an analysis and proof-of-concept (PoC) exploit for CVE-2024-40711, a...
View ArticleCybercriminals Exploit CAPTCHA to Deliver Malware: Experts Issue Warning
Security professionals are sounding the alarm about a novel cyberattack vector: the use of counterfeit CAPTCHA tests to distribute malware on Windows devices. Users are urged to exercise increased...
View ArticleCritical Flaws in Red Hat OpenShift: CVE-2024-45496 (CVSS 9.9) &...
Red Hat OpenShift, the industry-leading hybrid cloud platform, known for its robust security features and trusted by over 3,000 customers, including a significant portion of the Global Fortune 500,...
View ArticleGitLab Releases Critical Security Patch for CVE-2024-45409 (CVSS 10)...
GitLab has issued an urgent security update addressing a critical vulnerability that affects both GitLab Community Edition (CE) and Enterprise Edition (EE). The flaw, identified as CVE-2024-45409,...
View ArticleCISA Warns of Actively Exploited Adobe Flash Player Vulnerabilities
In a move that underscores the persistent threat of legacy software vulnerabilities, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four critical Adobe Flash Player flaws to...
View ArticleMicrosoft Confirms CVE-2024-37985 as Zero-Day Bug in Windows
Today, Microsoft Security Response Center (MSRC) updated its security advisory to mark CVE-2024-37985 which was disclosed on 09 July 2024, as a zero-day vulnerability. This flaw has been classified...
View Article