MITRE Unveils Top 25 Most Dangerous Software Weaknesses of 2023: Are You at Risk?
MITRE has released its annual list of the Top 25 "most dangerous software weaknesses" for the year 2023. "These weaknesses...
News
MITRE releases new list of top 25 most dangerous software bugs
MITRE shared today this year's list of the top 25 most dangerous weaknesses plaguing software during the previous two years....
New EarlyRAT malware linked to North Korean Andariel hacking group
Security analysts have discovered a previously undocumented remote access trojan (RAT) named 'EarlyRAT,' used by Andariel, a sub-group of the...
Proton launches open-source password manager with some limitations
Proton AG has announced the global availability of Proton Pass, an open-source and free-to-use password manager available as a browser...
Pro-Russia DDoSia hacktivist project sees 2,400% membership increase
The pro-Russia crowdsourced DDoS (distributed denial of service) project, 'DDoSia,' has seen a massive 2,400% growth in less than a...
Criminal IP Unveils Bug Bounty Program to Boost User Safety, Security
Criminal IP, an OSINT-based CTI search engine provided by AI SPERA, has recently announced the introduction of a bug bounty...
US-CERT Vulnerability Summary for the Week of June 19, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
From MuddyC3 to PhonyC2: Iran’s MuddyWater Evolves with a New Cyber Weapon
The Iranian state-sponsored group dubbed MuddyWater has been attributed to a previously unseen command-and-control (C2) framework called PhonyC2 that's been...
Fluhorse: Flutter-Based Android Malware Targets Credit Cards and 2FA Codes
Cybersecurity researchers have shared the inner workings of an Android malware family called Fluhorse. The malware "represents a significant shift...
North Korean Hacker Group Andariel Strikes with New EarlyRat Malware
The North Korea-aligned threat actor known as Andariel leveraged a previously undocumented malware called EarlyRat in attacks exploiting the Log4j...
Android Spy App LetMeSpy Suffers Major Data Breach, Exposing Users’ Personal Data
Android-based phone monitoring app LetMeSpy has disclosed a security breach that allowed an unauthorized third-party to steal sensitive data associated...
The Right Way to Enhance CTI with AI (Hint: It’s the Data)
Cyber threat intelligence is an effective weapon in the ongoing battle to protect digital assets and infrastructure - especially when...
Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data
A previously undocumented Windows-based information stealer called ThirdEye has been discovered in the wild with capabilities to harvest sensitive data...
Critical Security Flaw in Social Login Plugin for WordPress Exposes Users’ Accounts
A critical security flaw has been disclosed in miniOrange's Social Login and Register plugin for WordPress that could enable a...
New Mockingjay process injection technique evades EDR detection
A new process injection technique named 'Mockingjay' could allow threat actors to bypass EDR (Endpoint Detection and Response) and other...
Just released: Session tracks for Mandiant’s 2023 mWISE event
Mark your calendar for mWISE™, the uniquely targeted, community-focused cybersecurity conference from Mandiant. It runs from September 18 – 20,...
8Base ransomware gang escalates double extortion attacks in June
A 8Base ransomware gang is targeting organizations worldwide in double-extortion attacks, with a steady stream of new victims since the...
Hundreds of devices found violating new CISA federal agency directive
Censys researchers have discovered hundreds of Internet-exposed devices on the networks of U.S. federal agencies that have to be secured...
EncroChat takedown led to 6,500 arrests and $979 million seized
Europol announced today that the takedown of the EncroChat encrypted mobile communications platform has led to the arrest of over...
Siemens Energy confirms data breach after MOVEit data-theft attack
Siemens Energy has confirmed that data was stolen during the recent Clop ransomware data-theft attacks using a zero-day vulnerability in...
NPM ecosystem at risk from “Manifest Confusion” attacks
The NPM (Node Package Manager) registry suffers from a security lapse called "manifest confusion," which undermines the trustworthiness of packages...
Exploit released for new Arcserve UDP auth bypass vulnerability
Data protection vendor Arcserve has addressed a high-severity security flaw in its Unified Data Protection (UDP) backup software that can...
Brave Browser boosts privacy with new local resources restrictions
The Brave team has announced that the privacy-centric browser will soon introduce new restriction controls allowing users to specify how...
Linux version of Akira ransomware targets VMware ESXi servers
The Akira ransomware operation uses a Linux encryptor to encrypt VMware ESXi virtual machines in double-extortion attacks against companies worldwide....
