Apache fixes remote code execution bypass in Tomcat web server
Apache has released a security update that addresses an important vulnerability in Tomcat web server that could lead to an attacker achieving remote code execution. Apache…
Author: Cybernoz
Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications
A seemingly benign health app, “BMI CalculationVsn,” was found on the Amazon App Store, which secretly collected sensitive user data, including installed app package names…
BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques
An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the initial sample (MD5 14f6c034af7322156e62a6c961106a8c) provided valuable insights into its version and…
Supply Chain Attack Hits Rspack, Vant npm Packages with Monero Miner
KEY SUMMARY POINTS Compromised npm Packages: On December 20, 2024, attackers used a hijacked npm token to compromise popular npm packages @rspack/core, @rspack/cli, and “vant,”…
Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service
Dec 23, 2024Ravie LakshmananPhishing / Cybercrime An interruption to the phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA has led to a rapid uptick in activity from…
Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware
Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer through malicious packages disguised as legitimate tools. The threat actor, “k303903,”…
Italy Imposed EUR 15 million Fine to Open AI For Violating GDPR
The Italian Data Protection Authority (known as “Il Garante”) has imposed a €15 million fine on OpenAI for violations of the General Data Protection Regulation…
Lazarus Hackers Using New VNC Based Malware To Attack Organizations Worldwide
The Lazarus Group has recently employed a sophisticated attack, dubbed “Operation DreamJob,” to target employees in critical sectors like nuclear energy, which involves distributing malicious…
Top 10 Cybersecurity Trends to Expect in 2025
The 2025 cybersecurity landscape is increasingly complex, driven by sophisticated cyber threats, increased regulation, and rapidly evolving technology. In 2025, organizations will be challenged with…
Big data and Google BigQuery improve cancer drug development by detecting bacteria
Developing new drugs is risky and expensive. Creating a new drug and bringing it to clinical trials can cost billions of pounds, with no guarantees…
Top Open Source API Security Tools
The modern world relies on Application Programming Interfaces (APIs). They allow applications to communicate with each other, servers, and consumers to facilitate data sharing and…
Researchers Bypass WPA3 to Acquire Network Password
Researchers have successfully bypassed the Wi-Fi Protected Access 3 (WPA3) protocol to obtain network passwords using a combination of Man-in-the-Middle attacks and social engineering techniques.…