The Official DOGE Website Launch Was a Security Mess
As well as being insecure, the DOGE website heavily leans on X, the social media platform owned by Musk. DOGE’s homepage is a feed of…
Author: Cybernoz
Android’s New Feature Blocks Fraudsters from Sideloading Apps During Calls
Feb 15, 2025Ravie LakshmananMobile Security / Technology Google is working on a new security feature for Android that blocks device owners from changing sensitive settings…
Top US Election Security Watchdog Forced to Stop Election Security Work
The Cybersecurity and Infrastructure Security Agency has frozen all of its election security work and is reviewing everything it has done to help state and…
U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog
U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog Pierluigi Paganini February 14, 2025 U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SimpleHelp vulnerability…
The New King of Ransomware? Targeted 600 Firms in 2024
RansomHub emerges as a major ransomware threat in 2024, targeting 600 organizations after ALPHV and LockBit disruptions. Group-IB reveals its rapid rise in cybercrime. Group-IB’s…
Hackers exploit authentication bypass in Palo Alto Networks PAN-OS
Hackers are launching attacks against Palo Alto Networks PAN-OS firewalls by exploiting a recently fixed vulnerability (CVE-2025-0108) that allows bypassing authentication. The security issue received a…
Why EPSS is a Game-Changer for Cybersecurity Risk Management
Having served on the MITRE.org CVE (OVAL) advisory board, I have spent years analyzing vulnerabilities and how they impact global cybersecurity. The challenge has always…
The AWS Exploit That Lets Hackers Take Over Your Cloud – Without You Knowing!
Cloud security remains an evolving challenge as new attack vectors emerge, often leveraging misconfigurations rather than outright software vulnerabilities. In August 2024, researchers at Datadog…
New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution
Feb 14, 2025Ravie LakshmananVulnerability / DevOps Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an…
China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws
China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws Pierluigi Paganini February 14, 2025 China-linked APT Salt Typhoon has breached more U.S. telecommunications…
N. Korean Hackers Suspected in DEEP#DRIVE Attacks Against S. Korea
A phishing attack dubbed DEEP#DRIVE is targeting South Korean entities, with thousands already affected. North Korean hackers from the Kimsuky group are the prime suspects…
SonicWall firewall bug leveraged in attacks after PoC exploit release
Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code. This security flaw (CVE-2024-53704), tagged…