The revelation of a critical security loophole within the widely deployed WordPress plugin, Ultimate Member, has sent shockwaves through the online community. Tracked as CVE-2024-1071 and discovered by security researcher Christiaan Swiers, this vulnerability has a staggering CVSS score of…
Details have emerged about a high-severity security flaw in Apple‘s Shortcuts app. This vulnerability, tracked as CVE-2024-23204, has the potential to grant shortcuts unauthorized access to sensitive data without user consent. Apple Shortcuts is an automation application for macOS and…
Two authentication bypass vulnerabilities were uncovered in open-source Wi-Fi software utilized across Android, Linux, and ChromeOS devices. These vulnerabilities, identified as CVE-2023-52160 and CVE-2023-52161, present a concerning scenario where users could unwittingly connect to malicious networks or allow unauthorized access…
A sophisticated malware campaign dubbed Migo was recently uncovered, strategically targeting Redis servers to infiltrate Linux hosts for cryptocurrency mining. This latest discovery sheds light on the evolving tactics of cybercriminals in exploiting cloud-based services for malicious purposes. Migo Malware:…
Fingerprint authentication has widespread adoption in identity verification systems owing to its speed and cost-efficiency. However, the risk of fingerprint leakage poses serious security concerns, as outlined in a new research paper called “PrintListener: Uncovering the Vulnerability of Fingerprint Authentication…
Law enforcement agencies from 11 countries have joined forces to dismantle the notorious LockBit ransomware operation in a collaborative effort known as Operation Cronos. This coordinated action marks a significant blow against cybercriminal activity, with the National Crime Agency of…
Google is rolling out a new feature aimed at thwarting malicious websites from exploiting vulnerabilities within users’ internal networks. This innovative safeguard is designed to shield devices such as printers and routers, traditionally deemed safe within home networks, from potential…
Among the latest developments in the field of ransomware innovations is the emergence of ‘MrAgent,’ a new tool unleashed by the RansomHouse ransomware operation. The tool is designed to automate the deployment of the data encrypter across multiple VMware ESXi…
A Chinese-speaking threat actor known as GoldFactory has emerged as a significant player, responsible for the development of highly sophisticated banking trojans. Among its arsenal is a previously undocumented iOS malware named GoldPickaxe, capable of extracting sensitive personal data including…
Microsoft has confirmed the exploitation of a critical security vulnerability in Exchange Server which was addressed in February 2024 Patch Tuesday. This acknowledgment comes just a day after the company issued fixes for the flaw as part of its routine…
Microsoft’s February 2024 Patch Tuesday is already a fact, bringing forth a number of security updates. This month’s release addresses a total of 73 flaws, with a particular focus on tackling two actively exploited zero-day vulnerabilities that have been causing…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added a vulnerability in the Roundcube email software to its Known Exploited Vulnerabilities (KEV). Identified as CVE-2023-43770 with a CVSS score of 6.1, this cross-site scripting (XSS) vulnerability has been actively…
Recent iterations of the Raspberry Robin malware have raised alarm among cybersecurity experts due to their increased stealth and utilization of one-day (n-day, or known) exploits targeting vulnerable systems. These exploits, designed to leverage recently patched vulnerabilities, capitalize on delays…
Security researchers have uncovered a new sophisticated backdoor targeting macOS and dubbed RustDoor also known as Trojan.MAC.RustDoor. Operative since November 2023, this malicious software, identified by Bitdefender, operates under the guise of a Microsoft Visual Studio update, posing a grave…
Hyundai Motor Europe, the European division of Hyundai Motor Company, headquartered in Germany, has fallen victim to a devastating double extortion ransomware attack. The attack, perpetrated by the Black Basta ransomware gang, has resulted in the theft of three terabytes…
Fortinet has recently uncovered a critical security vulnerability, designated as CVE-2024-21762, within its FortiOS SSL VPN software. This flaw, with a severity score of 9.6 on the CVSS scale, enables remote attackers to execute arbitrary code or commands via specially…
The developers behind shim, the essential software component utilized as a first-stage boot loader on UEFI systems, have recently unveiled version 15.8, aiming to rectify six security vulnerabilities. Among them, a critical bug poses a severe threat, potentially enabling remote…
JetBrains, the renowned developer of integrated development environments, has issued a critical alert urging all customers to update their TeamCity On-Premises servers. CVE-2024-23917 Should Be Patched Urgently The urgency stems from a severe authentication bypass vulnerability, tracked as CVE-2024-23917, discovered…
Trustwave SpiderLabs’ recent report uncovered the usage of fake Facebook job ads to lure victims into installing a new Windows-based stealer malware called Ov3r_Stealer. Ov3r_Stealer Malware Modus Operandi Ov3r_Stealer is a multifaceted malware designed to steal sensitive information such as…
A critical server-side request forgery vulnerability (CVE-2024-21893), affecting Ivanti Connect Secure and Policy Secure products has been exploited at an alarming scale, raising significant concerns in the cybersecurity community. The Shadowserver Foundation reported a surge in exploitation attempts, originating from…
