UNC1151 Escalates Cyber Warfare: Attacks Target Ukrainian Defense Infrastructure
Cyble Research and Intelligence Labs (CRIL) has uncovered a sophisticated cyber campaign linked to the threat actor group UNC1151, known for its ties to the Belarusian government and its involvement in...
View ArticleCVE-2024-34331: Parallels Desktop Vulnerability Gives Root to Hackers, PoC...
Security researcher Mykola Grymalyuk published the technical details and a proof-of-concept (PoC) exploit code for a vulnerability (CVE-2024-34331) in Parallels Desktop for Mac, a popular...
View ArticleApache Wicket Addresses Critical RCE Vulnerability (CVE-2024-36522)
The Apache Wicket Project Management Committee (PMC) has released security updates for their widely-used Java web application framework, addressing a critical remote code execution vulnerability...
View ArticleProof-of-Concept Code Released for Linux Kernel Exploit
An independent security researcher published the technical details and a proof-of-concept (PoC) code for a vulnerability, identified as CVE-2023-3390, which has been discovered in the Linux kernel,...
View ArticleTikTok Hit by Zero-Day Attack: High-Profile Accounts Compromised
In a recent wave of cyberattacks, TikTok has confirmed a zero-day vulnerability within its direct messaging system has been exploited, leading to the compromise of several high-profile accounts,...
View ArticleParrot OS 6.1: The Ultimate Update for Security Experts
Parrot Security, the renowned Debian-based Linux distribution tailored for security experts and privacy-conscious users, has released its latest iteration, Parrot OS 6.1. This update brings a slew of...
View ArticleTargetCompany Ransomware Evolves: New Linux Variant Targets ESXi Environments
Trend Micro’s threat-hunting team has uncovered a new Linux variant of the TargetCompany ransomware, marking a significant escalation in the group’s tactics. Known for primarily targeting Windows...
View ArticleKali Linux 2024.2 Released: An Upgrade for the Penetration Tester’s Arsenal
Kali Linux, the renowned open-source, Debian-based Linux distribution, has officially released its latest version, Kali Linux 2024.2 This highly anticipated update, though slightly delayed, packs a...
View ArticleCVE-2024-4295: Critical Vulnerability in Popular WordPress Plugin Exposes...
A critical security flaw has been uncovered in the popular WordPress plugin, Email Subscribers by Icegram Express. This vulnerability, designated as CVE-2024-4295, carries a severity rating of 9.8...
View ArticleBeware of “How to Fix” Button: New Phishing Emails Trick Users into Executing...
AhnLab SEcurity Intelligence Center (ASEC) has recently identified a phishing campaign leveraging HTML files distributed via email to execute malicious commands on targeted systems. This sophisticated...
View ArticleSecshow’s Massive DNS Probing Operation Exposed
A massive DNS probing operation, dubbed “Secshow,” has been underway since June 2023, targeting open DNS resolvers worldwide. Researchers at Infoblox Threat Intel and Dave Mitchell discovered that this...
View ArticleCybercriminal on Cybercriminal Crime: Ransomware Hijacks CoinMiner
In an unexpected twist of cybercrime, security researchers at AhnLab Security Intelligence Center (ASEC) have revealed a bizarre case of one criminal gang inadvertently aiding another. A CoinMiner, a...
View Articlelibaom Video Codec Library Exposed: Critical CVE-2024-5171 Vulnerability with...
A critical vulnerability, identified as CVE-2024-5171, has been discovered in libaom, a popular open-source video codec library. This vulnerability, with a CVSS score of 10 (the highest severity...
View ArticleCommando Cat Cryptojacking Campaign Unleashed: Docker Users Under Threat
Cybersecurity researchers at Trend Micro have uncovered a novel cryptojacking campaign dubbed “Commando Cat,” actively targeting Docker Remote API servers. This sophisticated attack exploits exposed...
View ArticleZerologon Vulnerability Strikes Again: RansomHub Exploits Legacy Flaw
A new ransomware threat, dubbed RansomHub, has rapidly ascended to become one of the most prolific ransomware groups currently active. Symantec’s Threat Hunter team has uncovered a strong link between...
View ArticlexFileSyncerx: Malicious Package with Wiper Components Discovered on PyPI
In a recent investigation, ReversingLabs researchers uncovered a malicious open-source package on the Python Package Index (PyPI) called xFileSyncerx, which contained dangerous “wiper” components. With...
View ArticleBeware of Fake Advanced IP Scanner: Malicious Installer Delivers CobaltStrike...
Trustwave SpiderLabs has uncovered a dangerous cyberattack campaign targeting users of the popular network scanning tool, Advanced IP Scanner. Threat actors are distributing a compromised version of...
View ArticleThinkPHP Vulnerabilities Under Active Exploit: Researchers Warn
Akamai researchers have identified a concerning resurgence of attacks targeting known vulnerabilities in the ThinkPHP web application framework. These vulnerabilities, CVE-2018-20062 and CVE-2019-9082,...
View ArticleCVE-2024-20404/20405: Cisco Finesse Vulnerabilities Open Door to Attacks
Cisco has issued a security advisory, warning users of multiple vulnerabilities in the web-based management interface of Cisco Finesse, a contact center solution widely used by enterprises. The...
View ArticleMuhstik Malware Exploits Apache RocketMQ Flaw: Thousands at Risk
Cybersecurity researchers at Aqua Nautilus have uncovered a concerning campaign where the Muhstik malware is actively targeting Apache RocketMQ installations. This new wave of attacks leverages a known...
View Article