Why EPSS is a Game-Changer for Cybersecurity Risk Management
Having served on the MITRE.org CVE (OVAL) advisory board, I have spent years analyzing vulnerabilities and how they impact global cybersecurity. The challenge has always…
Author: Cybernoz
The AWS Exploit That Lets Hackers Take Over Your Cloud – Without You Knowing!
Cloud security remains an evolving challenge as new attack vectors emerge, often leveraging misconfigurations rather than outright software vulnerabilities. In August 2024, researchers at Datadog…
New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution
Feb 14, 2025Ravie LakshmananVulnerability / DevOps Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an…
China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws
China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws Pierluigi Paganini February 14, 2025 China-linked APT Salt Typhoon has breached more U.S. telecommunications…
N. Korean Hackers Suspected in DEEP#DRIVE Attacks Against S. Korea
A phishing attack dubbed DEEP#DRIVE is targeting South Korean entities, with thousands already affected. North Korean hackers from the Kimsuky group are the prime suspects…
SonicWall firewall bug leveraged in attacks after PoC exploit release
Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code. This security flaw (CVE-2024-53704), tagged…
12 Million Zacks accounts leaked by cybercriminal
A cybercriminal claimed to have stolen 15 million data records from the customers and clients of the company Zacks—a number that a separate investigation, after…
Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks
Feb 14, 2025Ravie LakshmananBrowser Security / Cryptocurrency The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript…
Kenyan AI workers form Data Labelers Association
Artificial intelligence (AI) workers in Kenya have launched the Data Labelers Association (DLA) to fight for fair pay, mental health support and better overall working…
SonicWall firewall bug targeted in attacks after PoC exploit release
Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code. This security flaw (CVE-2024-53704), tagged…
Malicious PirateFi game infects Steam users with Vidar malware
A free-to-play game named PirateFi in the Steam store has been distributing the Vidar infostealing malware to unsuspecting users. The title was present in the…
Scammers Exploit JFK Files Release with Malware and Phishing
Veriti Research reported a developing cyber threat campaign centred around the declassification and release of the RFK, MLK and JFK files. Learn more about these…