CVE-2024-10470 (CVSS 9.8) in Popular WordPress Theme Exposes Thousands of Sites
A critical vulnerability, tagged as CVE-2024-10470, has been identified in WPLMS, a WordPress premium theme widely used for online course management. Security researcher István Márton at Wordfence...
View ArticleScattered Spider Spins a New Web: Detecting 0ktapus Phishing Domains
The prolific 0ktapus, also known as Scattered Spider and Starfraud, continues to evolve in its approach to phishing attacks targeting cloud-based environments. Wiz Research’s latest report sheds light...
View ArticleRoblox Developers Targeted in Supply Chain Attack with Malicious npm Packages
Socket’s threat research team recently uncovered a new attack targeting the Roblox developer community. Threat actors distributed five malicious npm packages, including node-dlls, ro.dll, and...
View ArticleBlueNoroff’s New MacOS Threat: “Hidden Risk” Targets Crypto Enthusiasts
In a disturbing revelation from SentinelLabs, North Korean-affiliated threat actors, suspected to be linked to the notorious BlueNoroff APT, are actively targeting cryptocurrency businesses and macOS...
View ArticleSilent Skimmer Reemerges: New Tactics Target Payment Gateways
Unit 42 researchers have detected renewed activity from a notorious financially motivated threat actor known as Silent Skimmer. This cybercriminal group, first identified in 2023, had seemingly faded...
View ArticleFickle Stealer: The New Rust-Based Malware Masquerading as GitHub Desktop
In a recent report by Trellix researchers Mallikarjun Wali and Sangram Mohapatro, a new Rust-based malware called Fickle Stealer has surfaced, posing a significant threat to cybersecurity. Fickle...
View ArticleResearcher Uncovers New Phishing Campaign Deploying Remcos RAT with Advanced...
Fortinet’s FortiGuard Labs has identified a sophisticated phishing campaign leveraging a new variant of Remcos RAT (Remote Administration Tool). This campaign starts with a phishing email containing a...
View ArticleRedLine Stealer Analysis: Inside a Notorious Malware-as-a-Service Operation
ESET’s deep dive into RedLine Stealer sheds light on the prolific RedLine malware, which has evolved into a full-scale Malware-as-a-Service (MaaS) operation. With its sophisticated backend and easily...
View ArticleSpyNote Malware: Fake Antivirus Targets Android Users in Sophisticated New...
The latest report from Cyfirma details the resurgence of SpyNote, a highly advanced Android malware that poses as a fake antivirus app, specifically masquerading as “Avast Mobile Security for...
View ArticleQSC Malware Framework: New Tool in CloudComputating Group’s Cyberespionage...
Kaspersky Labs has unveiled an advanced malware framework, QSC, reportedly deployed by the CloudComputating group (also known as BackdoorDiplomacy). This sophisticated tool is built with a modular,...
View ArticleFakeBat Loader Reemerges: Malicious Google Ads Target Notion Users
After a months-long hiatus, the notorious FakeBat loader, also known as Eugenloader or PaykLoader, has returned, distributing malware through a malicious Google ad impersonating Notion, a popular...
View ArticleFrag Ransomware: A New Threat Exploits Veeam Vulnerability (CVE-2024-40711)
Sophos X-Ops recently uncovered Frag ransomware in a series of cyberattacks exploiting a vulnerability in Veeam backup servers, designated CVE-2024-40711. This newly observed ransomware, deployed by a...
View ArticlePalo Alto Networks Investigates Potential Remote Code Execution Vulnerability...
Palo Alto Networks has issued an important informational bulletin regarding a potential remote code execution vulnerability in its PAN-OS management interface. While the specifics of the vulnerability...
View ArticleTor Network Thwarts IP Spoofing Attack
A coordinated attack targeting the Tor network has been neutralized thanks to the swift action of the Tor community and security researchers. In late October, the Tor Project faced a... The post Tor...
View ArticleGuLoader Campaign Targets European Industrial Sector with Evolving Evasion...
Cado Security Labs has uncovered a targeted GuLoader malware campaign aimed at European industrial and engineering companies. This campaign leverages sophisticated evasion tactics to deliver Remote...
View ArticleUnpatched Epson Devices at Risk: CVE-2024-47295 Allows Easy Hijacking
A newly discovered security vulnerability, CVE-2024-47295, affecting multiple SEIKO EPSON products, could allow attackers to take control of devices with administrative privileges. This issue arises...
View ArticleSEO Poisoning: Unmasking the Malware Networks Behind Fake E-Commerce
In a joint study with Japanese authorities and universities, Trend Micro has exposed a web of SEO malware families orchestrating fake e-commerce scams targeting Japanese users. The study highlights...
View ArticleTrojan Malware Delivered via ZIP Concatenation: A New Threat to Windows Users
Cybercriminals are always looking for new ways to bypass security defenses, and the latest tactic, as reported by Perception Point, involves using ZIP concatenation to deliver Trojan malware to...
View ArticleEarth Estries’ Evolving Toolkit: A Deep Dive into Their Advanced Techniques
Trend Micro has uncovered details about a sophisticated cyberespionage campaign from Earth Estries, also known as Salt Typhoon. Active since 2020, Earth Estries primarily targets governments and...
View ArticleXStream Security Advisory: Denial-of-Service Vulnerability (CVE-2024-47072)
A high-severity denial-of-service (DoS) vulnerability has been identified in XStream, a popular Java library used for object serialization. This vulnerability, tracked as CVE-2024-47072 with a CVSSv3...
View Article