CVE-2024-50387: Critical QNAP Flaw Exploited in Hacking Contest, Patch Now!
In a thrilling showdown at the recent Pwn2Own Ireland 2024 hacking competition, white hat hackers YingMuo (@YingMuo), in collaboration with the DEVCORE Internship Program, successfully exploited a...
View ArticleMicrosoft Boosts Email Security with General Availability of Inbound SMTP...
Microsoft announced the general availability of Inbound SMTP DANE with DNSSEC for Exchange Online, marking a significant step forward in email security. This powerful feature combines two robust...
View ArticleDetecting Lateral Movement Risks in Microsoft Entra ID’s Cross-Tenant...
In a recent blog post, Lina Lau, founder and hacker at @xintraorg, shed light on the potential risks of Microsoft Entra ID’s cross-tenant synchronization feature, introduced in March 2023. While... The...
View ArticleFrom Gmail to Google Drive: How Evasive Panda Exploits Cloud Services with...
In a recent discovery, ESET researchers unveiled “CloudScout,” a sophisticated cyberespionage toolset employed by the advanced persistent threat (APT) group called Evasive Panda. This China-aligned...
View ArticleUncovering a New Persistence Technique: TypeLib Hijacking with Explorer.exe
A new persistence method has been found by Michael Zhmailo from MTS Innovation Center’s CICADA8 team. This method involves hijacking TypeLib libraries within the Windows Component Object Model (COM)...
View ArticleInterlock Ransomware: New Threat Targets Windows & FreeBSD
A new ransomware group dubbed “Interlock” has emerged, setting its sights on both Windows and FreeBSD operating systems. This multi-platform approach signals a concerning trend in the ransomware...
View ArticleResearcher Exposes Critical Vulnerabilities in Google Cloud
In a recent in-depth analysis, Christophe Tafani-Dereeper, a prominent Cloud Security Researcher at DATADOG, highlights critical vulnerabilities within Google Cloud’s default service accounts that put...
View ArticleOver 6 Million Sites at Risk: Severe Privilege Escalation Flaw CVE-2024-50550...
Rafie Muhammad, a Security Researcher at Patchstack, reveals a severe security vulnerability in the LiteSpeed Cache plugin—a popular WordPress caching plugin with over six million active installations....
View ArticleSophisticated Phishing Campaign Linked to North Korea Targets Apple and Naver...
In a recent report, Hunt researchers uncovered a sophisticated phishing campaign suspected to be linked to North Korean threat actors, primarily targeting users of Naver, South Korea’s largest tech...
View ArticleCVE-2024-48074: RCE Flaw Discovered in DrayTek Vigor2960 Routers, PoC Published
Security researchers have uncovered a critical remote code execution (RCE) vulnerability in DrayTek Vigor2960 routers, a popular choice for businesses requiring a robust VPN solution. The...
View ArticleServiceNow Patches Critical Sandbox Escape Vulnerability – CVE-2024-8923...
ServiceNow, a leading cloud-based enterprise platform, has recently addressed two significant vulnerabilities, CVE-2024-8923 and CVE-2024-8924, which posed serious risks to organizations using its Now...
View Article14-Year Vulnerability in qBittorrent Leaves Millions Exposed to RCE Attacks
Sharp Security has unveiled a critical vulnerability that has lingered in the popular torrent client qBittorrent for over 14 years, leaving countless users exposed to potential cyberattacks. The flaw,...
View ArticleBackBox Linux 9 “Noble Numbat” Released
The BackBox Team has just unleashed the latest iteration of their popular penetration testing and security auditing platform, BackBox Linux 9, codenamed “Noble Numbat.” This release is packed with...
View ArticleCVE-2024-43383: Critical Flaw in Apache Lucene.NET Exposes Users to Remote...
Developers using Apache Lucene.NET are urged to update their systems immediately following the discovery of a serious security flaw that could allow attackers to remotely execute malicious code. The...
View ArticleCVE-2024-10392 (CVSS 9.8): Popular WordPress AI Plugin Exposed to Critical...
Website owners using the AI Power: Complete AI Pack plugin are urged to update to the latest version immediately to patch a critical vulnerability that could lead to complete site... The post...
View ArticleOperation Magnus Dismantles RedLine and META Infostealer Networks
The U.S. Department of Justice, in collaboration with international law enforcement agencies, has disrupted the operations of RedLine and META, two of the world’s most prevalent “infostealers.” These...
View ArticleSupply Chain Attack on Popular Animation Library Lottie-Player Targets Web3...
In a sophisticated supply chain attack, malicious actors infiltrated the widely-used JavaScript library lottie-player, injecting code that opens a Web3 wallet connection prompt on legitimate websites....
View ArticleCritical Vulnerability in Waitress WSGI Server: CVE-2024-49768 – What You...
The Pylons Project has released a crucial security advisory addressing a vulnerability in the Waitress WSGI server, tracked as CVE-2024-49768. This vulnerability, assigned a CVSS score of 9.1,...
View ArticleNorth Korean Threat Group “Jumpy Pisces” Linked to Play Ransomware Attack
Unit 42, the threat intelligence team at Palo Alto Networks, has uncovered a disturbing new trend in the cybercrime landscape: North Korean state-sponsored hackers are collaborating with ransomware...
View ArticleHikvision Patches Security Flaw in Network Cameras, Preventing Cleartext...
Hikvision, a leading provider of network cameras and surveillance systems, has released firmware updates to address a security vulnerability that could expose users’ Dynamic DNS credentials. The...
View Article