GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access
GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow...
News
CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk...
US-CERT Vulnerability Summary for the Week of October 7, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns
New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a...
New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT
Cybersecurity researchers have disclosed a new malware campaign that leverages a malware loader named PureCrypter to deliver a commodity remote...
New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists
North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal...
The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short
In recent years, the number and sophistication of zero-day vulnerabilities have surged, posing a critical threat to organizations of all...
China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns
China's National Computer Virus Emergency Response Center (CVERC) has doubled down on claims that the threat actor known as the...
WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites
The maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allow...
Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates
Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates....
Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems
Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet,...
THN Cybersecurity Recap: Top Threats, Tools and Trends (Oct 7 – Oct 13)
Hey there, it's your weekly dose of "what the heck is going on in cybersecurity land" – and trust me,...
Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration
A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to...
5 Steps to Boost Detection and Response in a Multi-Layered Cloud
The link between detection and response (DR) practices and cloud security has historically been weak. As global organizations increasingly adopt...
How Hybrid Password Attacks Work and How to Defend Against Them
Threat actors constantly change tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks merge...
OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf
The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel...
Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware
Threat actors are actively attempting to exploit a now-patched security flaw in Veeam Backup & Replication to deploy Akira and...
GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks
A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages...
FBI Creates Fake Cryptocurrency to Expose Widespread Crypto Market Manipulation
The U.S. Department of Justice (DoJ) has announced arrests and charges against several individuals and entities in connection with allegedly...
Mozilla Products Remote Code Execution Vulnerability
A vulnerability was identified in Mozilla Products. A remote attacker could exploit this vulnerability to trigger remote code execution on...
US Border Agency Faces Criticism Over CBP One App’s Personal Data Management
The controversy surrounding the US Customs and Border Protection (CBP) agency highlights critical concerns with its border control app, CBP...
156% Increase in Malicious Open Source Software Packages Reported by Sonatype
Sonatype's latest findings reveal a troubling 156% rise in malicious open source software (OSS) packages as usage surges dramatically. As...
SVR Cyber Espionage: Targeting Zimbra and TeamCity Servers
In a concerning development, hackers affiliated with Russia's Foreign Intelligence Service (SVR) have been actively spying on global entities, including...
Critical Veeam Vulnerability Under Active Exploitation Warns NHS England
NHS England has issued a warning about a critical vulnerability in Veeam Backup & Replication, which is currently being exploited...
