VMware fixes critical zero-day exploit chain used at Pwn2Own
VMware has released security updates to address zero-day vulnerabilities that could be chained to gain code execution systems running unpatched...
News
New SLP bug can lead to massive 2,200x DDoS amplification attacks
A new reflective Denial-of-Service (DoS) amplification vulnerability in the Service Location Protocol (SLP) allows threat actors to launch massive denial-of-service...
TP-Link Archer WiFi router flaw exploited by Mirai malware
The Mirai malware botnet is actively exploiting a TP-Link Archer A21 (AX1800) WiFi router vulnerability tracked as CVE-2023-1389 to incorporate...
US-CERT Vulnerability Summary for the Week of April 17, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks
Details have emerged about a high-severity security vulnerability impacting Service Location Protocol (SLP) that could be weaponized to launch volumetric...
Iranian Hackers Launch Sophisticated Attacks Targeting Israel with PowerLess Backdoor
An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that's designed to...
Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware
A financially-motivated North Korean threat actor is suspected to be behind a new Apple macOS malware strain called RustBucket. "...
Google Cloud Introduces Security AI Workbench for Faster Threat Detection and Analysis
Google's cloud division is following in the footsteps of Microsoft with the launch of Security AI Workbench that leverages generative...
Modernizing Vulnerability Management: The Move Toward Exposure Management
Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present...
Google Authenticator App Gets Cloud Backup Feature for TOTP Codes
Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an...
Yellow Pages Canada confirms cyber attack as Black Basta leaks data
Yellow Pages Group, a Canadian directory publisher has confirmed to BleepingComputer that it has been hit by a cyber attack. Black...
Microsoft 365 search outage affects Outlook, Teams, and SharePoint
Microsoft is investigating an ongoing issue preventing some customers from using the search functionality across multiple Microsoft 365 services. The...
APC warns of critical unauthenticated RCE flaws in UPS software
APC's Easy UPS Online Monitoring Software is vulnerable to unauthenticated arbitrary remote code execution, allowing hackers to take over devices...
KuCoin’s Twitter account hacked to promote crypto scam
KuCoin's Twitter account was hacked, allowing attackers to promote a fake giveaway scam that led to the theft of over...
Intel CPUs vulnerable to new transient execution side-channel attack
A new side-channel attack impacting multiple generations of Intel CPUs has been discovered, allowing data to be leaked through the...
VirusTotal now has an AI-powered malware analysis feature
VirusTotal announced on Monday the launch of a new artificial intelligence-based code analysis feature named Code Insight. The new feature...
Exploit released for PaperCut flaw abused to hijack servers, patch now
Attackers are exploiting severe vulnerabilities in the widely-used PaperCut MF/NG print management software to install Atera remote management software to...
US-CERT Vulnerability Summary for the Week of April 10, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering
The Russian-speaking threat actor behind a backdoor known as Tomiris is primarily focused on gathering intelligence in Central Asia, fresh...
Ransomware Hackers Using AuKill Tool to Disable EDR Software Using BYOVD Attack
Threat actors are employing a previously undocumented "defense evasion tool" dubbed AuKill that's designed to disable endpoint detection and response...
Study: 84% of Companies Use Breached SaaS Applications – Here’s How to Fix it for Free!
A recent review by Wing Security, a SaaS security company that analyzed the data of over 500 companies, revealed some...
Hackers Exploit Outdated WordPress Plugin to Backdoor Thousands of WordPress Sites
Threat actors have been observed leveraging a legitimate but outdated WordPress plugin to surreptitiously backdoor websites as part of an...
Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers
Print management software provider PaperCut said that it has "evidence to suggest that unpatched servers are being exploited in the...
New All-in-One “EvilExtractor” Stealer for Windows Systems Surfaces on the Dark Web
A new "all-in-one" stealer malware named EvilExtractor (also spelled Evil Extractor) is being marketed for sale for other threat actors...
