Citrix Alerts on Global Password Spraying Campaigns Targeting NetScaler...
Citrix has issued an advisory highlighting an increase in password spraying attacks aimed at NetScaler appliances worldwide. These attacks exploit authentication endpoints, causing significant...
View ArticleStealth, Persistence, and Privilege Escalation: A Sophisticated PUMAKIT Linux...
Elastic Security Labs has uncovered “PUMAKIT,” a sophisticated multi-stage malware targeting Linux systems. Initially discovered during routine threat hunting on VirusTotal, PUMAKIT exemplifies...
View ArticleMultiple Critical Vulnerabilities Expose GLPI to Widespread Attacks
A series of critical security vulnerabilities have been discovered in GLPI (Gestionnaire Libre de Parc Informatique), a widely used open-source IT asset management and service desk software. These...
View ArticleThe Zero-Detection PHP Backdoor Glutton Exposed
A discovery by XLab has detailed Glutton, a stealthy PHP backdoor targeting both traditional organizations and the cybercrime ecosystem itself. According to XLab’s analysis, Glutton represents a new...
View Article336,000 Prometheus Servers at Risk: Urgent Security Alert
In a recent investigation, Aqua Nautilus uncovered alarming security vulnerabilities within the Prometheus ecosystem. Their research highlights critical flaws spanning information disclosure,...
View ArticlePasskeys: Microsoft’s Solution to 7,000 Password Attacks Per Second
The password era is coming to an end, and Microsoft is leading the charge with passkeys, a next-generation authentication method designed to enhance both security and user experience. In a... The post...
View ArticleCVE-2024-55884 (CVSS 9.0): Critical Vulnerability Found in Mullvad VPN
X41 D-Sec GmbH, a leading cybersecurity firm, has completed a white-box penetration test of the Mullvad VPN application, revealing several vulnerabilities, including one rated as “critical” and two...
View ArticleGoogle Ads Abused in Graphic Design Malvertising Attack
Silent Push Threat Analysts have revealed a widespread malvertising campaign exploiting Google Ads to target graphic design professionals. This ongoing operation, active since November, utilizes...
View ArticleRussian APT “Secret Blizzard” Leverages Cybercriminal Tools in Ukraine Attacks
A new report from Microsoft Threat Intelligence reveals that the Russian state-sponsored threat actor known as Secret Blizzard (also tracked as Turla, Waterbug, Venomous Bear, Snake, Turla Team, and...
View ArticleCVE-2024-45337: Golang Crypto Library Flawed, Risks Authorization Bypass
A critical security vulnerability, tracked as CVE-2024-45337 (CVSS 9.1), has been discovered in the Golang cryptography library. This flaw stems from the misuse of the ServerConfig.PublicKeyCallback...
View ArticleOpen Sesame Attack: Ruijie Networks Devices Vulnerable to Remote Takeover
In a critical revelation highlighting the vulnerabilities of IoT ecosystems, Team82 has published a report detailing 10 security flaws in Ruijie Networks’ Reyee cloud management platform and its...
View ArticleCVE-2024-38819: Spring Framework Path Traversal PoC Exploit Released
A critical vulnerability in the Spring Framework, tracked as CVE-2024-38819 (CVSS score 7.5), has been publicly disclosed, along with a proof-of-concept (PoC) exploit. This flaw allows attackers to...
View ArticleHackers Hack Hackers: MUT-1244 Steals Credentials in Deceptive GitHub Attack
According to Datadog Security Labs, a cybercriminal group known as MUT-1244 has launched a sophisticated attack campaign that successfully compromised not only regular users but also other hackers and...
View ArticleCVE-2024-51466 (CVSS 9.0): Critical Vulnerability Found in IBM Cognos Analytics
IBM has disclosed two severe vulnerabilities in its Cognos Analytics platform that could compromise sensitive data and system integrity. These vulnerabilities, identified as CVE-2024-51466 and...
View ArticleFrom .NET to C++: BellaCiao Malware Evolves with BellaCPP
Kaspersky has uncovered a fresh variant of the BellaCiao malware family—BellaCPP—marking a shift from .NET to C++ in its development. First appearing in April 2023, BellaCiao is a .NET-based malware......
View ArticleNotLockBit: New Cross-Platform Ransomware Threatens Windows and macOS
Pranita Pradeep Kulkarni, Senior Engineer in Threat Research at Qualys, has detailed a new ransomware strain dubbed NotLockBit, which mimics the notorious LockBit ransomware while introducing unique...
View ArticleCybercriminals Go Mobile: Executives Targeted in Advanced Phishing Campaigns
Cybercriminals are targeting corporate executives with highly advanced mobile spear phishing attacks, leveraging sophisticated evasion techniques and exploiting the inherent vulnerabilities of mobile...
View ArticleNew Skuld Infostealer Campaign Unveiled in npm Ecosystem
The npm ecosystem has been infiltrated once more by the persistent Skuld infostealer, a notorious malware strain targeting developers with deceptive packages. Socket’s threat research team unveiled...
View ArticleLNK Files and SSH Commands: The New Arsenal of Advanced Cyber Attacks
A recent report by Cyble Research and Intelligence Labs (CRIL) unveils a troubling trend: threat actors are increasingly leveraging LNK files and SSH commands as stealthy tools to orchestrate...
View ArticleLazarus Group’s Evolving Arsenal: New Malware and Infection Chains Unveiled
In a recent analysis by Kaspersky Labs, the infamous Lazarus Group continues to refine its strategies, blending old tactics with new malware to create advanced and stealthy attack chains. Dubbed... The...
View Article