Beware of Fake Google Chrome Update Pop-Ups: Malicious Campaign Targets...
A new cyberattack campaign is underway, targeting hundreds of websites with deceptive pop-up messages urging users to update their Google Chrome browsers. This scheme, identified by security analyst...
View ArticleChinese State-Sponsored Hackers Target Southeast Asian Government in...
Sophos researchers have uncovered a sophisticated and long-running cyberespionage campaign, dubbed Operation Crimson Palace, targeting a high-profile government organization in Southeast Asia. This...
View ArticleCVE-2024-4577: Critical PHP Vulnerability Exposes Millions of Servers to RCE
Cybersecurity firm DEVCORE has discovered a critical remote code execution vulnerability in the PHP programming language, a cornerstone of the web ecosystem. The vulnerability, tracked as...
View ArticleResearchers Detail Critical PHP Flaw CVE-2024-4577 with PoC Exploit Code
Cybersecurity researchers at watchTowr published the technical details and a proof-of-concept exploit code for a recently disclosed critical vulnerability (CVE-2024-4577) in PHP, the popular...
View ArticleCVE-2024-4610 – Arm Mali GPU Zero-Day Under Active Exploit: Millions of...
In a warning issued today, chip design giant Arm has disclosed a critical zero-day vulnerability (CVE-2024-4610) actively being exploited in the wild. The flaw affects the widely used Mali GPU drivers,...
View ArticleBeware of Fake KMSPico Activators: A Gateway for Vidar Stealer Malware
A recent investigation by eSentire’s Threat Response Unit (TRU) has unveiled a sophisticated attack campaign utilizing counterfeit KMSPico activators to deliver the notorious Vidar Stealer malware....
View ArticleCVE-2024-5480 (CVSS 10): Critical RCE Vulnerability in PyTorch Distributed...
A critical vulnerability (CVE-2024-5480) has been discovered in PyTorch’s distributed RPC (Remote Procedure Call) framework, exposing machine learning models and sensitive data to potential remote code...
View ArticleeSentire Exposes Ongoing More_eggs Malware Campaign Targeting Job Seekers
eSentire’s Threat Response Unit (TRU) has unveiled a persistent and sophisticated cyber campaign employing the notorious more_eggs malware, primarily targeting recruiters in the industrial services...
View ArticleCVE-2024-4177: SSRF Vulnerability Patched in Bitdefender GravityZone Console...
Bitdefender, a leading cybersecurity provider, has addressed a critical vulnerability (CVE-2024-4177, CVSS 8.1) in its GravityZone Console On-Premise product. The flaw, discovered by security...
View ArticleNew Agent Tesla Campaign Targets Spanish-Speaking Users
FortiGuard Labs has recently identified a new phishing campaign deploying a variant of the notorious Agent Tesla malware, specifically targeting Spanish-speaking users. Agent Tesla, a well-known Remote...
View ArticleCVE-2024-23692: Unauthenticated RCE Flaw in Rejetto HTTP File Server, PoC...
A critical vulnerability, identified as CVE-2024-23692, has been discovered in Rejetto HTTP File Server (HFS) versions 2.x, posing a significant risk to organizations and individuals utilizing this...
View ArticleEvolving Cryptojacking Campaign Targets Misconfigured Kubernetes Clusters
In a recent investigation by cybersecurity researchers Avigayil Mechtinger, Shay Berkovich, and Gili Tikochinski at Wiz Research, a new variant of an ongoing cryptojacking campaign targeting...
View ArticleMultiple Critical Vulnerabilities Discovered in Netgear WNR614 Router, No...
Redfox Security has uncovered a series of critical vulnerabilities in the popular Netgear WNR614 N300 router, exposing users to significant security risks. The vulnerabilities, ranging from...
View ArticleSticky Werewolf Targets Aviation Sector in Latest Malicious Campaign
Morphisec Labs has identified a surge in cyber activity associated with the Sticky Werewolf group, a threat actor with suspected geopolitical or hacktivist ties. This elusive group, first detected in...
View ArticlePoc Exploit Releases for Microsoft SharePoint Information Disclosure Flaw...
A security researcher has published a proof-of-concept (PoC) exploit code targeting a recent important severity vulnerability (CVE-2024-30043) in Microsoft SharePoint Server. Rated with a CVSS score of...
View ArticleVeeam Users Beware: PoC Exploit for Critical CVE-2024-29849 Flaw Released
A newly released proof-of-concept (PoC) exploit has heightened concerns about a critical vulnerability (CVE-2024-29849) in Veeam Backup Enterprise Manager (VBEM), a web-based management tool for Veeam...
View ArticleChina-Linked Mustang Panda Targets Vietnamese Entities in Cyber Espionage...
Vietnamese organizations and individuals have become the latest targets of Mustang Panda, a notorious Chinese cyber espionage group. According to recent findings by Cyble Research and Intelligence Labs...
View ArticleCVE-2024-5452: Critical PyTorch Lightning Vulnerability Exposes AI Models to...
A severe remote code execution (RCE) vulnerability has been discovered in PyTorch Lightning, a widely-used framework for accelerating machine learning research and development. The vulnerability,...
View ArticleUNC5537 Threatens Snowflake: Data Theft and Extortion Campaign Exposed
In a recent report, cybersecurity firm Mandiant disclosed a significant cybercrime campaign targeting customers of Snowflake, the cloud-based data warehousing platform. Tracked as UNC5537, this...
View ArticleMultiple Precor Smart Treadmills Vulnerabilities Exposed to Unauthorized Access
IBM X-Force Red, a team of cybersecurity researchers, has uncovered critical vulnerabilities in Precor smart treadmills, raising concerns about user safety and data security. The vulnerabilities,...
View Article