Apple has taken measures to address two zero-day vulnerabilities detected in iOS, which were actively exploited in the wild. The tech giant promptly issued emergency security updates to patch the vulnerabilities. CVE-2024-23225 and CVE-2024-23296 Acknowledging the severity of the situation,…
A recent report by Group-IB has unveiled concerning statistics regarding compromised ChatGPT credentials. Between January and October 2023, over 225,000 logs containing these credentials were discovered on underground markets. These compromised credentials were identified within information stealer logs linked to…
Researchers from Palo Alto Networks’ Unit 42 have uncovered a new variant of the long-standing Bifrost remote access trojan (RAT) specifically targeting Linux systems. This latest iteration of Bifrost introduces several innovative evasion techniques, posing a significant challenge to detection…
The rise of generative AI has ushered in a new wave of cyber threats, particularly in the realm of mobile communication. Recent findings from Enea, a leading provider of network security solutions, shed light on the alarming vulnerability of enterprises…
Chinese PC manufacturer Acemagic recently found itself embroiled in controversy after admitting that some of its products were shipped with pre-installed malware. The revelation came to light when YouTuber The Net Guy discovered malware on Acemagic mini PCs during testing…
Cryptocurrency enthusiasts should be on the lookout, as malicious hackers are leveraging popular scheduling applications like Calendly to execute sophisticated scams. Recent reports highlight a concerning trend where attackers impersonate established cryptocurrency investors, initiating meetings through Calendly, ultimately leading to…
A concerning security vulnerability within a widely-used WordPress plugin, LiteSpeed Cache, has been detected. Tracked as CVE-2023-40000, this vulnerability has raised alarms due to its potential to enable unauthenticated users to escalate their privileges, posing significant risks to countless WordPress…
Cybersecurity and intelligence agencies from the Five Eyes nations have issued a joint advisory shedding light on the evolving tactics of the notorious Russian state-sponsored threat actor, APT29. This hacking entity, known by various aliases including BlueBravo, Cloaked Ursa, Cozy…
The revelation of a critical security loophole within the widely deployed WordPress plugin, Ultimate Member, has sent shockwaves through the online community. Tracked as CVE-2024-1071 and discovered by security researcher Christiaan Swiers, this vulnerability has a staggering CVSS score of…
Details have emerged about a high-severity security flaw in Apple‘s Shortcuts app. This vulnerability, tracked as CVE-2024-23204, has the potential to grant shortcuts unauthorized access to sensitive data without user consent. Apple Shortcuts is an automation application for macOS and…
Two authentication bypass vulnerabilities were uncovered in open-source Wi-Fi software utilized across Android, Linux, and ChromeOS devices. These vulnerabilities, identified as CVE-2023-52160 and CVE-2023-52161, present a concerning scenario where users could unwittingly connect to malicious networks or allow unauthorized access…
Fingerprint authentication has widespread adoption in identity verification systems owing to its speed and cost-efficiency. However, the risk of fingerprint leakage poses serious security concerns, as outlined in a new research paper called “PrintListener: Uncovering the Vulnerability of Fingerprint Authentication…
Law enforcement agencies from 11 countries have joined forces to dismantle the notorious LockBit ransomware operation in a collaborative effort known as Operation Cronos. This coordinated action marks a significant blow against cybercriminal activity, with the National Crime Agency of…
Google is rolling out a new feature aimed at thwarting malicious websites from exploiting vulnerabilities within users’ internal networks. This innovative safeguard is designed to shield devices such as printers and routers, traditionally deemed safe within home networks, from potential…
Among the latest developments in the field of ransomware innovations is the emergence of ‘MrAgent,’ a new tool unleashed by the RansomHouse ransomware operation. The tool is designed to automate the deployment of the data encrypter across multiple VMware ESXi…
A Chinese-speaking threat actor known as GoldFactory has emerged as a significant player, responsible for the development of highly sophisticated banking trojans. Among its arsenal is a previously undocumented iOS malware named GoldPickaxe, capable of extracting sensitive personal data including…
Microsoft has confirmed the exploitation of a critical security vulnerability in Exchange Server which was addressed in February 2024 Patch Tuesday. This acknowledgment comes just a day after the company issued fixes for the flaw as part of its routine…
Microsoft’s February 2024 Patch Tuesday is already a fact, bringing forth a number of security updates. This month’s release addresses a total of 73 flaws, with a particular focus on tackling two actively exploited zero-day vulnerabilities that have been causing…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added a vulnerability in the Roundcube email software to its Known Exploited Vulnerabilities (KEV). Identified as CVE-2023-43770 with a CVSS score of 6.1, this cross-site scripting (XSS) vulnerability has been actively…
Recent iterations of the Raspberry Robin malware have raised alarm among cybersecurity experts due to their increased stealth and utilization of one-day (n-day, or known) exploits targeting vulnerable systems. These exploits, designed to leverage recently patched vulnerabilities, capitalize on delays…
