Under Trump, US Cyberdefense Loses Its Head
Chinese hacks, rampant ransomware, and Donald Trump’s budget cuts all threaten US security. In an exit interview with WIRED, former CISA head Jen Easterly argues…
Author: Cybernoz
Murdoc Botnet Exploiting AVTECH Cameras & Huawei Routers to Gain Complete Control
Researchers have identified an active malware campaign involving a Mirai botnet variant, dubbed Murdoc, which has been targeting AVTECH cameras and Huawei HG532 routers since…
ACSC Targets Bulletproof Hosting Providers
The Australian Cyber Security Centre has issued a warning about Bulletproof Hosting Providers (BPH), which play a central role in enabling cybercrime. These providers offer…
Rails Apps File Write Vulnerability Let Attackers Execute Code Remotely
Researchers uncovered a critical security vulnerability in Rails applications that leverages the Bootsnap caching library. This exploit allows attackers to achieve remote code execution (RCE) by…
AI Assistant Jailbreaked to Reveal its System Prompts
Anonymous tinkerer claims to have bypassed an AI assistant’s safeguards to uncover its highly confidential system prompt—the underlying instructions shaping its behavior. The breach, achieved…
Bashe Ransomware strikes ICICI Bank
A relatively unknown ransomware group named Bashe, potentially linked to the infamous LockBit gang, has launched a cyberattack on ICICI Bank, a major Indian financial…
DigitalOcean Per-Bucket Access Keys boosts object storage security
DigitalOcean announced Per-Bucket Access Keys for DigitalOcean Spaces, its S3-compatible object storage service. This feature provides customers with identity-based, bucket-level control over access permissions, helping…
QakBot-Linked BC Malware Adds Enhanced DNS Tunneling and Remote Access Features
Jan 23, 2025Ravie LakshmananMalware / Threat Intelligence Cybersecurity researchers have disclosed details of a new BackConnect (BC) malware that has been developed by threat actors…
Open-Source ClamAV Releases Critical Security Patch Updates – What’s Inside!
The ClamAV team has announced the release of security patch updates for ClamAV versions 1.4.2 and 1.0.8. These updates address a critical vulnerability and include…
SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006)
A critical zero-day vulnerability (CVE-2025-23006) affecting SonicWall Secure Mobile Access (SMA) 1000 Series appliances is being exploited by attackers. “We strongly advises users of the…
New Cookie Sandwich Technique Let Attackers Bypass HttpOnly Flag On Servers
A newly discovered attack technique, dubbed the “cookie sandwich,” enables attackers to bypass the HttpOnly flag on certain servers, exposing sensitive cookies, including session identifiers,…
Open-Source ClamAV Releases Security Update for Buffer Overflow Vulnerability
ClamAV, a widely used open-source antivirus software, has released security patch updates to address a critical buffer overflow vulnerability (CVE-2025-20128). The vulnerability, identified in the…