Apple Hits Pause on iPadOS 18 for M4 iPad Pro Amid ‘Bricking’ Fears
In an unexpected turn of events, Apple has pulled the plug on the iPadOS 18 update for its M4 iPad Pro models after a wave of user reports claiming the... The post Apple Hits Pause on iPadOS 18 for M4...
View ArticleLibreOffice Vulnerability (CVE-2024-7788): Exploit of “Repair Mode”...
In a newly disclosed security advisory, The Document Foundation has revealed a high-severity vulnerability (CVE-2024-7788, CVSS 7.8) affecting LibreOffice’s document recovery mechanism. This flaw...
View ArticleChinese Engineer Indicted for Alleged Cyber Espionage Campaign Against US...
A Chinese national, Song Wu, has been indicted on 14 counts of wire fraud and 14 counts of aggravated identity theft, stemming from an alleged multi-year spear phishing campaign to... The post Chinese...
View ArticleCyberattack on Delta Prime: Losses Soar to $6M
The Delta Prime platform fell victim to a cyberattack resulting in the theft of cryptocurrency worth approximately $6 million. Initially, losses were reported at around $4.5 million, but the damage......
View ArticleHackers Exploit Foundation Software, Exposing Sensitive Contractor Data
Recently, the cybersecurity company Huntress reported a new wave of cyberattacks targeting the widely-used Foundation Accounting Software, popular among contractors in the construction industry. Since...
View ArticleCISA Warns of Actively Exploited Apache, Microsoft, and Oracle Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to federal agencies and organizations worldwide: five newly identified security vulnerabilities are being actively...
View ArticleASUS Joins the Ranks of CVE Numbering Authorities
ASUS has been authorized by the CVE Program as a CVE Numbering Authority (CNA), marking a significant step forward in the company’s mission to integrate security into product design while... The post...
View ArticleCyberattack on Pacific Islands Forum: Chinese Hackers Suspected
The Pacific Islands Forum (PIF) Secretariat was recently targeted in a cyberattack, allegedly perpetrated by Chinese government hackers. This breach, detected in February 2024, compromised sensitive...
View ArticleFBI Warns of PRC-Linked Botnet Targeting Critical Systems, 260,000+ Devices...
A new cybersecurity threat has emerged as U.S. authorities, including the Federal Bureau of Investigation (FBI), Cyber National Mission Force (CNMF), and National Security Agency (NSA), raise alarms...
View ArticleRFC 9620: A Call for Human Rights in Internet Protocols
The Internet Research Task Force (IRTF) has released a new document, RFC 9620, aimed at drawing the attention of protocol and architecture developers to critical human rights issues. The document......
View ArticleNorth Korean Hackers Target Cryptocurrency Developers with Thiefbucket Malware
Jamf Threat Labs has uncovered a series of targeted attacks against individuals in the cryptocurrency industry, aligning with recent FBI warnings about North Korean cyber activity. The attacks employ...
View ArticleThe Safe C++ Extensions Proposal: Strengthening Security in a Complex Ecosystem
In a decisive move to address long-standing memory safety concerns, the C++ community has unveiled the Safe C++ Extensions proposal, marking a crucial moment for the language. After two years... The...
View ArticlePoC Exploit Released for CVE-2024-7965 Zero-Day Chrome Vulnerability
Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently uncovered zero-day vulnerability, CVE-2024-7965, in the V8 JavaScript engine. Analyzed by experts at...
View ArticleNext.js Vulnerability CVE-2024-46982: Cache Poisoning Exploit Threatens...
In the fast-paced world of web development, security is a constant concern, especially for platforms that power high-traffic applications like Next.js. Recently, the Next.js team has disclosed a new...
View ArticleResearchers Detail CVE-2024-38014 0-Day Vulnerability in Windows MSI...
A patched zero-day vulnerability (CVE-2024-38014) affecting Microsoft Windows MSI installers has been discovered and exploited in the wild, according to an analysis by security researcher Michael Baer...
View ArticleSophisticated Cyber Espionage: Earth Baxia Uses CVE-2024-36401 and Cobalt...
In a recent report from Trend Micro, the cyber espionage group Earth Baxia has been identified targeting government organizations in Taiwan and potentially other countries in the Asia-Pacific (APAC)...
View ArticleLinkedIn Sparks Outrage: Using User Data to Train AI Models Without Consent
LinkedIn has been thrust into the spotlight for quietly using user-generated content to train its artificial intelligence (AI) models, a move that has sparked significant backlash among its users....
View ArticleDiscord’s DAVE Protocol: Unbreakable Encryption for Your Calls
Discord has introduced a new encryption protocol, DAVE, designed to ensure complete security for audio and video calls on the platform. Users will now be able to communicate via Discord... The post...
View ArticleBianLian and Rhysida Use Azure for Ransomware Attacks
Security experts from modePUSH recently uncovered that ransomware groups such as BianLian and Rhysida are actively using tools like Microsoft Azure Storage Explorer and AzCopy to exfiltrate data from...
View ArticleStealthy Persistence: Microsoft Entra ID’s Administrative Units Weaponized
In recent research, Datadog Security Labs has shed light on a potential security risk within Microsoft Entra ID (formerly Azure Active Directory), Microsoft’s cloud-based identity and access management...
View Article