Cyber Monday Scams: Unmasking the Shadows of Online Shopping
Cyber Monday, a day eagerly awaited by shoppers for its irresistible deals, has become a hunting ground for cybercriminals leveraging the surge in online activity to execute sophisticated scams....
View ArticleZero-Day Attack Alert: Corrupted Files Weaponized in New Attacks
A new 0-day attack leverages file corruption to slip past antivirus and sandbox defenses. A sophisticated new phishing campaign is leveraging a novel technique to bypass traditional security measures,...
View ArticleHorns&Hooves Campaign Leverages NetSupport and BurnsRAT for Widespread...
In a detailed report by Kaspersky Labs, the Horns&Hooves campaign emerges as a notable example of cybercriminal ingenuity, leveraging dual RAT payloads—NetSupport RAT and BurnsRAT—to compromise...
View ArticleNew Report Reveals SmokeLoader’s Advanced Tactics in Taiwan Campaign
A recent report by FortiGuard Labs has highlighted a targeted cyberattack involving the infamous SmokeLoader malware. This campaign, observed in September 2024, aimed at several industries in Taiwan,...
View ArticleRevC2 and Venom Loader Exploit MaaS in Advanced Campaigns
The latest findings from ThreatLabz reveal two novel malware families, RevC2 and Venom Loader, actively deployed in campaigns between August and October 2024. Leveraging the Malware-as-a-Service (MaaS)...
View ArticleFrom US to UAE: APT35 Expands Reach in Cyber Espionage
The ThreatBook Research and Response Team has revealed a sophisticated campaign by APT35, also known as Magic Hound or Charming Kitten, targeting the aerospace and semiconductor industries across...
View ArticleOpenAI Considers Ads for ChatGPT: Will Free Users Pay the Price?
OpenAI, the company behind the wildly popular AI chatbot ChatGPT, might be introducing advertisements to its free platform. This move comes as the company grapples with the astronomical costs of... The...
View ArticleCVE-2024-48651: ProFTPD Vulnerability Grants Root Access to Attackers
Popular FTP server ProFTPD has been found to contain a critical security flaw that could allow attackers to gain root access to vulnerable systems. The vulnerability, tracked as CVE-2024-48651 (CVSS......
View ArticleGoogle Chrome Enhances User Security with AI-Powered Website Reviews
Google Chrome is set to bolster online safety for users with the integration of a new AI-driven feature: “Store Reviews.” This functionality aims to provide users with a streamlined method... The post...
View ArticleKrbRelayEx: A Kerberos Relaying Tool for Penetration Testing
KrbRelayEx is an open-source tool designed for security professionals to assess the security of Active Directory environments. It leverages the power of Kerberos relaying, a technique that exploits the...
View ArticleZero-Day Exploit Code Released for Windows Task Scheduler Flaw...
A proof-of-concept (PoC) exploit code for CVE-2024-49039, a zero-day vulnerability in Windows Task Scheduler, has been publicly released, raising concerns about increased attacks. This vulnerability,...
View ArticleSurprise Exit: Gelsinger Retires from Intel After 40 Years
In a surprise move that sent ripples through the tech world, Intel Corporation announced today that CEO Pat Gelsinger has retired, effective December 1, 2024. This marks the end of... The post Surprise...
View ArticleCritical Vulnerabilities in mySCADA myPRO Software Pose Significant Risk to...
Researchers have disclosed critical vulnerabilities in mySCADA’s myPRO software, a widely deployed industrial automation platform. These security flaws could permit remote attackers to gain...
View ArticleCisco Confirms Active Exploitation of Decade-Old WebVPN Vulnerability in ASA...
Cisco Systems has issued an updated security advisory regarding CVE-2014-2120, a vulnerability affecting the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software. Originally disclosed...
View ArticleProtect Your Network: Zyxel Issues Firmware Updates
Zyxel Networks has released firmware updates to address multiple vulnerabilities affecting a range of its networking products, including 4G LTE/5G NR CPEs, DSL/Ethernet CPEs, fiber ONTs, and WiFi...
View ArticleGoogle Chrome Addresses High-Severity Flaw in V8 JavaScript Engine...
Google has released a security update for its Chrome web browser to mitigate a high-severity “type confusion” vulnerability (CVE-2024-12053) residing within the V8 JavaScript engine. This vulnerability...
View ArticleThreat Actors Exploiting Misconfigured Docker Remote API Servers with Gafgyt...
Trend Micro Research has revealed a significant evolution in the behavior of the Gafgyt malware (also known as Bashlite or Lizkebab), which is now targeting misconfigured Docker Remote API servers.......
View ArticleCISA Flags Three Actively Exploited Vulnerabilities in Critical Systems
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding three critical security vulnerabilities actively exploited in the wild. These vulnerabilities, now included in...
View ArticlePoC Confirms Root Privilege Exploit in TP-Link Archer AXE75 Vulnerability...
A newly discovered vulnerability in the TP-Link Archer AXE75 router, tracked as CVE-2024-53375, could allow remote attackers to execute arbitrary commands on vulnerable devices. This critical flaw,...
View ArticleCVE-2024-42448 (CVSS 9.9): Critical RCE Vulnerability in Veeam VSPC
Veeam Software, a prominent provider of backup and disaster recovery solutions, has released urgent security updates to address two critical vulnerabilities in its Service Provider Console (VSPC). One...
View Article