Critical WhatsUp Gold Vulnerabilities Demand Immediate Action
In a recent security bulletin, Progress Software has announced the discovery of six critical vulnerabilities affecting its popular network monitoring application, WhatsUp Gold. Organizations worldwide...
View ArticleHashiCorp Vault Flaw (CVE-2024-759): Unrestricted SSH Access Threatens System...
HashiCorp, a leading provider of infrastructure automation software, has issued a critical security advisory concerning a vulnerability in its popular secrets management tool, Vault. The flaw,...
View ArticleCritical Vulnerabilities in Kia’s Dealer Portal Expose Millions of Vehicles...
In a startling revelation that underscores the growing cybersecurity risks in the automotive industry, security researchers have uncovered critical vulnerabilities in Kia’s dealer portal that could...
View ArticleCritical WatchGuard Vulnerabilities Discovered: CVE-2024-6592 and CVE-2024-6593
Cybersecurity firm RedTeam Pentesting GmbH has disclosed two critical vulnerabilities, CVE-2024-6592 and CVE-2024-6593, in WatchGuard’s Authentication Gateway (also known as Single Sign-On Agent) and...
View ArticleSloppyLemming’s Espionage Campaign Targets South Asia
A recent report from Cloudforce One has detailed a cyber espionage campaign orchestrated by a threat actor dubbed SloppyLemming, targeting government, defense, telecommunications, and energy sectors...
View ArticleCVE-2024-43917 (CVSS 9.3): Unpatched SQLi Flaw in TI WooCommerce Wishlist...
A critical security vulnerability has been discovered in the widely-used WordPress plugin, TI WooCommerce Wishlist, potentially exposing over 100,000 websites to malicious attacks. The flaw, tracked as...
View ArticleFake WalletConnect App on Google Play Drains $70K in Crypto
In a recent investigation by Check Point Research (CPR), a sophisticated crypto scam was uncovered, leveraging a fake app impersonating the popular Web3 protocol, WalletConnect, to drain users’...
View ArticleBypassing Security: DCRat Deployed via HTML Smuggling
A recent report from the Netskope team reveals that the modular remote access trojan (RAT), DCRat (also known as Dark Crystal RAT), is being deployed using a relatively new and... The post Bypassing...
View ArticleCVE-2024-26808: PoC Exploit Shows Local Privilege Escalation Risk in Linux
In a significant development for the cybersecurity community, researchers have published technical details and a proof-of-concept (PoC) exploit for a newly identified vulnerability in the Linux kernel,...
View ArticleMultiple Vulnerabilities Discovered in PHP, Prompting Urgent Security Updates
The PHP project has recently released a security advisory, addressing several vulnerabilities affecting various versions of PHP. These vulnerabilities range from potential log tampering to arbitrary...
View ArticleLeague of Legends Fans Targeted: Beware the Lumma Stealer Lurking in Fake Ads!
As the League of Legends (LoL) World Championship captivates fans worldwide, cybercriminals are seizing the opportunity to distribute malicious software. Bitdefender Labs has uncovered a sophisticated...
View ArticleRhadamanthys Evolves: AI-Powered Crypto Theft with Version 0.7.0
The relentless evolution of malware continues with the latest iteration of Rhadamanthys Stealer, version 0.7.0, which incorporates cutting-edge AI-powered features. Released in mid-2024, this version...
View ArticleCVE-2024-22170 (CVSS 9.2): Western Digital Addresses Critical Flaw in My...
Western Digital has released a security advisory addressing a high-severity vulnerability (CVE-2024-22170) impacting a range of My Cloud devices. The vulnerability, which carries a CVSS score of 9.2,...
View ArticleTransparent Tribe APT Group’s New Arsenal: Mythic Poseidon, Linux, and C2...
A recent report by CYFIRMA sheds light on the infrastructure supporting the activities of the Advanced Persistent Threat (APT) group known as Transparent Tribe, also referred to as APT36. This... The...
View ArticlePLANET Technology Switches Face CVE-2024-8456 (CVSS 9.8), Urgent Firmware...
The Taiwan Computer Emergency Response Team (TWCERT/CC) has released a series of security advisories highlighting critical vulnerabilities affecting various PLANET Technology switch models. These...
View ArticleHadooken & K4Spreader Malware: 8220 Gang’s Latest Cloud Hijacking Tools
The notorious 8220 Gang, a China-based intrusion set first identified in 2018, continues to expand its arsenal with two new malware variants, Hadooken and K4Spreader, both of which were recently... The...
View ArticleKartLANPwn (CVE-2024-45200) Exploits Mario Kart 8 Deluxe LAN Play Feature for...
A serious vulnerability, dubbed KartLANPwn (CVE-2024-45200), has been identified in the wildly popular Nintendo game Mario Kart 8 Deluxe, putting millions of players at risk of remote code execution...
View ArticleWindows Event Logs: A Key to Unmasking Human-Operated Ransomware
Human-operated ransomware represents a particularly insidious challenge, combining sophisticated techniques with manual execution to evade traditional security measures. A new report from the Japan...
View ArticleCISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has once again raised the alarm, adding four new security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These...
View ArticleResearcher Details RCE Flaw (CVE-2024-36435) in Supermicro BMC IPMI Firmware
A newly discovered critical vulnerability, CVE-2024-36435, has been uncovered in several Supermicro enterprise products, potentially exposing organizations to significant security risks. Discovered by...
View Article