FlowerStorm Seizes Opportunity as Rockstar2FA Crumbles
Despite its popularity, the phishing-as-a-service platform Rockstar2FA suffered a partial collapse in November 2024 due to technical issues, allowing the new phishing toolkit FlowerStorm to emerge,...
View ArticlePegasus Spyware: Court Finds NSO Group Liable for 1,400 Infections
A California court has ruled that Israeli firm NSO Group is liable for hacking into WhatsApp and deploying its notorious Pegasus spyware. The ruling, delivered by Judge Phyllis Hamilton in... The post...
View ArticleNodeStealer Infostealer: New Python-Based Variant Targets Facebook Ads Manager
The NodeStealer malware, first identified as a JavaScript-based threat, has undergone a transformation into a Python-based infostealer, expanding its capabilities to harvest a broader range of...
View ArticleDigiEver DVR Vulnerability Under Attack by Hail Cock Botnet
Akamai Security Intelligence Research Team (SIRT) has uncovered a vulnerability in DigiEver DS-2105 Pro DVRs is being actively exploited by the Hail Cock botnet, a Mirai variant enhanced with modern......
View ArticleCVE-2024-56145 (CVSS 9.3): Remote Code Execution Vulnerability in Craft CMS,...
Security researchers at Assetnote have disclosed a critical vulnerability (CVE-2024-56145) in Craft CMS, a widely-used PHP-based content management system. This flaw, assigned a CVSS score of 9.3,...
View ArticleCVE-2024-56337: Apache Tomcat Patches Critical RCE Vulnerability
The Apache Software Foundation recently released a critical security update to address a remote code execution (RCE) vulnerability in Apache Tomcat, identified as CVE-2024-56337. This vulnerability...
View ArticleDutch DPA Fines Netflix €4.75 Million for GDPR Violations
Streaming giant Netflix has been hit with a hefty fine by the Dutch Data Protection Authority (Dutch DPA) for failing to provide clear and sufficient information to customers about how... The post...
View ArticleGoogle’s Search Dominance Under Fire in Japan
Google finds itself in hot water with regulators yet again, this time in Japan. The nation’s Fair Trade Commission (JFTC) is poised to rule that the tech giant has violated... The post Google’s Search...
View ArticleCybercriminals Exploit Cracked Acunetix Scanner for Malicious Attacks
Cybercriminals are increasingly weaponizing cracked versions of legitimate vulnerability scanning tools, like the Araneida Scanner, for malicious activities, according to Silent Push Threat Analysts....
View ArticleRspack Supply Chain Attack Injects Cryptojacking Malware Into npm Ecosystem
The Rspack ecosystem, known for its high-performance JavaScript bundler written in Rust, has become the latest victim of a supply chain attack. The breach impacted two widely used npm packages,... The...
View ArticleCVE-2021-44207: Vulnerability in Acclaim USAHERDS Actively Exploited, CISA Warns
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has raised the alarm on a critical security flaw impacting the Acclaim USAHERDS web application. This vulnerability, officially tracked...
View ArticleWikiKit Phishing Kit Targets Major Industries with Evasive Techniques
TRAC Labs recently unveiled a new phishing kit, named WikiKit, which is targeting industries across automotive, manufacturing, medical, and more. This sophisticated attack employs unique techniques to...
View Article“Holy League” Hacktivist Group Emerges, Targets West
Radware’s latest report unveils the emergence of the Holy League—a hacktivist formed in July 2024. This group is the result of a strategic merger between the pro-Russian High Society and... The post...
View ArticlePoC Exploit Emerges for Adobe ColdFusion CVE-2024-53961—Apply Security...
Adobe has released urgent security updates to address a critical vulnerability in ColdFusion versions 2023 and 2021. This vulnerability, identified as CVE-2024-53961, could allow attackers to read...
View ArticleCVE-2024-53552 (CVSS 9.8): CrushFTP Flaw Exposes Users to Account Takeover
CrushFTP, a popular file transfer server known for its robust features and user-friendly interface, has issued an urgent security advisory regarding a critical vulnerability that could lead to account...
View ArticleCVE-2024-56334: Command Injection Flaw Exposes Millions of Node.js Systems to...
A severe command injection vulnerability (CVE-2024-56334) has been identified in the widely used Node.js system information package, which has over 8 million monthly downloads and a staggering 330...
View ArticleCVE-2024-12828 (CVSS 9.9): Webmin Vulnerability Leaves a Million Servers...
The popular web-based system administration tool, Webmin, has been found to harbor a critical security vulnerability (CVE-2024-12828) that could allow attackers to seize control of servers. With an...
View ArticlePoC Exploit Released for CVE-2024-30085: Windows Elevation of Privilege...
Security researcher Alex Birnberg with SSD Secure Disclosure published the technical details and a proof-of-concept (PoC) exploit code for CVE-2024-30085 – a Windows Cloud Files Mini Filter Driver...
View ArticleWordPress.org Free Services Suspended: What It Means for Users and Developers
Matt Mullenweg, WordPress co-founder and Automattic CEO, has pulled the plug on several key services for free WordPress.org users. New account registrations, plugin/theme submissions, and even photo...
View ArticleGlobal Cyber Collaboration Takes Down PlugX Worm
In an unprecedented effort to combat malware, the Sekoia Threat Detection & Research team spearheaded a campaign to disinfect thousands of systems infected with the PlugX worm. This malware,...
View Article