Krispy Kreme Cyberattack Disrupts Operations & Online Orders
Krispy Kreme disclosed a cyberattack impacting its operations, most notably disrupting online ordering services in parts of the United States. The Krispy Kreme cyberattack was…
Month: December 2024
Nova Keylogger – A Snake Malware Steal Credentials and Capture Screenshorts From Windows
Security researchers have uncovered Nova, a sophisticated evolution of the Snake Keylogger malware family, demonstrating advanced data stealing capabilities and improved evasion techniques. This new…
A Red Teamers Tool To Execute Commands on Hacked Hosts Via Microsoft Teams
A stealthy Command-and-Control (C2) infrastructure Red Team tool named ConvoC2 showcases how cyber attackers can exploit Microsoft Teams to execute system commands on compromised hosts…
iOS Facebook Messenger Group Call DoS Vulnerability Exploited Using Emoji
A newly discovered vulnerability in Facebook Messenger for iOS has revealed a critical flaw that could disrupt group calls by exploiting emoji reactions. This denial-of-service…
Cleo 0-day vulnerability Exploited to Deploy Malichus Malware
Cybersecurity researchers have uncovered a sophisticated exploitation campaign involving a zero-day (0-day) vulnerability in Cleo file transfer software platforms. This campaign has been used to…
Apple iOS devices are more vulnerable to phishing than Android
For years, there’s been a widely held belief that iOS devices—such as iPhones—are virtually immune to phishing attacks, largely due to Apple’s strong emphasis on…
27 DDoS-for hire platforms seized by law enforcement
As part of an ongoing international crackdown known as Operation PowerOFF, international law enforcement has seized over two dozen platforms used to carry out Distributed…
WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins
Dec 12, 2024Ravie LakshmananWebsite Security / Vulnerability Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable…
Malichus Malware Exploiting Cleo 0-Day Vulnerability In Wild
Threat actors are actively exploiting a critical zero-day vulnerability (CVE-2024-50623) in Cleo’s file transfer products Harmony, VLTrader, and LexiComis. The flaw, stemming from an unrestricted…
We must adjust expectations for the CISO role
Cybersecurity has become one of the most high-stakes facets of business operations in the past few years. The chief information security officer (CISO) role, once…
Europol Shuts Down 27 DDoS Attack Platform Providers, Admins Arrested
Law enforcement agencies worldwide have disrupted a holiday tradition of launching Distributed Denial-of-Service (DDoS) attacks in a major blow to cybercriminals. As part of Operation…
GitLab Security Update, Patch for Critical Vulnerabilities
GitLab announced the release of critical security patches for its Community Edition (CE) and Enterprise Edition (EE). The newly released versions 17.6.2, 17.5.4, and 17.4.6…