GitLab Releases Urgent Security Patches for Critical Vulnerability
GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user....
News
Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys
Cybersecurity researchers have discovered a fresh batch of malicious packages in the npm package registry that are designed to exfiltrate...
Signal Messenger Introduces PQXDH Quantum-Resistant Encryption
Encrypted messaging app Signal has announced an update to the Signal Protocol to add support for quantum resistance by upgrading...
Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT
Chinese-language speakers have been increasingly targeted as part of multiple email phishing campaigns that aim to distribute various malware families...
BlackCat ransomware hits Azure Storage with Sphynx encryptor
Image: Midjourney The BlackCat (ALPHV) ransomware gang now uses stolen Microsoft accounts and the recently spotted Sphynx encryptor to encrypt...
TikTok flooded by ‘Elon Musk’ cryptocurrency giveaway scams
TikTok is flooded by a surge of fake cryptocurrency giveaways posted to the video-sharing platform, with almost all of the...
New SprySOCKS Linux malware used in cyber espionage attacks
A Chinese espionage-focused hacker tracked as 'Earth Lusca' was observed targeting government agencies in multiple countries, using a new Linux...
Thousands of Juniper devices vulnerable to unauthenticated RCE flaw
An estimated 12,000 Juniper SRX firewalls and EX switches are vulnerable to a fileless remote code execution flaw that attackers...
Are your end-users’ passwords compromised? Here’s how to check.
Passwords have long been used as the primary gatekeepers of digital security, yet they can also be a weak link...
Bumblebee malware returns in new attacks abusing WebDAV folders
The malware loader 'Bumblebee' has broken its two-month vacation with a new campaign that employs new distribution techniques that abuse...
APT36 state hackers infect Android devices using YouTube app clones
The APT36 hacking group, aka 'Transparent Tribe,' has been observed using at least three Android apps that mimic YouTube to infect...
Hackers backdoor telecom providers with new HTTPSnoop malware
New malware named HTTPSnoop and PipeSnoop are used in cyberattacks on telecommunication service providers in the Middle East, allowing threat...
Claimants in Celsius crypto bankruptcy targeted in phishing attack
Scammers are impersonating the bankruptcy claim agent for crypto lender Celsius in phishing attacks that attempt to steal funds from...
GitLab urges users to install security updates for critical pipeline flaw
GitLab has released security updates to address a critical severity vulnerability that allows attackers to run pipelines as other users...
Hackers breached International Criminal Court’s systems last week
The International Criminal Court (ICC) disclosed a cyberattack on Tuesday after discovering last week that its systems had been breached....
Trend Micro fixes endpoint protection zero-day used in attacks
Trend Micro fixed a remote code execution zero-day vulnerability in the Trend Micro's Apex One endpoint protection solution that was actively exploited...
Microsoft AI Researchers Leak 38TB of Private Data
Microsoft accidentally revealed a huge trove of sensitive internal information dating back over three years via a public GitHub repository,...
Clorox Struggling to Recover From August Cyber-Attack
A leading US manufacturer of cleaning products has admitted its operations are still experiencing major disruption after the firm experienced...
#mWISE: FBI Director Urges Greater Private-Public Collaboration Against Cybercrime
“I’m here to recruit you.” Was Christopher Wray, director of the FBI, really joking when he said that hiring people...
Threat Actor Claims Major TransUnion Data Breach
A notorious threat actor linked to previous big-name breaches has released several gigabytes of personal data stolen from credit agency...
#mWISE: Chinese Cyber Power Bigger Than the Rest of the World Combined
While most people won’t be surprised to hear that China is investing heavily in cybersecurity, the extent of the country’s...
Chinese Group Exploiting Linux Backdoor to Target Governments
A Chinese-linked threat actor known as ‘Earth Lusca’ has been conducting cyber espionage campaigns against governments around the world via...
US-CERT Vulnerability Summary for the Week of September 11, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infowibu -- codemeter_runtime A heap buffer overflow vulnerability in Wibu CodeMeter Runtime...
ShroudedSnooper’s HTTPSnoop Backdoor Targets Middle East Telecom Companies
Telecommunication service providers in the Middle East are the target of a new intrusion set dubbed ShroudedSnooper that employs a...
