Telegram: The Dark Horse of Website Malware Attacks
Telegram, the messaging platform known for its emphasis on privacy and security, has been revealed as a surprisingly potent tool in the hands of cybercriminals. A new in-depth analysis by Krasimir...
View ArticleCVE-2024-35204: Veritas System Recovery Vulnerability Puts Data at Risk
A recent security advisory from Veritas has unveiled a high-severity vulnerability in their Veritas System Recovery software. Designated as CVE-2024-35204, this vulnerability has been assigned a CVSS...
View ArticleCVE-2024-32850 (CVSS 9.8): Critical Flaw in SkyBridge Routers Exposes...
A high-severity security flaw has been discovered in multiple models of Seiko Solutions’ SkyBridge routers, potentially leaving thousands of businesses and individuals vulnerable to cyberattacks. The...
View ArticleBlueDelta: GRU-Linked Cyber Espionage Group Targets Critical European Networks
In a new report, cybersecurity firm Insikt Group has exposed a sophisticated cyber espionage campaign orchestrated by BlueDelta, a threat group with suspected ties to Russia’s GRU military intelligence...
View ArticleCVE-2024-3820 (CVSS 10) in wpDataTables Puts 70,000 WordPress Sites at Risk
A critical security vulnerability has been discovered in wpDataTables, a widely-used WordPress plugin for creating tables and charts. The flaw, tracked as CVE-2024-3820 and rated with a maximum...
View ArticleHugging Face Spaces Platform Hit by Unauthorized Access
Hugging Face, a leading provider of open-source machine learning and AI tools, has disclosed a recent security breach affecting its Spaces platform. The incident, which was detected last week, involved...
View Article13,800+ Check Point Gateways Exposed: 0-Day CVE-2024-24919 Flaw Under Attack
Censys data reveals over 13,800 internet-exposed Check Point gateways, with a significant majority being Quantum Spark Appliances aimed at small and medium-sized businesses, that may be vulnerable to...
View ArticleCVE-2024-29415: Popular Node.js Package ‘node-ip’ Exposes Millions to...
A significant security vulnerability has been uncovered in the widely-used node-ip npm package, which is designed to retrieve a computer’s IPv4 addresses via a simple command-line tool. This package,...
View ArticlePatch Now to Avoid Apache OFBiz Remote Code Execution – CVE-2024-36104
The Apache Software Foundation has issued a critical security patch to address a severe vulnerability in Apache OFBiz, a popular open-source enterprise automation platform. The flaw, tracked as...
View ArticleWave of Attacks on WordPress: Urgent Update for WP Statistics, WP Meta SEO,...
WordPress, the world’s most popular content management system, is facing a wave of targeted attacks exploiting critical vulnerabilities in several plugins. The Fastly Security Research Team has issued...
View ArticleCVE-2024-5404: Critical Vulnerability Found in moneo IIoT Platform
Germany’s CERT@VDE has issued a high-severity security advisory concerning a critical vulnerability in the Moneo IIoT platform developed by ifm electronic GmbH. The platform, which is designed to...
View ArticleExcel File Unleashes Sophisticated Cobalt Strike Cyberattack
FortiGuard Labs has recently unveiled a sophisticated cyberattack that leverages an Excel file embedded with a VBA macro to deploy a DLL file. This multi-stage malware strategy ultimately delivers the...
View ArticleCVE-2024-3584: Critical Path Traversal Flaw Exposes Qdrant Vector Database to...
A critical vulnerability has been uncovered in Qdrant, a popular open-source vector similarity search engine widely used for neural network-based matching and semantic search applications. Tracked as...
View ArticleClearFake Campaign Employs Novel Social Engineering Tactic to Deliver LummaC2...
Recently, the ReliaQuest Threat Research Team has unveiled a new execution technique used in the ongoing ClearFake campaign. This JavaScript framework, previously known for its drive-by downloads and...
View ArticleCVE-2024-21512: MySQL2 Vulnerability Puts Millions of Downloads at Risk
MySQL2, a popular MySQL client library for Node.js with over 2 million monthly downloads, has been found to contain a severe security vulnerability that could leave countless applications at risk....
View ArticlemacOS Root Access Exploit: PoC Code for CVE-2024-27822 Released
A security researcher has published details and proof-of-concept (PoC) code for a macOS CVE-2024-27822 vulnerability that could be exploited to gain root privileges. The security defect was identified...
View ArticleUrgent Security Update for Zyxel NAS Devices: Patches Available for Critical...
Zyxel has released critical security patches for two of its Network Attached Storage (NAS) devices, NAS326 and NAS542, addressing severe vulnerabilities that could allow attackers to execute code...
View ArticleAzure Service Tags Vulnerability Exposes Cloud Services to Potential Attacks
In a recent disclosure, Tenable Research has uncovered a significant vulnerability within Microsoft Azure’s Service Tags functionality. This flaw could enable malicious actors to circumvent firewall...
View ArticleCVE-2024-27348: Apache HugeGraph RCE Vulnerability, PoC Exploit Published
The Apache Software Foundation has issued a critical security advisory warning users of a remote code execution (RCE) vulnerability in its popular graph database, HugeGraph. Tracked as CVE-2024-27348,...
View ArticleTripwire Enterprise Faces Critical Authentication Bypass Flaw (CVE-2024-4332)
Fortra, a leading cybersecurity solutions provider, has issued a security advisory for Tripwire Enterprise, its flagship configuration control solution. The advisory details a critical vulnerability,...
View Article