Glove Stealer Malware Bypasses Chrome Encryption, Steals Sensitive Data
In a recent analysis by Jan Rubín, Senior Malware Researcher at Gen Digital, a new malware known as Glove Stealer has been identified as a potent information stealer targeting a... The post Glove...
View ArticleApache Traffic Server Patches Critical Vulnerabilities in Latest Release
The Apache Software Foundation has released a security update for Apache Traffic Server, addressing three critical vulnerabilities that could leave users susceptible to a range of cyberattacks. The...
View ArticlePXA Stealer: New Malware Targets Governments and Education Across Europe and...
Cisco Talos recently identified a sophisticated cyber campaign targeting sensitive information in government and educational sectors across Europe and Asia. Operated by a Vietnamese-speaking threat...
View ArticleCVE-2024-10217 & CVE-2024-10218: TIBCO Hawk Faces Critical Security Risks
TIBCO, a prominent provider of enterprise integration and management software, has issued urgent security advisories addressing two critical vulnerabilities affecting its Operational Intelligence Hawk...
View ArticlePostgreSQL Releases Security Update Addressing Multiple Vulnerabilities
The PostgreSQL Global Development Group has issued an important update addressing four security vulnerabilities across all supported versions of the popular open-source database system. This includes...
View ArticleChinese Threat Actor SilkSpecter Exploits Black Friday Frenzy with...
In a detailed report released by the EclecticIQ Threat Research Team, cybersecurity analysts have uncovered a well-coordinated phishing campaign targeting e-commerce shoppers in the United States and...
View ArticleSafePay Ransomware: A New Threat with Sophisticated Techniques
In October 2024, Huntress analysts uncovered a previously unreported ransomware strain, dubbed SafePay, deployed across two distinct incidents. This ransomware has unique characteristics, including the...
View ArticleSonatype Nexus Repository 2 Hit By RCE (CVE-2024-5082) and XSS...
Sonatype has issued two security advisories for its Nexus Repository Manager 2.x, a popular repository manager used by organizations worldwide to store and distribute software artifacts, warning users...
View ArticleWezRat: The Modular Infostealer Weaponized by Iranian Cyber Group Emennet...
In a comprehensive analysis released by Check Point Research (CPR), the WezRat infostealer has been identified as a sophisticated tool in the arsenal of the Iranian cyber group Emennet Pasargad,... The...
View ArticlePoC Exploit Releases for Zero-Day CVE-2024-47575 Flaw in Fortinet FortiManager
Security researcher Sina Kheirkhah from watchTowr recently published technical details and a proof-of-concept (PoC) exploit for a critical zero-day vulnerability, dubbed “FortiJump” (CVE-2024-47575)....
View ArticleIntroducing Shadow Dumper: A Powerful Tool for LSASS Memory Extraction
In the world of cybersecurity, penetration testers and red teams need sophisticated tools to assess and improve an organization’s security posture. One such tool gaining traction is Shadow Dumper,...
View ArticleCritical Vulnerabilities in Citrix Virtual Apps and Desktops Actively Exploited
Two vulnerabilities in Citrix’s “Virtual Apps and Desktops” remote access solution, CVE-2024-8068 and CVE-2024-8069, are actively being exploited in the wild, according to a report from Johannes B....
View Article“Water Barghest” Botnet Hijacks 20,000 IoT Devices for Profit
Trend Micro researchers have unveiled the operations of a sophisticated botnet, dubbed “Water Barghest.” By October 2024, this threat actor had compromised over 20,000 IoT devices, leveraging them to...
View ArticleCVE-2024-0012 and CVE-2024-9474: Actively Exploited Vulnerabilities Impact...
Palo Alto Networks has issued critical advisories regarding two actively exploited vulnerabilities in their PAN-OS software, posing significant risks to organizations relying on the platform for...
View ArticleDNS Predators Exploit “Sitting Ducks” Attack to Hijack Domains and Expand...
A recent report from Infoblox Threat Intel sheds light on an underreported yet pervasive cyber threat: the “Sitting Ducks” attack, a domain hijacking technique that has enabled cybercriminals to...
View ArticleCritical Vulnerabilities Found in Baxter Life2000 Ventilation System
The Baxter Life2000 Ventilation System, a key healthcare device used in critical infrastructure sectors, has been found to contain multiple severe vulnerabilities. These issues, detailed in a recent...
View ArticleCVE-2024-31141: Apache Kafka Vulnerability Exposes User Data to Potential...
A newly discovered vulnerability in Apache Kafka, the popular open-source event streaming platform, could allow attackers to gain unauthorized access to sensitive information. The vulnerability,...
View ArticleBabbleLoader: The Polyglot Malware Evading Both Traditional and AI Defenses
In a recent analysis, security researcher Ryan Robinson from Intezer has detailed the highly sophisticated malware loader, BabbleLoader. This advanced tool deploys an arsenal of evasion techniques...
View ArticleTrio of Apache Tomcat Flaws Disclosed: Authentication Bypass, HTTP/2 Request...
The Apache Software Foundation has recently disclosed three new vulnerabilities affecting Apache Tomcat, a widely-used open-source web server and servlet container. These vulnerabilities, ranging from...
View ArticleNorth Korean Hackers Target Job Seekers with Malware-Laced Video Apps
A recent report by Unit 42 researchers uncovers a complex phishing campaign linked to a cluster of North Korean IT workers tracked as CL-STA-0237. This group used malware-infected video conference......
View Article