Zero-Day in Active Directory Certificate Services: Researcher Exposes...
Security researchers from TrustedSec have uncovered a critical zero-day vulnerability, CVE-2024-49019, affecting Active Directory Certificate Services (AD CS). This flaw exploits a feature of version 1...
View ArticleCVE-2024-11667: Critical Vulnerability in Zyxel Firewalls Actively Exploited
CERT Germany (CERT-Bund) and Zyxel have warned of actively exploiting a critical vulnerability in Zyxel firewalls. This vulnerability tracked as CVE-2024-11667, is being leveraged to deploy Helldown...
View ArticleShadowHound: Enhancing Active Directory Reconnaissance with a Stealthy and...
Abstract In the realm of offensive security assessments, the need for discreet and effective Active Directory (AD) reconnaissance is paramount. Traditional methods often rely on introducing external...
View ArticleMalicious PyPI Package Targets Cryptocurrency Wallets: aiocpa Campaign Exposed
Cybersecurity researchers at ReversingLabs have uncovered a stealthy supply chain attack targeting cryptocurrency wallets via the PyPI repository. The malicious package, named aiocpa, posed as a...
View ArticleCVE-2024-52338: Critical Security Flaw in Apache Arrow R Package Allows...
The Apache Software Foundation has addressed a critical security vulnerability (CVE-2024-52338) in the Apache Arrow R package. This vulnerability, impacting versions 4.0.0 through 16.1.0, could allow...
View ArticleOver-the-Air Vulnerabilities in Advantech EKI Access Points Put Industrial...
Industrial environments are increasingly relying on wireless technologies to power critical operations. However, a recent report from Nozomi Networks Labs reveals that this technological shift is...
View ArticleCVE-2024-8672 (CVSS 9.9): Critical Flaw in Widget Options Plugin Threatens...
A critical security vulnerability (CVE-2024-8672) in the popular “Widget Options” plugin, which boasts over 100,000 active installations, has been patched in the latest release (version 4.0.8). This...
View ArticleCVE-2024-11980 (CVSS 10): Critical Flaw in Billion Electric Routers
TWCERT/CC disclosed multiple vulnerabilities affecting several Billion Electric router models, including the M100, M150, M120N, and M500. These vulnerabilities range in severity, with the most critical...
View ArticleCVE-2024-52336 & CVE-2024-52337: Vulnerabilities in Linux Tuned Daemon
The SUSE Security Team has uncovered two vulnerabilities in the Linux Tuned daemon, a critical tool for runtime hardware and kernel optimization. These vulnerabilities, tracked as CVE-2024-52336 (CVSS...
View ArticleWindows Tool Weaponized: Wevtutil.exe Exploited in Novel Attack
Security researchers have exposed a new aspect in the Living Off the Land Binaries and Scripts (LOLBAS) arsenal: the little-known potential of Windows’ wevtutil.exe for stealthy, malicious operations....
View ArticleTrellix Enterprise Security Manager Patches Critical Flaws, Including...
Trellix has released an update to its Enterprise Security Manager (ESM) addressing two critical vulnerabilities that could allow unauthorized access and remote code execution. These vulnerabilities,...
View ArticleOperation “Code on Toast”: A Deep Dive into TA-RedAnt’s Exploitation of...
North Korean-linked hacking group TA-RedAnt has been implicated in a sophisticated large-scale cyber attack dubbed “Operation Code on Toast,” targeting unsuspecting users through a novel Internet...
View ArticleHackers vs. LED Indicators: Why Tape Remains the Ultimate Camera Shield
A few years ago, a viral photo of Mark Zuckerberg’s laptop revealed a simple yet effective security measure: tape covering the webcam. It was a moment that ignited global conversations... The post...
View ArticleSecurity Alert: Bootkitty Bootkit Targets Linux via UEFI Vulnerability...
Security researchers from Binarly and ESET have uncovered “Bootkitty,” the first-ever UEFI bootkit designed to target Linux systems. This new threat exploits the LogoFAIL vulnerability...
View ArticleCritical Vulnerabilities Discovered in IBM Security Verify Access Appliance
Security researchers have disclosed multiple critical vulnerabilities affecting IBM Security Verify Access Appliance, a widely deployed solution for web application access management and...
View ArticleWindows Server 2012 Users Beware: 0day Vulnerability Bypasses Mark of the Web...
ACROS Security, the creators of 0patch micropatching technology, have uncovered a zero-day vulnerability affecting Windows Server 2012 and Server 2012 R2. This vulnerability allows malicious actors to...
View ArticleMediaTek Patches High-Severity Vulnerability in Smartphone Chipsets...
MediaTek has released its latest Product Security Bulletin, addressing a high-severity vulnerability that could lead to unauthorized access and control of user devices. The vulnerability, identified as...
View ArticleMicrosoft Clarifies Windows 11 Installation on Unsupported Devices: Proceed...
Microsoft has updated its support documentation regarding Windows 11 installation on devices that don’t meet the minimum system requirements. While the company still advises against this practice, the...
View ArticleWindows 10 ESU Cracked: Free Security Updates on the Horizon?
The MAS team, led by developer @Massgravel, has reportedly bypassed the paid Extended Security Updates (ESU) program for Windows 10, potentially allowing users to receive security updates for free...
View ArticleBologna FC Suffers Major Data Breach in Ransomware Attack
Serie A club falls victim to RansomHub, exposing sensitive player, financial, and operational data. Bologna FC 1909 S.p.a. has officially confirmed a targeted ransomware attack on its internal security...
View Article