CVE-2024-10327: Okta Verify for iOS Vulnerability Could Allow Unauthorized...
A newly disclosed vulnerability in Okta Verify for iOS could allow unauthorized access to user accounts, even if the user actively denies the authentication request. The flaw, tracked as...
View ArticleSolarSys: New Trojan Framework Threatens Brazilian Banking Customers
In a recent report, 360 Security Center revealed a new threat to Brazilian banking customers with the emergence of SolarSys, a Trojan framework designed to steal sensitive data while evading... The...
View ArticleCVE-2024-9488 (CVSS 9.8): Authentication Bypass Flaw in wpDiscuz Plugin, Over...
A critical authentication bypass vulnerability has been discovered in wpDiscuz, a widely used WordPress plugin with over 80,000 active installations. This vulnerability, tracked as CVE-2024-9488 and...
View ArticleDTLS “ClientHello” Race Condition: A New Threat to WebRTC Security
Enable Security recently released a report detailing a newly discovered vulnerability in WebRTC, the open-standard technology enabling real-time communication between browsers. The vulnerability,...
View ArticleCyber-Espionage Campaign Unveiled: Operation Cobalt Whisper Hits Sensitive...
Quick Heal’s SEQRITE Labs has recently uncovered a significant cyber-espionage campaign dubbed Operation Cobalt Whisper, targeting sensitive industries in Pakistan and Hong Kong. The operation,...
View ArticleHealthcare Under Fire: HeptaX Campaign Steals and Manipulates Sensitive Data
Cyble Research and Intelligence Labs (CRIL) has recently uncovered a covert and sophisticated cyberespionage campaign dubbed “HeptaX,” which exploits Remote Desktop Protocol (RDP) settings to gain...
View ArticleBlack Basta Ransomware Group Elevates Social Engineering with Microsoft Teams...
The ReliaQuest Threat Research Team uncovered an intensified social engineering campaign tied to the ransomware group Black Basta. Known for using email spam to overwhelm users into creating legitimate...
View Article$20 Million Drained and Returned: Government Wallet Under Scrutiny
Last week, a mysterious attack targeted a cryptocurrency wallet under the control of the US government, resulting in the theft of over $20 million. However, by the following morning, the... The post...
View ArticleShahid Hemmat Hackers: $10M Reward Offered by US
The US Department of State has announced a reward of up to $10 million for information leading to the identification or location of individuals engaged in malicious cyber activities against... The post...
View ArticleWhatsUp Gold Users Beware: Critical Authentication Bypass Flaw Exposed –...
Progress Software has disclosed a severe new vulnerability in its popular network monitoring solution, WhatsUp Gold, that exposes organizations to potential cyberattacks by allowing unauthorized access...
View ArticleChrome’s App-Bound Encryption Cracked: Open-Source Tool Bypasses Security...
A newly released open-source tool has successfully decrypted keys protected by Chrome’s App-Bound Encryption, raising concerns about the long-term efficacy of this security feature. Google Chrome’s...
View ArticleIntrinsec Report: China’s Strategic Exploitation of Cybersecurity...
A recent report from Intrinsec, titled “China: Vulnerabilities as a Strategic Resource,” details how China systematically utilizes cybersecurity vulnerabilities as part of a broader national strategy....
View ArticleResearcher Details CVE-2024-38812 (CVSS 9.8): Critical RCE Flaw in VMware...
The SonicWall Capture Labs Threat Research Team has published an in-depth analysis of CVE-2024-38812, a critical heap-overflow vulnerability found in VMware vCenter Server. This vulnerability affects...
View ArticleCVE-2022-45157 (CVSS 9.1): Critical Security Flaw in Rancher Exposes vSphere...
The SUSE Rancher Security team has recently issued a high-severity advisory, CVE-2022-45157, warning users of a critical vulnerability affecting Rancher’s handling of vSphere’s Cloud Provider Interface...
View ArticleSynology Fixes Critical Vulnerabilities in Synology Photos and BeePhotos...
Synology has released security updates to address critical vulnerabilities in Synology Photos and BeePhotos, its photo management applications for network-attached storage (NAS), and personal cloud...
View ArticleFour REvil Hackers Sentenced: St. Petersburg Court Imposes Years in Penal Colony
REvil ransomware is the direct successor to the hacker operations associated with GandCrab, launching a coordinated attack in July 2021 against over 1,500 enterprises worldwide and seizing vast amounts...
View ArticleGrafana Vulnerability CVE-2024-9264: PoC Exploit Released for 9.9-Rated...
The researcher published the technical details and proof-of-concept (PoC) exploit code for CVE-2024-9264 – a critical vulnerability in Grafana—an open-source, multi-platform analytics, and...
View ArticlePSAUX Ransomware is Exploiting Two Max Severity Flaws (CVE-2024-51567,...
Three critical remote code execution (RCE) vulnerabilities impacting CyberPanel, a widely used web hosting control panel, are under active exploitation. Threat actors are leveraging these...
View ArticleAtlassian Confluence Vulnerability CVE-2023-22527 Exploited for Cryptomining
In a recently disclosed report by Trend Micro, attackers were observed exploiting a vulnerability in Atlassian’s Confluence servers (CVE-2023-22527) to hijack victim resources and harvest rewards from...
View ArticleQNAP Patches Critical Zero-Day Exploited at Pwn2Own Ireland 2024 –...
QNAP has swiftly addressed a critical zero-day vulnerability in its HBS 3 Hybrid Backup Sync software, following its successful exploitation at the recent Pwn2Own Ireland 2024 competition. The...
View Article