Complex RCE Vulnerability (CVE-2023-39143) in PaperCut Application Ser...
Complex RCE Vulnerability (CVE-2023-39143) in PaperCut Application Servers PaperCut NG and PaperCut MF are extensively utilized software solutions for print management servers. CVE-2023-39143 refers t...
Critical Microsoft Power Platform Vulnerability: Proactive Security Me...
Critical Microsoft Power Platform Vulnerability: Proactive Security Methods to Prevent Exploitation Microsoft fixed a critical vulnerability in its Power Platform after facing criticism for the delaye...
Threat Actors Employ New Phishing Tactic Using Google AMP
Threat Actors Employ New Phishing Tactic Using Google AMP Researchers have uncovered a highly effective phishing tactic, which utilizes Google AMP (Accelerated Mobile Pages). Google AMP is an open-sou...
Living Off the Land (LOTL): The Invisible Cyber Threat Lurking in Your...
Living Off the Land (LOTL): The Invisible Cyber Threat Lurking in Your System [Update] January 10, 2024: “Countering Living Off the Land (LOTL) Attack Methods with AI and ML” ...
Top 10 Ransomware Demands
Top 10 Ransomware Demands In cyberspace, few threats rival ransomware attacks’ pervasive and destructive nature. As our interconnected world grows, these digital extortionists demonstrate unpara...
P2Pinfect: A Worm-Like Botnet Malware Targeting Redis Deployments
P2Pinfect: A Worm-Like Botnet Malware Targeting Redis Deployments Researchers have identified an unknown group of hackers employing a novel strain of malware named “P2Pinfect” to target pu...
DepositFiles Config File Exposes Multiple Databases: Users’ Privacy at...
DepositFiles Config File Exposes Multiple Databases: Users’ Privacy at Risk DepositFiles, a well-known web hosting service, left its environment configuration file publicly accessible, leading to unau...
Android Vulnerabilities That Do Not Get Fixed Function as a Zero-Day
Android Vulnerabilities That Do Not Get Fixed Function as a Zero-Day Maddie Stone of Google’s Threat Analysis Group (TAG) authored the fourth annual year-in-review of zero-day vulnerabilities that att...
Collective Security in Cyberspace with NATO
Collective Security in Cyberspace with NATO The North Atlantic Treaty Organization (NATO) is an intergovernmental military alliance formed to ensure collective defense and security for its member nati...
New Advanced Attack Technique Exploiting “search-ms” URI Protocol Hand...
New Advanced Attack Technique Exploiting “search-ms” URI Protocol Handler The Windows operating system boasts a robust search feature for locating files and folders; there also is a less-known element...
Nitrogen: A Malware Campaign Leveraging Search Ads
Nitrogen: A Malware Campaign Leveraging Search Ads Researchers have uncovered a new initial access malware campaign dubbed “Nitrogen”. This campaign employs Google and Bing search ads to promote fake ...
The Phishing Risks of Twitter's Name Change to X
The Phishing Risks of Twitter’s Name Change to X In today’s digital playground, social media swings both ways, offering a fun-filled space for individuals to connect and share, while also ...
Russia-Linked APT Group Gamaredon Starting Extortion 30-50 Minutes Aft...
Russia-Linked APT Group Gamaredon Starting Extortion 30-50 Minutes After First Initial Access The threat group, Gamaredon, linked to Russia, has been observed engaging in data exfiltration activities ...
VMware Responses to the Critical CVE-2023-20891 Vulnerability Exposing...
VMware Responses to the Critical CVE-2023-20891 Vulnerability Exposing CF API Admin Credentials Virtual machines have revolutionized the world of cybersecurity, offering a myriad of benefits to cybers...
RCE Vulnerability in OpenSSH’s SSH-Agent Forwarding: CVE-2023-38408
RCE Vulnerability in OpenSSH’s SSH-Agent Forwarding: CVE-2023-38408 SSH-Agent is a widely used program that holds private keys for public key authentication, providing a secure and convenient way to l...
Critical Zero-Day in Ivanti EPMM (Formerly MobileIron Core) Is Activel...
Critical Zero-Day in Ivanti EPMM (Formerly MobileIron Core) Is Actively Exploited (CVE-2023-35078) Ivanti, a U.S. IT software company, has resolved an actively exploited zero-day authentication bypass...
Critical Vulnerabilities in Atlassian and Apple Products: Apple Zero-D...
Critical Vulnerabilities in Atlassian and Apple Products: Apple Zero-Day Actively Exploited (CVE-2023-38606) Atlassian and Apple have each promptly addressed critical vulnerabilities threatening their...
Zero-Days (CVE-2023-26077, CVE-2023-26078) in Atera Windows Installers
Zero-Days (CVE-2023-26077, CVE-2023-26078) in Atera Windows Installers Recent revelations have exposed critical zero-day vulnerabilities in Atera Windows installers. Cyber attackers could potentially ...
Google Partially Patches Cloud Build’s Critical Design Flaw: Bad.Build...
Google Partially Patches Cloud Build’s Critical Design Flaw: Bad.Build Researchers discovered a critical security design flaw in Google Cloud Build, which they dubbed as “Bad.Build”. The d...
First-Known Targeted Open-Source Supply Chain Attacks Strike the Banki...
First-Known Targeted Open-Source Supply Chain Attacks Strike the Banking Sector The cybersecurity threat landscape continues to witness new and sophisticated threats, and the banking sector is no exce...