Academic researchers at VU Amsterdam university have recently uncovered a novel threat to modern CPUs, presenting a potential challenge to future products from industry giants Intel, AMD, and Arm. This newly identified attack, named SLAM (Spectre based on Linear Address…
WordPress administrators are facing a sophisticated email campaign that leverages fake WordPress security advisories to exploit a non-existent vulnerability, identified as CVE-2023-45124. Security experts from Wordfence and PatchStack have intercepted and reported this malicious campaign, aiming to raise awareness among…
Security researchers have uncovered critical vulnerabilities in the Unified Extensible Firmware Interface (UEFI) code used by various independent firmware/BIOS vendors (IBVs). These UEFI vulnerabilities, collectively named LogoFAIL by Binarly, pose a serious threat as they can be exploited by threat…
Apple has released emergency security updates to address two zero-day vulnerabilities that were actively exploited, bringing the total to 20 zero-days patched in the ongoing year. These vulnerabilities impacted a wide range of Apple devices, including iPhones, iPads, and Macs,…
Joint research by Corvus Insurance and Elliptic has exposed the nefarious exploits of the Russia-linked ransomware gang, Black Basta. Since its emergence in April 2022, this cybercrime syndicate has amassed a colossal $107 million in ransom payments from over 90…
Cybersecurity researchers at Arctic Wolf just uncovered a large-scale CACTUS ransomware campaign exploiting recently disclosed vulnerabilities in Qlik Sense. The latter is a cloud analytics and business intelligence platform. This attack is another instance where threat actors have utilized Qlik…
Cybersecurity researchers at Cybereason have uncovered that one of the latest variants of the notorious DJVU ransomware, dubbed Xaro, is utilizing cracked software as its distribution vector. It is worth noting that this is not the first case of DJVU…
A critical design flaw in Google Workspace’s domain-wide delegation (DWD) feature was just discovered, presenting a potential avenue for threat actors to escalate privileges and gain unauthorized access to Workspace APIs. Meet the DeleFriend Design Flaw in Google Cloud Platform…
SentinelOne has recently uncovered an intriguing evolution in the tactics employed by the Lazarus Group, the infamous North Korean hackers group. This revelation pertains specifically to the group’s orchestration of macOS malware campaigns, particularly the RustBucket and KANDYKORN strains, where…
In a groundbreaking international collaboration, law enforcement agencies from seven countries, working in tandem with Europol and Eurojust, have successfully apprehended the core members of a ransomware group operating out of Ukraine. This criminal network, responsible for debilitating cyberattacks on…
As we approach the end of 2023, it’s evident that this year has set new records in ransomware attacks. The first half of the year alone witnessed a staggering 49% increase in publicly disclosed attacks compared to the same period…
A recent development has sent shockwaves through the SEO community as the popular SEOStack Keyword Tool has been removed from the Chrome Web Store due to the discovery of malware. This revelation serves as a stark reminder of the importance…
The Kinsing threat actors recently started exploiting a critical security flaw in vulnerable Apache ActiveMQ servers (CVE-2023-46604). This strategic move allows them to infect Linux systems, deploying cryptocurrency miners and rootkits for illicit gains. The Adaptable Kinsing Threat Group Trend…
In a recent report, cybersecurity experts at Unciphered have exposed a new exploit called Randstorm, which poses a threat to Bitcoin wallets created between 2011 and 2015. This exploit allows for the potential recovery of passwords, leading to unauthorized access…
Researchers from Cisco Talos recently shed light on the latest ransomware activities orchestrated by the 8Base ransomware group. Leveraging a new variant of the notorious Phobos ransomware, these threat actors have been intensifying their financially motivated attacks, prompting cybersecurity experts…
In a recent revelation by the Google Threat Analysis Group (TAG), a critical zero-day flaw in the Zimbra Collaboration email software has become the focal point of real-world cyber attacks. Exploited by four distinct threat actors, these attacks aimed at…
VMware has issued a warning about a critical and unpatched vulnerability, tracked as CVE-2023-34060, in its Cloud Director platform. The flaw, with a severity score of 9.8 (CVSS), poses a significant risk by allowing a malicious actor to circumvent authentication…
The cybersecurity community is on high alert as the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) jointly issue an advisory on the growing threat posed…
Microsoft has released its November 2023 Patch Tuesday, addressing a total of 63 security vulnerabilities in its software. This comprehensive update includes fixes for three actively exploited vulnerabilities, emphasizing the company’s commitment to thwarting cyber threats. November 2023 Patch Tuesday:…
Intel has just addressed a high-severity CPU vulnerability codenamed Reptar (CVE-2023-23583), earning a CVSS score of 8.8. This flaw, capable of allowing escalation of privilege, information disclosure, and denial of service through local access, has prompted a rapid response from…
