CVE-2024-12254: CPython Flaw Could Lead to Memory Exhaustion in asyncio...
A high-severity vulnerability (CVE-2024-12254) has been discovered in CPython, the reference implementation of the Python programming language. This vulnerability, with a CVSSv4 score of 8.7, affects...
View ArticleRadiant Capital Incident: $50M Cyber Heist Linked to North Korean Threat Actors
A new report from Radiant Capital provides a detailed analysis of the sophisticated cyberattack that led to the theft of approximately $50 million USD on October 16, 2024. The findings,... The post...
View ArticleMeta’s Q3 2024 Adversarial Threat Report: Global Disinformation Networks...
Meta has released its Third Quarter Adversarial Threat Report for 2024, detailing the disruption of five covert influence operations across the globe, including networks originating in India, Iran,...
View ArticleFCC Takes Action to Strengthen Cybersecurity in Response to Salt Typhoon...
The Federal Communications Commission (FCC) is taking decisive action to bolster the cybersecurity of U.S. telecommunications networks in the wake of the Salt Typhoon cyberattack, a sophisticated...
View ArticleCVE-2024-11205: WPForms Plugin Vulnerability Impacts 6 Million WordPress Sites
A critical vulnerability (CVE-2024-11205) discovered in WPForms, a prevalent WordPress form builder plugin with over 6 million active installations, exposed websites to significant financial risk. The...
View ArticleBulletproof Hosting: The Dark Infrastructure Behind Global Cybercrime
A recent report by the Knownsec 404 team highlights the pivotal role of bulletproof hosting services in facilitating global cybercriminal activities. These specialized hosting providers, often referred...
View ArticleInternational Operation Dismantles Phone Phishing Ring Targeting Vulnerable...
A sophisticated phone phishing operation targeting vulnerable individuals, primarily the elderly, has been dismantled in a joint operation conducted by Belgian and Dutch law enforcement agencies, with...
View ArticleLet’s Encrypt to Deprecate OCSP in Favor of CRLs, Enhancing User Privacy
Let’s Encrypt, a leading certificate authority renowned for its commitment to a secure and privacy-respecting internet, has formally announced the deprecation of the Online Certificate Status Protocol...
View ArticleCVE-2024-54143: Critical Vulnerability in OpenWrt’s Attended SysUpgrade...
OpenWrt, a popular open-source operating system for embedded devices, has disclosed a critical vulnerability (CVE-2024-54143) that could allow attackers to compromise the integrity of firmware updates...
View ArticleCVE-2024-50623: Critical Vulnerability in Cleo Software Actively Exploited in...
Huntress Labs has raised the alarm over the active exploitation of a critical vulnerability (CVE-2024-50623) in Cleo’s Harmony, VLTrader, and LexiCom software, commonly used for managing file...
View ArticleCVE-2024-47578 (CVSS 9.1): SAP Issues Critical Patch for NetWeaver AS for JAVA
SAP’s latest Security Patch Day, released today, detailed 10 new Security Notes alongside updates to three previously released notes. Among the newly disclosed vulnerabilities, multiple critical and...
View ArticleMoqHao Malware Targets Apple IDs and Android Devices Using iCloud and VK...
A new campaign by the Roaming Mantis-affiliated MoqHao malware family, also known as Wroba and XLoader, has been uncovered by Threat Hunting Platform – Hunt.io. The campaign exploits trusted...
View ArticlePatchwork APT Targets Chinese Scientific Research in Renewed Campaign
A new wave of cyberattacks targeting Chinese scientific organizations has been identified by cybersecurity researchers at Hunting Shadow Lab. The campaign, attributed to the Patchwork APT group (also...
View ArticleGoogle Chrome Patches High-Severity Vulnerabilities – CVE-2024-12381 &...
Google has announced its Chrome browser’s latest stable channel update, addressing several security vulnerabilities, including two classified as “High” severity. The update, rolling out progressively...
View ArticleMicrosoft Addresses Critical Zero-Day CVE-2024-49138 & 72 Additional Flaws in...
Microsoft has released its December 2024 Patch Tuesday security update, addressing a total of 73 vulnerabilities across its product portfolio. This comprehensive update includes fixes for 16 critical...
View ArticleArtivion Discloses Cybersecurity Incident, Impacts Operations and Financial...
Artivion, Inc., a global leader in the development and manufacturing of cardiovascular surgical devices, announced a cybersecurity incident that has disrupted its operations and compromised sensitive...
View ArticleSchneider Electric Warns of Critical Flaw in Modicon Controllers –...
Schneider Electric has issued a security notification warning of a critical vulnerability affecting its Modicon M241, M251, M258, and LMC058 Programmable Logic Controllers (PLCs). The vulnerability,...
View ArticleApache Superset Patches Multi Security Flaws in Latest Release
The Apache Software Foundation has announced the release of Apache Superset 4.1.0, an important update that addresses three significant security vulnerabilities affecting the widely used open-source...
View ArticleNo Warning, No Data: Hetzner Terminates Kiwix Account Abruptly
A recent incident involving Hetzner, a well-known European cloud hosting provider, and Kiwix, a non-profit organization dedicated to offline access to Wikipedia, has brought to light critical...
View ArticleExploiting CDN Integrations: A WAF Bypass Threatening Global Web Applications
In a recently disclosed analysis, Zafran’s research team has unveiled a pervasive misconfiguration vulnerability affecting some of the world’s largest web application firewall (WAF) vendors, including...
View Article