Cisco unveiled patches aimed at rectifying a high-severity security flaw discovered within its Secure Client software. This vulnerability, identified as CVE-2024-20337, poses a significant risk, allowing malicious actors to exploit it for unauthorized access to VPN sessions of targeted users.…
A new threat has emerged targeting unsuspecting Facebook users. Dubbed “Snake,” this Python-based information stealer is engineered to infiltrate systems and capture sensitive data through Facebook messages. Python-based Snake Info Stealer Variants in the Wild According to Cybereason researcher Kotaro…
Apple has taken measures to address two zero-day vulnerabilities detected in iOS, which were actively exploited in the wild. The tech giant promptly issued emergency security updates to patch the vulnerabilities. CVE-2024-23225 and CVE-2024-23296 Acknowledging the severity of the situation,…
A recent report by Group-IB has unveiled concerning statistics regarding compromised ChatGPT credentials. Between January and October 2023, over 225,000 logs containing these credentials were discovered on underground markets. These compromised credentials were identified within information stealer logs linked to…
Researchers from Palo Alto Networks’ Unit 42 have uncovered a new variant of the long-standing Bifrost remote access trojan (RAT) specifically targeting Linux systems. This latest iteration of Bifrost introduces several innovative evasion techniques, posing a significant challenge to detection…
The rise of generative AI has ushered in a new wave of cyber threats, particularly in the realm of mobile communication. Recent findings from Enea, a leading provider of network security solutions, shed light on the alarming vulnerability of enterprises…
Chinese PC manufacturer Acemagic recently found itself embroiled in controversy after admitting that some of its products were shipped with pre-installed malware. The revelation came to light when YouTuber The Net Guy discovered malware on Acemagic mini PCs during testing…
Cryptocurrency enthusiasts should be on the lookout, as malicious hackers are leveraging popular scheduling applications like Calendly to execute sophisticated scams. Recent reports highlight a concerning trend where attackers impersonate established cryptocurrency investors, initiating meetings through Calendly, ultimately leading to…
A concerning security vulnerability within a widely-used WordPress plugin, LiteSpeed Cache, has been detected. Tracked as CVE-2023-40000, this vulnerability has raised alarms due to its potential to enable unauthenticated users to escalate their privileges, posing significant risks to countless WordPress…
Cybersecurity and intelligence agencies from the Five Eyes nations have issued a joint advisory shedding light on the evolving tactics of the notorious Russian state-sponsored threat actor, APT29. This hacking entity, known by various aliases including BlueBravo, Cloaked Ursa, Cozy…
The revelation of a critical security loophole within the widely deployed WordPress plugin, Ultimate Member, has sent shockwaves through the online community. Tracked as CVE-2024-1071 and discovered by security researcher Christiaan Swiers, this vulnerability has a staggering CVSS score of…
Details have emerged about a high-severity security flaw in Apple‘s Shortcuts app. This vulnerability, tracked as CVE-2024-23204, has the potential to grant shortcuts unauthorized access to sensitive data without user consent. Apple Shortcuts is an automation application for macOS and…
Two authentication bypass vulnerabilities were uncovered in open-source Wi-Fi software utilized across Android, Linux, and ChromeOS devices. These vulnerabilities, identified as CVE-2023-52160 and CVE-2023-52161, present a concerning scenario where users could unwittingly connect to malicious networks or allow unauthorized access…
A sophisticated malware campaign dubbed Migo was recently uncovered, strategically targeting Redis servers to infiltrate Linux hosts for cryptocurrency mining. This latest discovery sheds light on the evolving tactics of cybercriminals in exploiting cloud-based services for malicious purposes. Migo Malware:…
Fingerprint authentication has widespread adoption in identity verification systems owing to its speed and cost-efficiency. However, the risk of fingerprint leakage poses serious security concerns, as outlined in a new research paper called “PrintListener: Uncovering the Vulnerability of Fingerprint Authentication…
Law enforcement agencies from 11 countries have joined forces to dismantle the notorious LockBit ransomware operation in a collaborative effort known as Operation Cronos. This coordinated action marks a significant blow against cybercriminal activity, with the National Crime Agency of…
Google is rolling out a new feature aimed at thwarting malicious websites from exploiting vulnerabilities within users’ internal networks. This innovative safeguard is designed to shield devices such as printers and routers, traditionally deemed safe within home networks, from potential…
Among the latest developments in the field of ransomware innovations is the emergence of ‘MrAgent,’ a new tool unleashed by the RansomHouse ransomware operation. The tool is designed to automate the deployment of the data encrypter across multiple VMware ESXi…
A Chinese-speaking threat actor known as GoldFactory has emerged as a significant player, responsible for the development of highly sophisticated banking trojans. Among its arsenal is a previously undocumented iOS malware named GoldPickaxe, capable of extracting sensitive personal data including…
Microsoft has confirmed the exploitation of a critical security vulnerability in Exchange Server which was addressed in February 2024 Patch Tuesday. This acknowledgment comes just a day after the company issued fixes for the flaw as part of its routine…
