Veeam Backup & Replication Vulnerabilities Exposed: High-Severity Flaws Put...
Veeam Software, a prominent provider of backup, recovery, and data management solutions, has released a security update to address multiple vulnerabilities in its Veeam Backup & Replication...
View ArticleFake DocuSign Emails: Don’t Get Hooked by Phishing Scams
Cybersecurity researchers from Cado Security Labs have uncovered a troubling trend of phishing attacks targeting DocuSign users. These campaigns exploit the trust and convenience associated with...
View ArticleBlack Basta Resurgence: Social Engineering Campaign Delivers Zbot, DarkGate,...
The notorious Black Basta ransomware group is back, employing sophisticated social engineering tactics and deploying advanced malware payloads in their latest campaign. According to a detailed analysis...
View ArticleDroidBot: A New Android Threat Exposes Global Financial Institutions
A recent investigation by the Cleafy Threat Intelligence and Response (TIR) team has uncovered DroidBot, a sophisticated Android Remote Access Trojan (RAT) linked to a new Turkish Malware-as-a-Service...
View ArticleCVE-2024-53990 (CVSS 9.2): AsyncHttpClient Vulnerability Puts Java...
A critical severity vulnerability (CVE-2024-53990) has been discovered in the AsyncHttpClient (AHC) library, a popular Java library used for making asynchronous HTTP requests. This vulnerability, with...
View ArticleRussian Hacker Secret Blizzard Hijack C2 Infrastructure in New Espionage...
Lumen’s Black Lotus Labs has uncovered an elaborate campaign by the Russian threat actor Secret Blizzard (also known as Turla). This operation demonstrates their signature tradecraft of hijacking other...
View ArticleMultiple Vulnerabilities in SonicWall SMA 100 Could Lead to Remote Code...
SonicWall has issued a security advisory regarding several vulnerabilities impacting its SMA 100 series SSL-VPN products. These flaws range from path traversal issues inherited from Apache HTTP Server...
View ArticleiVerify Unveils Disturbing Prevalence of Pegasus Spyware on Mobile Devices
In an investigation, iVerify has revealed the pervasive presence of the notorious Pegasus spyware in mobile devices, uncovering seven infections in a sample of 2,500 user-scanned devices. This...
View ArticleCVE-2024-43222 (CVSS 9.8): Critical Flaw in Sweet Date WordPress Theme...
A critical vulnerability (CVE-2024-43222) has been identified in the Sweet Date WordPress theme, a popular premium theme with nearly 10,000 sales. This vulnerability carries a CVSS score of 9.8,...
View ArticlePhishing, Fraud, and Stolen Data: Europol Takes Down Cybercrime Network
Europol has announced the successful dismantling of a sophisticated network responsible for facilitating large-scale online fraud. This operation, led by German authorities with support from law...
View ArticleBrowser Isolation Bypassed: QR Codes Used in Novel C2 Attacks
Browser isolation technology, often lauded as a cornerstone of modern cybersecurity, is not impervious to creative exploitation. A recent report from Thibault Van Geluwe de Berlaere at Mandiant unveils...
View ArticleDjango Releases Patches for CVE-2024-53907 and CVE-2024-53908 to Mitigate DoS...
The Django team has recently announced the release of Django 5.1.4, Django 5.0.10, and Django 4.2.17 to address two security vulnerabilities. All users are strongly encouraged to upgrade their...
View ArticleCritical Zero-Day Vulnerability in Windows Exposes User Credentials
A newly discovered zero-day vulnerability affecting all supported and legacy versions of Microsoft Windows allows attackers to capture user NTLM credentials through the simple act of file viewing...
View ArticleKroah-Hartman Confirms: Linux Kernel 6.12 is Now LTS
Linux kernel version 6.12, released on November 17, 2024, has been officially designated as a Long-Term Support (LTS) release. Maintained by renowned kernel developer Greg Kroah-Hartman, this version...
View ArticleUnpatched Zero-Day Vulnerability in Mitel MiCollab Exposes Businesses to...
A newly disclosed zero-day vulnerability in the Mitel MiCollab collaboration platform has raised serious concerns regarding the security of sensitive business data. Discovered by security researchers...
View ArticleSophisticated Campaign Targets Manufacturing Industry with Lumma Stealer and...
Cyble Research and Intelligence Labs (CRIL) has uncovered a multi-stage cyberattack campaign targeting the manufacturing industry. Leveraging advanced techniques and a combination of Lumma Stealer and...
View ArticleUS Organization in China Falls Victim to Suspected Chinese Espionage Campaign
A recent report from the Symantec Threat Hunter Team reveals a troubling cyberespionage operation targeting a large US organization operating in China. The attack, suspected to be the work of... The...
View ArticleEarth Minotaur: MOONSHINE Exploit Kit and DarkNimbus Backdoor Threaten...
A sophisticated cyber campaign orchestrated by the threat actor Earth Minotaur has been uncovered by Trend Micro researchers, exposing their reliance on the MOONSHINE exploit kit and a previously...
View ArticleFSB-Tampered Device Returned with Monokle-Type Spyware, Experts Reveal
A joint investigation by the First Department and cybersecurity researchers has exposed the covert implantation of spyware resembling the Monokle family on a confiscated device returned to a Russian...
View ArticleBlueAlpha Exploits Cloudflare Tunnels for GammaDrop Malware Infrastructure
The Insikt Group has uncovered a sophisticated cyber-espionage operation conducted by BlueAlpha, a state-sponsored threat actor with links to the Russian Federal Security Service (FSB). The campaign...
View Article