Rittal IoT Interface and CMC III Processing Unit Plagued by Critical Security...
Rittal, a leading provider of industrial automation solutions, has addressed multiple vulnerabilities in their IoT Interface and CMC III Processing Unit. Discovered by Johannes Kruchem of SEC Consult...
View Article“ErrorFather” Campaign Drops Undetected Cerberus Android Banking Trojan
A recent report from Cyble Research and Intelligence Labs (CRIL) has unveiled a dangerous new campaign called ErrorFather, which utilizes a previously undetected version of the infamous Cerberus...
View ArticleCVE-2024-9634 (CVSS 9.8): Critical GiveWP Flaw Exposes 100,000+ WordPress...
A critical security vulnerability (CVE-2024-9634) has been discovered and patched in GiveWP, a popular WordPress donation plugin with over 100,000 active installations. The flaw, a PHP Object Injection...
View ArticleSideWinder APT: A Decade of Evolution and Global Expansion
The SideWinder Advanced Persistent Threat (APT) group, also known as T-APT-04 or RattleSnake, has been a relentless actor in the global cyber espionage landscape since its emergence in 2012. Though......
View Article“Command-Jacking”: New Supply Chain Attack Hijacks CLI Tools
In a report by Yehuda Gelb and Elad Rapoport from the Checkmarx Security Research Team, a new supply chain attack technique has been uncovered that could compromise the integrity of... The post...
View ArticleLinux Systems Vulnerable to New ‘noexec’ Bypass Technique: Arbitrary Code...
Security researchers have unveiled a novel technique that allows attackers to bypass the ‘noexec’ flag in Linux systems, potentially enabling the execution of malicious code even on partitions...
View ArticleCVE-2024-9486 (CVSS 9.8): Kubernetes Image Builder Flaw Exposes VMs to Root...
The Kubernetes Security Response Committee has disclosed two security vulnerabilities (CVE-2024-9486 and CVE-2024-9594) in the Kubernetes Image Builder that could allow attackers to gain root access to...
View ArticleHORUS Protector: The New Undetectable Malware Crypter Threatening Cybersecurity
In a recent discovery by the SonicWall Capture Labs threat research team, a new malware crypter known as “HORUS Protector” has emerged, presenting a significant threat to cybersecurity defenses....
View ArticleNorth Korean IT Worker Schemes Evolve: From Salary Scams to Cyber Extortion
A new report from Secureworks® Counter Threat Unit™ (CTU) researchers has revealed a disturbing escalation in the tactics used by North Korean government-linked actors who fraudulently secure IT jobs...
View ArticleSpring Framework Vulnerability CVE-2024-38819: Path Traversal Risk in Web Apps
A newly disclosed path traversal vulnerability, tracked as CVE-2024-38819, has been found in the widely used Spring Framework. This vulnerability, which has been assigned a CVSS score of 7.5, poses......
View ArticleFrom Windows to Linux to ESXi: The Cicada3301 Ransomware Hits Them All
A sophisticated ransomware group, Cicada3301, has rapidly risen to prominence in the cybercrime landscape, targeting critical infrastructure sectors across the globe. First identified in June 2024, the...
View ArticleF5 BIG-IP Vulnerability (CVE-2024-45844): Access Control Bypass Risk, PoC...
A critical vulnerability has been identified in F5 BIG-IP, a popular network traffic management and security solution. The vulnerability, tracked as CVE-2024-45844 and assigned a CVSSv4 score of 8.6...
View ArticleUAT-5647 Unleashes RomCom Malware in Attacks on Ukraine and Poland
In a sophisticated and persistent cyber campaign, the UAT-5647 threat actor group, known for its ties to Russian-speaking adversaries, has launched a series of targeted attacks against Ukrainian...
View ArticleSolarWinds Web Help Desk Hit With Critical RCE Flaw (CVE-2024-28988, CVSS 9.8)
SolarWinds, a major provider of IT management software, has issued a security advisory addressing a severe vulnerability in its Web Help Desk (WHD) platform. The vulnerability, tracked as...
View ArticlePatch Now! Grafana Hit by 9.9 Severity RCE Vulnerability (CVE-2024-9264)
A critical security vulnerability (CVE-2024-9264) has been discovered in Grafana, the popular open-source platform for monitoring and observability. This vulnerability, with a CVSS v3.1 score of 9.9,...
View ArticleCybercriminal Arrested in Connection with SEC X Account Hack That Manipulated...
The U.S. Department of Justice announced the arrest of Eric Council Jr., a 25-year-old from Athens, Alabama, for his alleged role in a cyberattack that rocked the cryptocurrency market earlier... The...
View ArticleCritical Vulnerabilities in Bitdefender Total Security Expose Users to...
Bitdefender, a leading global cybersecurity technology company, has issued an urgent advisory regarding three critical vulnerabilities discovered in the HTTPS scanning feature of its Total Security...
View ArticleHikvision HikCentral Master Lite and Professional Affected by Multi...
Hikvision, a leading provider of AIoT and video surveillance solutions, has disclosed three vulnerabilities affecting its HikCentral Master Lite and HikCentral Professional software. These flaws could...
View ArticleInfostealers Use Telegram Bots for Data Exfiltration, Exploiting a Growing...
Cybercriminals are increasingly leveraging Telegram as a platform not only for communication but also as a server for exfiltrating sensitive data stolen by infostealer malware. According to a recent...
View ArticleCVE-2024-48914 (CVSS 9.1): Critical File Read Flaw Discovered in Vendure...
Vendure, a popular open-source headless commerce platform, has patched a critical security vulnerability that could allow attackers to read arbitrary files from the server, potentially exposing...
View Article