Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk
The China-linked advanced persistent threat (APT) group codenamed APT41 is suspected to be using an "advanced and upgraded version" of...
News
60 New Malicious Packages Uncovered in NuGet Supply Chain Attack
Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of...
Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool
Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that...
Streamlined Security Solutions: PAM for Small to Medium-sized Businesses
Today, all organizations are exposed to the threat of cyber breaches, irrespective of their scale. Historically, larger companies were frequent...
New Poco RAT Targets Spanish-Speaking Victims in Phishing Campaign
Spanish language victims are the target of an email phishing campaign that delivers a new remote access trojan (RAT) called...
PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks
Multiple threat actors have been observed exploiting a recently disclosed security flaw in PHP to deliver remote access trojans, cryptocurrency...
High-Severity Vulnerability in VMware Aria Automation Product
VMware has released security updates to address a high-severity vulnerability (CVE-2024-22280) in their Aria Automation product.Successful exploitation of this structured...
GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs
GitLab has shipped another round of updates to close out security flaws in its software development platform, including a critical...
Most Security Pros Admit Shadow SaaS and AI Use
Almost three-quarters (73%) of cybersecurity professionals have used unsanctioned apps including AI in the past year, according to a new...
Microsoft Fixes Four Zero-Days in July Patch Tuesday
Sysadmins have a busy time ahead this month after Microsoft issued updates for over 140 CVEs, including four zero-day vulnerabilities.The...
Smishing Triad Targets India with Fraud Surge
A recent surge in fraudulent smishing attacks impersonating India Post, the government-operated postal system, has prompted warnings from Indian authorities...
Russian Media Uses AI-Powered Software to Spread Disinformation
Russian state-sponsored media organization RT, formerly Russia Today, has used AI-powered software to create authentic-looking social media personas en masse...
Ransomware Groups Prioritize Defense Evasion for Data Exfiltration
Ransomware attackers are applying a significant focus on defense evasion tactics to increase dwell time in victim networks, according to...
Microsoft Outlook Faced Critical Zero-Click RCE Vulnerability
Security researchers have uncovered a critical vulnerability, CVE-2024-38021, affecting most Microsoft Outlook applications. This zero-click remote code execution (RCE) vulnerability, now...
New Ransomware Group Exploiting Veeam Backup Software Vulnerability
A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as...
True Protection or False Promise? The Ultimate ITDR Shortlisting Guide
It's the age of identity security. The explosion of driven ransomware attacks has made CISOs and security teams realize that...
HuiOne Guarantee: The $11 Billion Cybercrime Hub of Southeast Asia
Cryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that's widely used by cybercriminals in Southeast Asia,...
Microsoft’s July Update Patches 143 Flaws, Including Two Actively Exploited
Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two...
Smash-and-Grab Extortion
The Problem The "2024 Attack Intelligence Report" from the staff at Rapid7 is a well-researched, well-written report that is worthy...
Google Adds Passkeys to Advanced Protection Program for High-Risk Users
Google on Wednesday announced that it's making available passkeys for high-risk users to enroll in its Advanced Protection Program (APP)....
July 2024 Monthly Patch
Microsoft has released security patches to address multiple vulnerabilities in their software and products.The vulnerabilities that have been classified as...
Critical Vulnerability in Apache HTTP Server
Apache Software Foundation has released security updates to address a critical vulnerability (CVE-2024-39884) in their Apache HTTP Server. The vulnerability...
Crypto Analysts Expose HuiOne Guarantee’s $11 Billion Cybercrime Transactions
Cryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that's widely used by cybercriminals in Southeast Asia,...
ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks
The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. "A notable aspect of the...
