Ethereum Smart Contracts Enable Evasive C2 in New Supply Chain Attack
A recent report from the Checkmarx Security Research Team reveals a sophisticated supply chain attack targeting the NPM ecosystem. The attack involves a malicious package, jest-fet-mock, which uses...
View ArticleVEILDrive: A Novel Attack Exploits Microsoft Services for Command & Control
The cybersecurity team at Hunters, AXON, recently uncovered an ongoing threat campaign called VEILDrive that leverages Microsoft services for command and control (C2). Utilizing Microsoft’s SaaS...
View ArticleContagious Interview & WageMole: North Korea’s New Cyber Espionage Campaigns
In a recent report, Zscaler ThreatLabz uncovers the creative yet deceptive strategies used by North Korean threat actors to infiltrate Western job markets. Through two interconnected...
View ArticleNew Privilege Escalation Vulnerability in Veritas NetBackup on Windows:...
Veritas has issued a security advisory addressing a significant privilege escalation vulnerability impacting its NetBackup software on Windows systems. This vulnerability, which affects NetBackup’s...
View ArticleNew “CRON#TRAP” Campaign Exploits Emulated Linux Environments to Evade Detection
The Securonix Threat Research team has exposed a sophisticated malware campaign dubbed “CRON#TRAP,” which stages attacks within a lightweight emulated Linux environment. By leveraging legitimate tools...
View ArticleCybercriminals Exploit DocuSign API to Send Convincing Phishing Invoices at...
In a sophisticated twist on phishing, cybercriminals are now leveraging DocuSign’s API to send fraudulent invoices that appear alarmingly authentic, according to a new report from Wallarm security...
View ArticleCVE-2024-42509 (CVSS 9.8): Critical Vulnerability Exposes Aruba Access Points...
HPE Aruba Networking has issued a security advisory warning of multiple critical vulnerabilities affecting Access Points running Instant AOS-8 and AOS-10. The company has released patches addressing...
View ArticleBengal Cat Lovers in Australia Targeted by Gootloader Malware
Bengal cat enthusiasts in Australia have become the latest victims of a targeted Gootloader campaign that uses SEO poisoning to spread malware. According to a recent report by Sophos X-Ops,... The post...
View ArticleKaspersky Labs Uncovers SteelFox Trojan: 11,000+ Devices Infected
Cybersecurity researchers at Kaspersky Labs uncovered a dangerous new trojan named “SteelFox,” which has been affecting users worldwide by masquerading as popular software activators. The sophisticated...
View ArticleOngoing Phishing Attack in LATAM Region
A sophisticated phishing campaign is currently targeting users in the Latin America (LATAM) region. Cybercriminals are employing a multi-layered approach to bypass security measures and deceive victims...
View ArticleCVE-2024-40715: Authentication Bypass Threat in Veeam Backup Enterprise Manager
Veeam recently disclosed a new security vulnerability, tracked as CVE-2024-40715, that impacts Veeam Backup Enterprise Manager. With a CVSS score of 7.7, this flaw is classified as a high-severity...
View ArticleCVE-2024-20536: Cisco NDFC Vulnerability Grants Attackers Extensive Control
In a recent security advisory, Cisco disclosed a high-severity SQL injection vulnerability, designated as CVE-2024-20536 (CVSS 8.8), affecting specific versions of its Nexus Dashboard Fabric Controller...
View ArticleNew Rhadamanthys Stealer Rhadamanthys.07 Mimics Copyright Notices to Phish...
Check Point Research recently uncovered a large-scale phishing campaign exploiting a new version of the Rhadamanthys Stealer, dubbed “Rhadamanthys.07.” This sophisticated malware, designed to extract...
View ArticleWinos4.0 Malware Spread Through Game Apps Targets Education Sector
The advanced Winos4.0 malware framework has been found targeting unsuspecting users through game-related applications, according to a report by FortiGuard Labs. Disguised as innocuous software like...
View ArticleApache ZooKeeper Security Alert: Important Flaw Impacts Admin Server...
Apache ZooKeeper, the widely used centralized service for managing configuration and synchronization across distributed applications, has recently issued a security advisory regarding a significant...
View ArticleBeware Python Developers: Malicious ‘fabrice’ Package Steals AWS Credentials...
In a concerning development for Python developers and cloud administrators, The Socket Research Team has identified a malicious package, fabrice, masquerading as the legitimate and widely used fabric...
View ArticleCISA Expands KEV Catalog with Four Actively Exploited Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an updated advisory regarding four security vulnerabilities actively exploited in the wild. These vulnerabilities, now included in...
View ArticleGodFather Malware Now Targets 500+ Banking and Crypto Apps
The GodFather malware has expanded its scope, now targeting over 500 banking and cryptocurrency applications across various regions worldwide, according to a report by Cyble Research and Intelligence...
View ArticleCVE-2024-10914 (CVSS 9.2): Command Injection Flaw Threatens 61,000+ D-Link...
A critical vulnerability, CVE-2024-10914, has been identified in D-Link NAS devices, posing a severe risk to over 61,000 systems worldwide. The flaw, a command injection vulnerability in the...
View ArticleFrom Fake Updates to Data Exfiltration: Inside Interlock Ransomware’s Operations
Cisco Talos Incident Response (Talos IR) has recently unveiled a concerning new threat in the cybersecurity landscape: Interlock ransomware. This attack, which Talos categorizes as “big-game hunting,”...
View Article