JLR Confirms Phased Restart of Operations Following Cyber Attack
Jaguar Land Rover (JLR) has confirmed it will begin a phased restart of its manufacturing operations in the coming days, nearly a month after a…
Category: CyberSecurityNews
SUSE Rancher Vulnerabilities Let Attackers Lockout the Administrators Account
A critical flaw in SUSE Rancher’s user management module allows privileged users to disrupt administrative access by modifying usernames of other accounts. Tracked as CVE-2024-58260,…
Threat Actors Weaponizing Facebook and Google Ads as Financial Platforms to Steal Sensitive Data
In recent months, cybersecurity teams have observed an alarming trend in which malicious actors exploit Facebook and Google advertising channels to masquerade as legitimate financial…
New ModStealer Evade Antivirus Detection to Attack macOS Users and Steal Sensitive Data
A sophisticated new cross-platform information stealer known as ModStealer has emerged, targeting macOS users and demonstrating concerning capabilities to evade Apple’s built-in security mechanisms. The…
WhatsApp 0-Click Vulnerability Exploited Using Malicious DNG File
WhatsApp 0-click remote code execution (RCE) vulnerability affecting Apple’s iOS, macOS, and iPadOS platforms, detailed with a proof of concept demonstration. The attack chain exploits…
Hackers Weaponizing SVG Files to Deliver PureMiner Malware and Steal Sensitive Information
In recent weeks, a sophisticated phishing campaign has emerged, targeting organizations in Ukraine with malicious Scalable Vector Graphics (SVG) files designed to propagate the PureMiner…
Windows Heap Exploitation Vulnerability With Record’s Size Field Leads to Arbitrary R/W
A critical vulnerability in Windows heap management demonstrates how improper handling of record-size fields enables arbitrary memory read and write operations. Suraj Malhotra shared a…
Formbricks Signature Verification Vulnerability Let Attackers Reset User Passwords Without Authorization
A critical security flaw discovered in Formbricks, an open-source experience management platform, demonstrates how missing JWT signature verification can lead to complete account takeovers. The…
DataCenter Fire Takes 600+ South Korean Government Websites Offline
A fire caused by a lithium-ion battery explosion at a key government data center in South Korea has knocked more than 600 essential services offline,…
Threat Actors Leveraging Dynamic DNS Providers to Use for Malicious Purposes
Cybersecurity researchers are raising alarms about a growing threat vector as malicious actors increasingly exploit Dynamic DNS providers to establish robust command and control infrastructure.…
Notepad++ DLL Hijacking Vulnerability Let Attackers Execute Malicious Code
A newly discovered DLL hijacking vulnerability in Notepad++, the popular source code editor, could allow attackers to execute arbitrary code on a victim’s machine. Tracked…
Google Project Zero Details ASLR Bypass on Apple Devices Using NSDictionary Serialization
A Google Project Zero researcher has detailed a novel technique for remotely leaking memory addresses on Apple’s macOS and iOS. This method can bypass a…