CVE-2024-52335 (CVSS 9.8): Siemens Healthineers Addresses Critical Flaw in...
Siemens Healthineers has released a critical security update to address an unauthenticated SQL injection vulnerability in its syngo.plaza VB30E medical imaging software. The vulnerability, identified...
View ArticleMicrosoft Strengthens Default Security Posture Against NTLM Relay Attacks
Microsoft has announced significant enhancements to its default security configuration, aimed at mitigating the risk of NTLM relay attacks across its ecosystem. In a recent blog post, the company...
View ArticleResearcher Details CVE-2024-44131 – A Critical TCC Bypass in macOS and iOS
Jamf Threat Labs has identified a vulnerability in Apple’s Transparency, Consent, and Control (TCC) security framework. Designated as CVE-2024-44131, this flaw enables malicious applications to bypass...
View ArticleIvanti Connect Secure and Policy Secure Updates Address Critical Vulnerabilities
Ivanti, a leader in unified endpoint and enterprise service management, has issued patches for several high and critical vulnerabilities affecting its Connect Secure and Policy Secure solutions. These...
View ArticleUAC-0185 APT Leverages Social Engineering to Target Ukrainian Defense...
The Computer Emergency Response Team of Ukraine (CERT-UA) has issued a security advisory (CERT-UA#12414) detailing a sophisticated phishing campaign targeting organizations within Ukraine’s defense...
View ArticleCVE-2024-11639 (CVSS 10) – Critical Flaw in Ivanti Cloud Services...
Ivanti, a leading provider of IT management and security solutions, has released critical security updates for the Ivanti Cloud Services Application (CSA). These updates address vulnerabilities that...
View ArticleOperation Digital Eye: Chinese APT Exploits Visual Studio Code Tunnels in...
In a sophisticated cyberespionage campaign dubbed Operation Digital Eye, SentinelOne and Tinexta Cyber uncovered activities linked to a Chinese Advanced Persistent Threat (APT) group targeting large...
View ArticleCVE-2020-12271 Exploited: FBI Seeks Chinese Hacker Behind 81,000 Device Breach
The US Department of Justice announced the unsealing of an indictment against Guan Tianfeng, a Chinese national associated with Sichuan Silence Information Technology Co. Ltd., for his alleged role...
View ArticleAndroid Users Targeted: AppLite Trojan Disguised as Popular Apps
zLabs has uncovered AppLite, a sophisticated new variant of the AntiDot banking trojan, targeting Android devices through a wide-reaching phishing campaign. This malware, disguised as legitimate apps...
View ArticleCVE-2024-53247: Splunk Secure Gateway App Vulnerability Allows Remote Code...
A critical vulnerability has been discovered in the Splunk Secure Gateway app that could allow a low-privileged user to execute arbitrary code on vulnerable systems. The vulnerability, identified as...
View ArticleChatGPT and Sora Go Offline: OpenAI Scrambles to Restore Service Amid Global...
In a sudden and unexpected turn of events, OpenAI’s ChatGPT, the AI chatbot that has taken the world by storm, is experiencing a major global outage. The disruption, which began... The post ChatGPT and...
View ArticleCVE-2024-11274: GitLab Vulnerability Exposes User Accounts
GitLab has issued an important security update addressing a range of vulnerabilities affecting multiple versions of its platform. The update, which includes versions 17.6.2, 17.5.4, and 17.4.6 for...
View ArticleMalicious npm Package Mimics ESLint Plugin, Steals Sensitive Data
A recent report by the Socket Research Team uncovers a sophisticated typosquatting attack targeting developers using the popular @typescript-eslint/eslint-plugin. The legitimate...
View ArticleZloader Trojan Employs Novel DNS Tunneling Protocol for Enhanced Evasion
Zloader, the modular Trojan with roots in the infamous Zeus malware, has once again evolved, presenting a new and sophisticated challenge to cybersecurity professionals. ThreatLabz, the security...
View ArticleBadRAM Vulnerability (CVE-2024-21944): Researchers Uncover Security Flaw in...
A collaborative research effort has exposed a significant vulnerability, designated CVE-2024-21944 and named “BadRAM,” that undermines the integrity of AMD’s Secure Encrypted Virtualization (SEV)...
View Article“Aggressive Inventory Zombies”: Unmasking a Massive Phishing and...
Silent Push Threat Analysts have shed light on a large-scale phishing and pig-butchering network targeting retail brands and cryptocurrency users. Dubbed “Aggressive Inventory Zombies” (AIZ), this...
View ArticlePoC Exploit Code Releases Cleo Zero-Day Vulnerability (CVE-2024-50623)
Organizations using Cleo file transfer software are urged to take immediate action as a critical vulnerability, CVE-2024-50623, is being actively exploited in the wild. This zero-day flaw affects Cleo...
View ArticleCVE-2024-53677 (CVSS 9.5): Critical Vulnerability in Apache Struts Allows...
Developers using the popular Apache Struts framework are urged to update their systems immediately following the discovery of a critical security flaw (CVE-2024-53677, CVSS 9.5) that could allow...
View ArticleEagleMsgSpy: Unmasking a Sophisticated Chinese Surveillance Tool
Researchers at the Lookout Threat Lab have identified a sophisticated surveillance tool, dubbed EagleMsgSpy, reportedly used by law enforcement agencies in mainland China. The tool, operational since...
View ArticleOperation PowerOFF: Europol Cracks Down on Global DDoS-for-Hire Platforms
Law enforcement worldwide has delivered a significant blow to cybercriminals with Operation PowerOFF, an international effort led by Europol to dismantle Distributed Denial-of-Service (DDoS)-for-hire...
View Article