Researcher Finds Trojanized Apps with 2 Million Downloads on Google Play
In a new report, Dr.Web’s research team has uncovered a dangerous wave of malicious apps on Google Play, revealing that over 2 million users have unwittingly downloaded trojanized applications,...
View ArticleIvanti Connect Secure, Policy Secure and Secure Access Client Affected by...
Ivanti has released urgent security updates to address a range of vulnerabilities, including critical remote code execution (RCE) flaws, in its Connect Secure, Policy Secure, and Secure Access Client...
View ArticleCISA Adds Five Actively Exploited Vulnerabilities to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog, highlighting five security flaws currently being exploited in the wild....
View ArticleChrome 131 Rolls Out with Security Fixes and Performance Enhancements
Google has released Chrome version 131, addressing a range of security vulnerabilities, including one classified as “high severity.” The new version, 131.0.6778.69 for Linux and 131.0.6778.69/.70 for...
View ArticleGoogle Cloud Enhances Transparency with Expanded CVE Reporting
Google Cloud today announced a significant step towards increased transparency in vulnerability disclosure. Effective immediately, the company will issue Common Vulnerabilities and Exposures (CVEs) for...
View ArticleCVE-2024-10914: Critical Flaw in D-Link NAS Devices Actively Exploited, No...
A critical command injection vulnerability (CVE-2024-10914) impacting numerous end-of-life D-Link network-attached storage (NAS) devices is currently under active exploitation. This vulnerability,...
View ArticleModeLeak Flaw: Researcher Uncovers Privilege Escalation & Model Exfiltration...
In a recent report, Palo Alto Networks researchers disclosed two critical vulnerabilities within Google’s Vertex AI platform that could expose organizations to serious security risks. Known as...
View ArticleNorth Korean APT Group Targets macOS with Flutter-based Malware in...
Researchers from Jamf Threat Labs have discovered multi macOS malware samples embedded within applications developed using the Flutter framework, potentially linked to North Korean Advanced Persistent...
View ArticleCVE-2024-9693: GitLab Issues Critical Patch for Kubernetes Agent
GitLab has released a critical security update addressing a high-severity vulnerability that could grant unauthorized access to Kubernetes clusters. Versions 17.5.2, 17.4.4, and 17.3.7 of both the...
View ArticleTrusted Name Weaponized: Sliver and Ligolo-ng Attack Leverages Y Combinator...
Security researchers from Threat Hunting Platform Hunt.io have uncovered a recent operation leveraging the Sliver command-and-control (C2) framework and Ligolo-ng tunneling tool. The operation aimed at...
View ArticleWIRTE: Hamas-Linked Cyber Espionage Group Now Wielding SameCoin Wiper Malware
Check Point Research recently exposed ongoing activity from WIRTE, a Hamas-affiliated cyber-espionage group, that continues despite the intensifying conflict in the Middle East. Historically focused on...
View Article2023’s Most Exploited Vulnerabilities: A Global Cybersecurity Advisory
In a joint cybersecurity advisory, the top cybersecurity agencies from the United States, Australia, Canada, New Zealand, and the United Kingdom have identified the most exploited vulnerabilities of...
View ArticleStrela Stealer Surge: Hive0145 Targets European Email Credentials
IBM’s X-Force team has identified a major surge in the distribution of Strela Stealer, a credential-stealing malware linked to the cybercriminal group Hive0145. The malware primarily targets email...
View ArticleRustyAttr Trojan: Lazarus Group’s New macOS Malware Evades Antivirus with Ease
Researchers at Group-IB have discovered a new stealth technique employed by the North Korean APT group Lazarus, targeting macOS systems through a unique code-smuggling method. Known for its...
View ArticleRight-Click to Hack: Zero-Day CVE-2024-43451 Vulnerability Targets Windows Users
ClearSky Cyber Security has uncovered a new zero-day vulnerability, CVE-2024-43451, actively exploited in the wild, targeting Windows systems primarily in Ukraine. This flaw enables attackers to...
View ArticleEmmenhtal Loader’s Stealthy Tactics for Delivering Lumma and Other Malware
Threats are evolving fast, with attackers constantly refining their techniques to slip past defenses. One of these potential threats is Emmenhtal, a malware loader that employs LOLBAS (Living Off...
View ArticleGoogle Boosts Real-Time Protection Against Scams and Malware on Android Devices
Pixel users are the first to benefit from new AI-powered security features in Phone by Google and Google Play Protect. Google has announced a suite of new real-time security features... The post Google...
View ArticleCVE-2024-10571 (CVSS 9.8): Critical Flaw in WordPress Chart Plugin Under...
Administrator websites are facing a new threat as attackers actively exploit a critical vulnerability in the popular Chartify – WordPress Chart Plugin. This plugin, with over 2,000 active...
View ArticleBitdefender Releases Decryptor for ShrinkLocker Ransomware
In a world where ransomware has evolved to use complex encryption algorithms, ShrinkLocker—a newly discovered ransomware variant—takes a retro approach. Martin Zugec, a security researcher at...
View ArticleLodaRAT Strikes Again: New Campaign Targets Global Victims with Updated...
Researchers at Rapid7 have uncovered a fresh campaign using LodaRAT, a well-known remote access tool (RAT) that has been active since 2016. Initially developed for information gathering, LodaRAT has...
View Article