Over 5 300 Gitlab Servers Exposed To Zero Click Account Takeover Attacks
Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month....
News
Tesla Hacked 24 Zero Days Demoed At Pwn2own Automotive 2024
Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for...
How To Secure Ad Passwords Without Sacrificing End User Experience
Hackers are constantly attempting to steal passwords, with Microsoft tracking 1,287 password attacks every second in 2022. If successful, the...
Vextrio Tds Inside A Massive 70 000 Domain Cybercrime Operation
A previously unknown traffic distribution system (TDS) named 'VexTrio' has been active since at least 2017, aiding 60 affiliates in...
Uk Says Ai Will Empower Ransomware Over The Next Two Years
The United Kingdom's National Cyber Security Centre (NCSC) warns that artificial intelligence (AI) tools will have an adverse near-term impact...
AI Set to Supercharge Ransomware Threat, Says NCSC
Malicious AI use will “almost certainly” drive an increase in the volume and impact of cyber-attacks over the next two...
Exploit Code Released For Critical Fortra GoAnywhere Bug
Threat actors could soon strike after a proof-of-concept exploit was published for a critical vulnerability in managed file transfer (MFT)...
Why Bulletproof Hosting is Key to Cybercrime-as-a-Service
The emergence of cybercrime-as-a-service (RaaS) has lowered the entry barrier into cybercrime by allowing cybercriminals to specialize in only one...
ChatGPT Cybercrime Surge Revealed in 3000 Dark Web Posts
Security researchers have observed a notable surge in dark web discussions regarding the illicit use of ChatGPT and other Large...
X Makes Passkeys Available for US-Based Users
Social media giant X (formerly Twitter) has made passkeys available as a login option for US-based users on iOS.A post...
Browser Phishing Threats Grew 198% Last Year
Security researchers have observed a 198% increase in browser-based phishing attacks during the latter half of 2023 compared to the...
Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters
Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with...
What is Nudge Security and How Does it Work?
In today's highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and...
Kasseika Ransomware Using BYOVD Trick to Disarms Security Pre-Encryption
The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack...
Patch Your GoAnywhere MFT Immediately – Critical Flaw Lets Anyone Be Admin
A critical security flaw has been disclosed in Fortra's GoAnywhere Managed File Transfer (MFT) software that could be abused to...
The Unknown Risks of The Software Supply Chain: A Deep-Dive
In a world where more & more organizations are adopting open-source components as foundational blocks in their application's infrastructure, it's...
U.S., U.K., Australia Sanction Russian REvil Hacker Behind Medibank Breach
Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role...
Us Uk Australia Sanction Revil Hacker Behind Medibank Data Breach
The Australian, US, and UK governments have announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022...
Water Services Giant Veolia North America Hit By Ransomware Attack
Veolia North America, a subsidiary of transnational conglomerate Veolia, disclosed a ransomware attack that impacted systems part of its Municipal Water...
Jasons Deli Says Customer Data Exposed In Credential Stuffing Attack
Jason's Deli is warning of a data breach in notifications sent to customers of its online platform stating that their...
Trello Api Abused To Link Email Addresses To 15 Million Accounts
An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles...
Kasseika Ransomware Uses Antivirus Driver To Kill Other Antiviruses
A recently uncovered ransomware operation named 'Kasseika' has joined the club of threat actors that employs Bring Your Own Vulnerable...
X Adds Passkeys Support For Ios Users In The United States
X, formerly Twitter, announced today that iOS users in the United States can now log into their accounts using passkeys....
Exploit Released For Fortra Goanywhere Mft Auth Bypass Bug
Exploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT (Managed File Transfer) software that...
