Wish Stealer: New Malware Targets Discord, Browsers, and Cryptocurrency Wallets
CYFIRMA recently identified “Wish Stealer,” a new Node.js-based malware that targets Windows users by stealing sensitive information from Discord, web browsers, cryptocurrency wallets, and social media...
View ArticleGhostscript Update Patches Six Critical Vulnerabilities: Code Execution,...
Popular document rendering engine Ghostscript has released a critical security update addressing multiple vulnerabilities, some of which could lead to remote code execution. Ghostscript, a widely used...
View ArticleMozi Botnet Re-Emerges as Androxgh0st in New Wave of IoT Exploits
The notorious Mozi botnet, once believed to be largely defunct following law enforcement actions, has resurfaced in a powerful new avatar: Androxgh0st. CloudSEK’s recent report reveals that Androxgh0st...
View ArticleJavaScript Drive-By Attacks: New Exploits without 0-Day in Google Chrome
Security researcher Ron Masas from Imperva Threat Research has uncovered a new way attackers can target Chrome users without relying on 0-day vulnerabilities. This approach leverages the File System...
View ArticleDell Enterprise SONIC OS Patches Critical Security Vulnerabilities
Dell has released security updates for its Enterprise SONIC operating system to address multiple vulnerabilities, including critical ones that could allow attackers to compromise affected systems. The...
View ArticleVPNs and Clouds: New Tools in the APT Arsenal, ESET Warns
ESET’s latest APT Activity Report for April through September 2024 offers new insights into the evolving tactics, targets, and geographical reach of state-aligned Advanced Persistent Threat (APT)...
View ArticleCVE-2024-11068 (CVSS 9.8): Critical D-Link DSL-6740C Flaw, Immediate...
TWCERT/CC has issued multiple security advisories for the D-Link DSL-6740C modem, revealing a range of severe vulnerabilities that could expose users to remote attacks. The modem, which is no longer......
View ArticleBroadcom’s Game-Changing Move: VMware Fusion and Workstation Now Free for All...
In a surprise move, Broadcom has announced that VMware Fusion and Workstation, its popular desktop hypervisor products, are now completely free for all users. This significant shift, effective November...
View ArticleSAP Patches Multiple Vulnerabilities in November 2024 Security Patch Day
SAP has released eight new security notes and two updates to previously released notes in its November 2024 Security Patch Day, addressing critical vulnerabilities across various products. The security...
View ArticleCitrix NetScaler ADC and Gateway Vulnerabilities Put Organizations at Risk
Citrix has issued a security bulletin warning of two vulnerabilities affecting NetScaler ADC and NetScaler Gateway, products that provide application delivery and security services. The...
View ArticleCVE-2024-8068 & CVE-2024-8069: Citrix Session Recording Manager...
Security researchers at watchTowr have uncovered two critical vulnerabilities in Citrix Session Recording Manager that, when chained together, allow unauthenticated remote code execution (RCE) on...
View ArticleCVE-2024-50330 (CVSS 9.8): Unpatched Ivanti Endpoint Manager Vulnerable to...
Software company Ivanti has released urgent security updates for its Endpoint Manager to address a range of vulnerabilities, including several that could allow for remote code execution (RCE). The...
View ArticleNew PowerShell Threat: Infiltrating Networks with Advanced Techniques
In a recent discovery, Cyble Research and Intelligence Lab (CRIL) detailed a complex, multi-stage PowerShell campaign that employs several advanced techniques to infiltrate networks, maintain...
View ArticleDell SmartFabric OS10 Receives Important Security Updates
Dell Networking has released security updates for its SmartFabric OS10 operating system to address multiple vulnerabilities that could be exploited by malicious actors. The vulnerabilities affect...
View ArticleIranian “Dream Job” Campaign Targets Aerospace Industry with SnailResin Malware
ClearSky Cyber Security has recently uncovered a new Iranian campaign targeting the aerospace industry with a deceitful “dream job” scheme. This campaign, dubbed the Iranian “Dream Job” campaign,...
View ArticleMicrosoft Addresses Critical Zero-Day Vulnerabilities in November Patch Tuesday
Microsoft’s November 2024 Patch Tuesday addresses 92 vulnerabilities, including four critical and 83 deemed “important.” Notably, this release includes patches for four zero-day vulnerabilities...
View ArticleNew Critical Vulnerabilities in Kanboard Project Management Software: Admins...
Two severe vulnerabilities have been discovered in Kanboard, a project management software that adheres to the Kanban methodology. Both vulnerabilities, identified by Deutsche Telekom Security GmbH,...
View ArticleZoom Issues Security Update Addressing Vulnerabilities in Workplace and SDK Apps
Zoom Video Communications has issued a security bulletin addressing multiple vulnerabilities affecting its Workplace Apps, SDKs, and Rooms Clients across various platforms. These flaws could allow...
View ArticleApache CloudStack Releases Security Update for KVM Infrastructure...
The Apache CloudStack project has issued an important security advisory alongside the release of Long-Term Support (LTS) updates, versions 4.18.2.5 and 4.19.1.3, addressing a critical vulnerability,...
View ArticleCVE-2024-10575 (CVSS 10): Critical Flaw in Schneider Electric’s EcoStruxure...
Schneider Electric has published a security notification about a critical vulnerability in its EcoStruxure™ IT Gateway platform, which connects IT infrastructure devices to the cloud for monitoring and...
View Article