EMERALDWHALE Operation Exposes Over 15,000 Cloud Credentials in Widespread...
The Sysdig Threat Research Team (TRT) has uncovered a global operation, EMERALDWHALE, that has led to the theft of over 15,000 cloud credentials by exploiting exposed Git configuration files. The......
View ArticleCVE-2024-9632: 18-Year-Old Bug in X.Org Server Leaves Systems Vulnerable to...
A high-severity vulnerability was found in the X.Org Server, the popular display server for Linux and other Unix-like operating systems. Tracked as CVE-2024-9632, this flaw has been lurking in the......
View ArticleFakeCall Malware: Sophisticated Vishing Attack Targets Mobile Users in...
The zLabs team at Zimperium has issued an alert on a new variant of the FakeCall malware, a vishing (voice phishing) threat that targets mobile banking users through fraudulent phone... The post...
View ArticleCryptocurrency Users Targeted by Invasive New Malware Campaign
In a concerning development, cryptocurrency enthusiasts are facing a new and highly invasive malware campaign aimed at draining their wallets and stealing sensitive data. Security researcher Yehuda...
View ArticleIranian Cyber Group Emennet Pasargad’s Expanding Operations Targeting Global...
A joint cybersecurity advisory from the FBI, U.S. Department of Treasury, and Israel National Cyber Directorate has revealed new tactics employed by the Iranian cyber group Emennet Pasargad (operating...
View ArticlePoC Exploit Releases for Critical Flaw in Synology TC500 and BC500 Camera to...
Synacktiv’s cybersecurity researcher Baptiste MOINE has uncovered a critical format string vulnerability in the Synology TC500 security camera, running on an ARM 32-bit architecture. This flaw,...
View ArticleCVE-2024-38094 Exploited: Attackers Gain Domain Access via Microsoft...
A recent report from Rapid7’s Incident Response team reveals a serious compromise of a Microsoft SharePoint server that enabled an attacker to gain entire domain access, impacting critical systems...
View ArticlePythonRatLoader: The Malware Loader That’s Turning Phishing Into a...
A recent report by Adam Martin and Kian Buckley Maher from the Cofense Phishing Defense Center (PDC) has revealed a sophisticated malware loader, PythonRatLoader, that is being used to distribute......
View ArticleLUNAR SPIDER Resurfaces: Financial Sector Targeted in Latest Malvertising...
The EclecticIQ Threat Research Team recently unveiled a new malvertising campaign linked to the notorious LUNAR SPIDER group, a Russian-speaking, financially motivated cybercriminal organization known...
View ArticlePoC Exploit Releases for Spring WebFlux Authorization Bypass – CVE-2024-38821
The researcher published the technical details and a proof-of-concept (PoC) exploit for CVE-2024-38821 (CVSS 9.1). This vulnerability, affecting versions of Spring WebFlux, allows attackers to access...
View ArticleKDE Sets Sights on New Horizons with “Project Banana” Linux Distro
The KDE community, renowned for its innovative and user-friendly Plasma desktop environment, has dropped an announcement at this year’s Akademy conference: the development of a fully-fledged,...
View ArticleCVE-2024-46538: Unpatched XSS Flaw in pfSense Allows Remote Exploits, PoC...
A recently discovered cross-site scripting (XSS) vulnerability in pfSense v2.5.2 has been identified, posing a significant security risk that could allow attackers to execute arbitrary web scripts or...
View ArticleQNAP Patches Zero-Day Flaw CVE-2024-50389 in QuRouter Following Pwn2Own...
Taiwanese tech giant QNAP has moved quickly to address a critical zero-day vulnerability in its QuRouter network security appliance, exploited by security researchers during the recent Pwn2Own hacking...
View ArticleU.S. Soccer Federation Discloses Data Security Incident
The U.S. Soccer Federation has announced a data security incident that may have exposed the personal information of some fans and employees. On October 29, 2024, the organization issued a... The post...
View ArticleBeware of chalk-node: Malicious Package Steals Developer Data
A new threat lurking in the npm repository is exploiting the common typosquatting technique to trick developers into installing malware designed to siphon off sensitive data. Security researchers at...
View ArticleCritical Vulnerabilities Found in Rockwell Automation FactoryTalk ThinManager
Rockwell Automation recently disclosed critical vulnerabilities in their FactoryTalk ThinManager product, which could have serious implications for industrial automation systems. Two main...
View ArticleObfuscated JavaScript and WebDAV: Strela Stealer’s New Tools for Credential...
A recent report from Cyble Research and Intelligence Labs (CRIL) highlights a sophisticated phishing campaign deploying Strela Stealer, a malware designed to exfiltrate sensitive data from compromised...
View ArticleZoneMinder’s CVE-2024-51482: A 10/10 Severity Vulnerability Exposes SQL...
A newly identified security vulnerability in ZoneMinder, a popular open-source video surveillance platform, could allow attackers to gain control over SQL databases, compromising data confidentiality...
View ArticleStorm-0940 and CovertNetwork-1658: Insights into Chinese Cyberattack...
In recent findings, Microsoft Threat Intelligence has identified a concerning escalation in the activity of a Chinese state-affiliated threat actor, Storm-0940. This group, active since at least 2021,...
View ArticleBeyond Keylogging: HookBot’s Advanced Techniques for Data Theft
Netcraft’s latest research details HookBot, a sophisticated Android-based banking Trojan that’s steadily advancing its footprint in the cybercrime world. First identified in 2023, HookBot has rapidly...
View Article