Hackers Win $105,000 for Reporting Critical Security Flaws in Sonos One Speakers
Multiple security flaws uncovered in Sonos One wireless speakers could be potentially exploited to achieve information disclosure and remote code...
News
Beware of Ghost Sites: Silent Threat Lurking in Your Salesforce Communities
Improperly deactivated and abandoned Salesforce Sites and Communities (aka Experience Cloud) could pose severe risks to organizations, leading to unauthorized...
Microsoft Details Critical Apple macOS Vulnerability Allowing SIP Protection Bypass
Microsoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root...
Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining
A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency...
Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices
Cybersecurity researchers have found "backdoor-like behavior" within Gigabyte systems, which they say enables the UEFI firmware of the devices to...
6 Steps to Effectively Threat Hunting: Safeguard Critical Assets and Fight Cybercrime
Finding threat actors before they find you is key to beefing up your cyber defenses. How to do that efficiently...
Hackers Win $105,000 for Reporting Critical Security Flaws in Sonos One Speakers
Multiple security flaws uncovered in Sonos One wireless speakers could be potentially exploited to achieve information disclosure and remote code...
Implementing Risk-Based Vulnerability Discovery and Remediation
In this day and age, vulnerabilities in software and systems pose a considerable danger to businesses, which is why it...
6 Steps to Effective Threat Hunting: Safeguard Critical Assets and Fight Cybercrime
Finding threat actors before they find you is key to beefing up your cyber defenses. How to do that efficiently...
RomCom RAT Using Deceptive Web of Rogue Software Sites for Covert Attacks
The threat actors behind RomCom RAT are leveraging a network of fake websites advertising rogue versions of popular software at...
Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months
Enterprise security firm Barracuda on Tuesday disclosed that a recently patched zero-day flaw in its Email Security Gateway (ESG) appliances...
Microsoft Details Critical Apple macOS Vulnerability Allowing SIP Protection Bypass
Microsoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root...
Dark Pink APT Group Leverages TelePowerBot and KamiKakaBot in Sophisticated Attacks
The threat actor known as Dark Pink has been linked to five new attacks aimed at various entities in Belgium,...
Hackers Win $105,000 for Reporting Critical Security Flaws in Sonos One Speakers
Multiple security flaws uncovered in Sonos One wireless speakers could be potentially exploited to achieve information disclosure and remote code...
New GobRAT Remote Access Trojan Targeting Linux Routers in Japan
Linux routers in Japan are the target of a new Golang remote access trojan (RAT) called GobRAT. "Initially, the attacker...
New BrutePrint Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force
Researchers have discovered an inexpensive attack technique that could be leveraged to brute-force fingerprints on smartphones to bypass user authentication...
Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months
Enterprise security firm Barracuda on Tuesday disclosed that a recently patched zero-day flaw in its Email Security Gateway (ESG) appliances...
Android apps with spyware installed 421 million times from Google Play
A new Android malware distributed as an advertisement SDK has been discovered in multiple apps, many previously on Google Play...
WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection
The premium WordPress plugin 'Gravity Forms,' currently used by over 930,000 websites, is vulnerable to unauthenticated PHP Object Injection. Gravity...
WordPress force installs critical Jetpack patch on 5 million sites
Automattic, the company behind the open-source WordPress content management system, has started force installing a security patch on millions of...
Barracuda zero-day abused since 2022 to drop new malware, steal data
Image: Bing Image Creator Network and email security firm Barracuda today revealed that a recently patched zero-day vulnerability had been...
RomCom malware spread via Google Ads for ChatGPT, GIMP, more
A new campaign distributing the RomCom backdoor malware is impersonating the websites of well-known or fictional software, tricking users into...
Microsoft finds macOS bug that lets hackers bypass SIP root restrictions
Apple has recently addressed a vulnerability that lets attackers with root privileges bypass System Integrity Protection (SIP) to install "undeletable"...
US-CERT Vulnerability Summary for the Week of May 15, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
