Volt Typhoon APT Group Resurfaces: A Persistent Threat to Critical...
SecurityScorecard’s STRIKE Team uncovers the resurgence of Volt Typhoon, a state-sponsored advanced persistent threat (APT) actor leveraging compromised legacy devices to target critical...
View ArticleAPT41’s LightSpy Campaign Expands with Advanced DeepData Framework in...
The BlackBerry Research and Intelligence Team has uncovered a new chapter in the LightSpy espionage campaign, marking a significant evolution in APT41’s capabilities. The China-linked cyber-espionage...
View ArticleInside China’s Cyber Threat Ecosystem: New Report Exposes State Actors
In a recent report, the Sekoia TDR team, in collaboration with cybersecurity expert Coline Chavane, dives deep into the intricacies of China’s state-sponsored cyber operations in their latest report,...
View ArticlemacOS Security Compromised: Novel Exploit Bypasses Sandbox Protections
A newly discovered vulnerability in macOS could allow attackers to bypass critical security mechanisms and gain unauthorized access to sensitive files. This revelation comes from independent security...
View ArticleTAG-112 Targets Tibetan Community via Waterholing Attack
In a recent report by the Insikt Group, cybersecurity analysts reveal how the China-nexus threat actor TAG-112 has launched a targeted cyber-espionage campaign against the Tibetan community by...
View ArticleCISA Flags Critical Exploits in Palo Alto Networks’ Expedition with Public...
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about two critical vulnerabilities in Palo Alto Networks Expedition that malicious actors are actively...
View ArticleCVE-2024-10924 (CVSS 9.8): Authentication Bypass in Really Simple Security...
The Wordfence Threat Intelligence team identified a severe authentication bypass vulnerability (CVE-2024-10924) in the Really Simple Security plugin, including its Pro and Pro Multisite versions. This...
View ArticleCritical Laravel Flaw (CVE-2024-52301) Exposes Millions of Web Applications...
A critical security vulnerability, CVE-2024-52301, has been identified in the Laravel framework, a popular web application framework known for its elegant syntax and comprehensive toolset for building...
View ArticleSynology Issues Patches for Critical Camera Flaws Discovered at Pwn2Own
Synology, a leading provider of network-attached storage (NAS) solutions, has released urgent security updates to address multiple critical zero-day vulnerabilities discovered in its camera products....
View ArticleBitfinex Hacker Sentenced to 5 Years for Massive Bitcoin Heist and Laundering...
Ilya Lichtenstein, the mastermind behind the infamous 2016 Bitfinex hack, has been sentenced to five years in prison for his role in the theft of nearly 120,000 Bitcoin, valued at... The post Bitfinex...
View ArticleCVE-2024-11120 (CVSS 9.8): OS Command Injection Flaw in GeoVision Devices...
The Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) has issued a warning about an actively exploited critical vulnerability in certain end-of-life (EOL) GeoVision devices....
View ArticlePalo Alto Networks Raises Alarm on Firewall Vulnerability Following Active...
Today, Palo Alto Networks, a leading cybersecurity firm, has issued an urgent update to a recent security advisory, raising the severity level to “Critical” after observing active exploitation of a......
View ArticlePHP Reinfector Malware Wreaks Havoc on WordPress Sites
In an in-depth investigation, Puja Srivastava, a security analyst at Sucuri, recently uncovered a sophisticated PHP reinfector and backdoor malware targeting WordPress websites, capable of reinfecting...
View ArticleCVE-2024-49369 (CVSS 9.8): Critical Flaw in Icinga 2 Allows for Impersonation...
Icinga releases urgent security updates to address a critical TLS certificate validation bypass vulnerability affecting all versions since 2.4.0. A critical vulnerability (CVE-2024-49369) has been...
View ArticleNew Melofee Backdoor Variant Targets Linux Systems with Advanced Stealth Tactics
Cybersecurity researchers from XLabs have identified a sophisticated new variant of the Melofee backdoor, a C++ malware targeting Red Hat Enterprise Linux (RHEL) 7.9 systems. Initially exposed by...
View ArticleCyber Espionage Campaign: North Korean Actors Deploy BeaverTail and...
The eSentire Threat Response Unit (TRU) recently uncovered a sophisticated attack involving the BeaverTail and InvisibleFerret malware strains. These tools, linked to North Korean threat actors,...
View ArticleZero-Day Vulnerability in FortiClient Exploited by BrazenBamboo APT
Cybersecurity firm Volexity has uncovered a zero-day vulnerability in Fortinet’s Windows VPN client, FortiClient, being exploited by the BrazenBamboo Advanced Persistent Threat (APT) group. This...
View ArticleCVE-2024-45784: Apache Airflow Vulnerability Exposes Sensitive Data in Logs
A vulnerability in the popular workflow management platform Apache Airflow could inadvertently expose sensitive configuration data, potentially compromising system security. The flaw, tracked as...
View ArticleTwo-Step Phishing Technique Leveraging Microsoft Visio Files Exposed by...
Perception Point’s latest findings have uncovered an advanced two-step phishing technique exploiting Microsoft Visio files (.vsdx) and SharePoint to launch highly deceptive credential theft campaigns....
View ArticleCVE-2024-8856: WP Time Capsule Plugin Vulnerability Exposes 20,000+ Sites to...
A high-severity vulnerability in WP Time Capsule, a popular WordPress backup plugin, has left over 20,000 websites vulnerable to complete takeover. Discovered by security researcher Rein Daelman, the...
View Article