A newly identified denial-of-service attack, named Loop DoS, is causing concerns among cybersecurity experts. This sophisticated attack targets application layer protocols and can lead to large-scale traffic disruptions by creating indefinite communication loops between network services. Researchers at the CISPA…
A sophisticated phishing campaign against U.S. organizations has been deploying a remote access trojan known as NetSupport RAT. Dubbed “Operation PhantomBlu,” the activity has been closely monitored by Israeli cybersecurity firm Perception Point. According to security researcher Ariel Davidpur, the…
A DarkGate malware campaign observed in mid-January 2024 has highlighted the exploitation of a recently patched security flaw in Microsoft Windows as a zero-day vulnerability, utilizing counterfeit software installers to propagate its nefarious payload. Trend Micro reported that during this…
In a recent cyber attack on Nissan Oceania’s systems, around 100,000 individuals in Australia and New Zealand have fallen victim to data theft, possibly orchestrated by the notorious Akira ransomware gang. The breach, which occurred in December 2023, has left…
Microsoft has rolled out its latest batch of security fixes for March 2024 Patch Tuesday, addressing a total of 59 CVE-numbered vulnerabilities. The good news is that none of these vulnerabilities are currently known to be publicly exploited, offering a…
A financially motivated cyber threat, dubbed “Magnet Goblin” by Check Point researchers, is leveraging known vulnerabilities in on public-facing services to distribute tailored malware to unpatched Windows and Linux systems. The Magnet Goblin threat actor, known for their persistent activity,…
The French Prime Minister’s office declared on Monday that several government agencies had fallen victim to severe cyberattacks of “intense” magnitude, commencing late Sunday night. While the precise nature of these assaults remains unconfirmed, indications point towards distributed-denial-of-service (DDoS) attacks…
Cisco unveiled patches aimed at rectifying a high-severity security flaw discovered within its Secure Client software. This vulnerability, identified as CVE-2024-20337, poses a significant risk, allowing malicious actors to exploit it for unauthorized access to VPN sessions of targeted users.…
A new threat has emerged targeting unsuspecting Facebook users. Dubbed “Snake,” this Python-based information stealer is engineered to infiltrate systems and capture sensitive data through Facebook messages. Python-based Snake Info Stealer Variants in the Wild According to Cybereason researcher Kotaro…
Apple has taken measures to address two zero-day vulnerabilities detected in iOS, which were actively exploited in the wild. The tech giant promptly issued emergency security updates to patch the vulnerabilities. CVE-2024-23225 and CVE-2024-23296 Acknowledging the severity of the situation,…
A recent report by Group-IB has unveiled concerning statistics regarding compromised ChatGPT credentials. Between January and October 2023, over 225,000 logs containing these credentials were discovered on underground markets. These compromised credentials were identified within information stealer logs linked to…
Researchers from Palo Alto Networks’ Unit 42 have uncovered a new variant of the long-standing Bifrost remote access trojan (RAT) specifically targeting Linux systems. This latest iteration of Bifrost introduces several innovative evasion techniques, posing a significant challenge to detection…
The rise of generative AI has ushered in a new wave of cyber threats, particularly in the realm of mobile communication. Recent findings from Enea, a leading provider of network security solutions, shed light on the alarming vulnerability of enterprises…
Chinese PC manufacturer Acemagic recently found itself embroiled in controversy after admitting that some of its products were shipped with pre-installed malware. The revelation came to light when YouTuber The Net Guy discovered malware on Acemagic mini PCs during testing…
Cryptocurrency enthusiasts should be on the lookout, as malicious hackers are leveraging popular scheduling applications like Calendly to execute sophisticated scams. Recent reports highlight a concerning trend where attackers impersonate established cryptocurrency investors, initiating meetings through Calendly, ultimately leading to…
A concerning security vulnerability within a widely-used WordPress plugin, LiteSpeed Cache, has been detected. Tracked as CVE-2023-40000, this vulnerability has raised alarms due to its potential to enable unauthenticated users to escalate their privileges, posing significant risks to countless WordPress…
Cybersecurity and intelligence agencies from the Five Eyes nations have issued a joint advisory shedding light on the evolving tactics of the notorious Russian state-sponsored threat actor, APT29. This hacking entity, known by various aliases including BlueBravo, Cloaked Ursa, Cozy…
The revelation of a critical security loophole within the widely deployed WordPress plugin, Ultimate Member, has sent shockwaves through the online community. Tracked as CVE-2024-1071 and discovered by security researcher Christiaan Swiers, this vulnerability has a staggering CVSS score of…
Details have emerged about a high-severity security flaw in Apple‘s Shortcuts app. This vulnerability, tracked as CVE-2024-23204, has the potential to grant shortcuts unauthorized access to sensitive data without user consent. Apple Shortcuts is an automation application for macOS and…
Two authentication bypass vulnerabilities were uncovered in open-source Wi-Fi software utilized across Android, Linux, and ChromeOS devices. These vulnerabilities, identified as CVE-2023-52160 and CVE-2023-52161, present a concerning scenario where users could unwittingly connect to malicious networks or allow unauthorized access…
