TL;DR: MITRE CVE Program Funding Expiration – What CISOs Must Know
Apr 17, 2025
Categories
Top Articles
BidenCash Dark Web Market Leaks Nearly One Million Credit Cards
Apr 16, 2025
BreachForums is Offline: A New Twist or Just Another Cyber Shenanigan?
Apr 16, 2025
Critical Fortinet Vulnerability (CVE-2024-48887) Puts FortiSwitch Admin Credentials at Risk
Apr 10, 2025
April 2025 Patch Tuesday: Microsoft Addresses 126 Vulnerabilities Including Actively Exploited CLFS Zero-Day
Apr 09, 2025
Jan 10, 2025
Major Cyber Attacks in Review: December 2024
Major Cyber Attacks in Review: December 2024 December 2024 saw a series of significant cyber attacks that targeted multiple industries, from healthcare to telecommunications. Ransomware groups like Bl...
Learn More
Jan 09, 2025
Ivanti Zero-Day Exploited in Connect Secure, SonicWall SSL VPN and SSH...
Ivanti Zero-Day Exploited in Connect Secure, SonicWall SSL VPN and SSH Vulnerabilities, KerioControl Flaw [Update] February 17, 2025: “SPAWNCHIMERA Malware Actively Exploiting CVE-2025-0282̶...
Learn More
Jan 08, 2025
Gravy Analytics Breach Puts Millions of Location Records at Risk and H...
Gravy Analytics Breach Puts Millions of Location Records at Risk and Highlights Privacy Threats In an alarming security event, Gravy Analytics, a location data broker, has allegedly fallen victim to a...
Learn More
Jan 07, 2025
Turla Cyber Campaign Targeting Pakistan's Critical Infrastructure
Turla Cyber Campaign Targeting Pakistan’s Critical Infrastructure Among the most notorious cyber threat actors, the Turla group has garnered attention for its sophisticated and complex cyber att...
Learn More
Jan 06, 2025
Black Basta’s Tactical Evolution: Deploying Zbot, DarkGate, and Bespok...
Black Basta’s Tactical Evolution: Deploying Zbot, DarkGate, and Bespoke Malware In the ever-escalating landscape of cyber threats, Black Basta has emerged as a formidable ransomware group, continually...
Learn More
Jan 03, 2025
Cerberus Unchained: The Multi-Stage Trojan Banking Campaign Targeting ...
Cerberus Unchained: The Multi-Stage Trojan Banking Campaign Targeting Android Devices The Cerberus Android banking trojan has reemerged in a sophisticated multi-stage attack campaign targeting banking...
Learn More
Jan 03, 2025
The WarmCookie Malware Campaign: A Sneaky Threat Posed by Fake Browser...
The WarmCookie Malware Campaign: A Sneaky Threat Posed by Fake Browser Updates The WarmCookie malware campaign poses a significant threat by deceiving users into downloading malicious software under t...
Learn More
Jan 02, 2025
Critical Vulnerabilities in Progress WhatsUp Gold (CVE-2024-12108, CVE...
Critical Vulnerabilities in Progress WhatsUp Gold (CVE-2024-12108, CVE-2024-12106); PoC Available for Oracle WebLogic Flaw Three severe vulnerabilities have recently been uncovered in WhatsUp Gold, a ...
Learn More
Dec 31, 2024
ClickFix Campaign: Fake Google Meet Alerts Spread Malware Across Windo...
ClickFix Campaign: Fake Google Meet Alerts Spread Malware Across Windows and macOS The ClickFix campaign represents a sophisticated use of social engineering to deploy malware across both Windows and ...
Learn More
Dec 31, 2024
Water Makara Campaign: A Sophisticated Spear-Phishing Attack on Brazil...
Water Makara Campaign: A Sophisticated Spear-Phishing Attack on Brazilian Enterprises The Water Makara campaign is a highly sophisticated spear-phishing attack aimed specifically at Brazilian organiza...
Learn More
Dec 31, 2024
Chinese State-Sponsored Threat Actors Breach U.S. Treasury Department ...
Chinese State-Sponsored Threat Actors Breach U.S. Treasury Department in Major Cybersecurity Incident [Update] January 7, 2025: “CISA Provides Update on U.S. Treasury Breach” Chinese state-sponsored ...
Learn More
Dec 31, 2024
Four-Faith Routers Exploited Through CVE-2024-12856 Vulnerability
Four-Faith Routers Exploited Through CVE-2024-12856 Vulnerability A newly discovered vulnerability, tracked as CVE-2024-12856, is actively being exploited in Four-Faith routers. This vulnerability all...
Learn More
Dec 30, 2024
Phishing Attack Compromises Cyberhaven’s Chrome Extension, Impacts Tho...
Phishing Attack Compromises Cyberhaven’s Chrome Extension, Impacts Thousands – What You Need to Know [Update] January 2, 2025: “New Details on the Chrome Extension Phishing Attack” A significant cyber...
Learn More
Dec 27, 2024
Severe Vulnerability in Palo Alto Networks PAN-OS Exposes Firewalls to...
Severe Vulnerability in Palo Alto Networks PAN-OS Exposes Firewalls to Denial of Service (CVE-2024-3393) [Update] December 31, 2024: CVE-2024-3393 has been added to the CISA KEV catalog* Palo Alto Net...
Learn More
Dec 25, 2024
DarkVision RAT: A Persistent Threat Delivered via PureCrypter
DarkVision RAT: A Persistent Threat Delivered via PureCrypter The DarkVision RAT malware campaign leverages the PureCrypter loader to infiltrate networks and compromise data across multiple sectors. D...
Learn More
Dec 24, 2024
Severe Path Traversal Vulnerability in Adobe ColdFusion (CVE-2024-5396...
Severe Path Traversal Vulnerability in Adobe ColdFusion (CVE-2024-53961), Update Now A critical vulnerability in Adobe ColdFusion versions 2023 and 2021 has prompted urgent security updates. Alarmingl...
Learn More
Dec 20, 2024
BeyondTrust Security Incident — Command Injection and Escalation Weakn...
BeyondTrust Security Incident — Command Injection and Escalation Weaknesses (CVE-2024-12356, CVE-2024-12686) [Update] January 14, 2025: “CVE-2024-12686 Enters the KEV Catalog” BeyondTrust’...
Learn More
Dec 20, 2024
Sophos Firewall Update Resolves RCE and Privilege Escalation Vulnerabi...
Sophos Firewall Update Resolves RCE and Privilege Escalation Vulnerabilities (CVE-2024-12727, CVE-2024-12728, CVE-2024-12729) Recent security patches for Sophos Firewall address several serious vulner...
Learn More
Dec 19, 2024
Critical Path Traversal in FortiWLM (CVE-2023-34990) Permits Code Exec...
Critical Path Traversal in FortiWLM (CVE-2023-34990) Permits Code Execution; Next.js Auth Bypass (CVE-2024-51479) Fortinet and the popular React framework Next.js have recently addressed serious secur...
Learn More
Dec 19, 2024
The Year of Takedowns: Significant Law Enforcement Operations of 2024
The Year of Takedowns: Significant Law Enforcement Operations of 2024 As 2024 comes to a close, the global fight against cybercrime has witnessed a series of groundbreaking law enforcement operations ...
Learn More
