SolarWinds Web Help Desk Vulnerability Enables Unauthenticated RCE
SolarWinds has released an urgent security advisory for a critical vulnerability in its Web Help Desk software that could allow an unauthenticated attacker to achieve…
Category: CyberSecurityNews
EV Charging Provider Confirm Data Breach
Digital Charging Solutions GmbH (DCS), a leading provider of white-label charging services for automotive OEMs and fleet operators, has confirmed a data breach affecting a…
GitHub Enhances NPM’s Security with Strict Authentication, Granular Tokens, and Trusted Publishing
Recent High-profile supply‐chain attacks have exposed critical weaknesses in package registry security, prompting GitHub to roll out a suite of defenses designed to harden the…
Hackers Hijacking IIS Servers Using Malicious BadIIS Module to Serve Malicious Content
A sophisticated cyber campaign, dubbed “Operation Rewrite,” is actively hijacking Microsoft Internet Information Services (IIS) web servers to serve malicious content through a technique known…
Hackers Abusing GitHub Notifications to Deliver Phishing Emails
In recent weeks, security researchers have uncovered an elaborate phishing campaign that leverages legitimate GitHub notification mechanisms to deliver malicious content. Victims receive seemingly authentic…
European Airport Disruptions Caused by Sophisticated Ransomware Attack
Over the weekend, a sophisticated ransomware attack compromised Collins Aerospace’s Muse check-in and boarding systems, forcing key hubs including Heathrow, Brussels, and Berlin to return…
Libraesva ESG Vulnerability Let Attackers Inject Malicious Commands
A critical security flaw in Libraesva ESG email security gateways has been identified and patched, allowing threat actors to execute arbitrary commands through specially crafted…
22.2 Tbps DDoS Attack Breaks Internet With New World Record
Cloudflare announced it had autonomously mitigated the largest distributed denial-of-service (DDoS) attack ever recorded. The hyper-volumetric attack peaked at an unprecedented 22.2 terabits per second…
BlockBlasters Steam Game Downloads Malware to Computer Disguised as Patch
A seemingly innocent patch update for the popular 2D platformer game BlockBlasters has transformed into a sophisticated malware campaign, exposing hundreds of Steam users to…
Threat Actors Leverage Oracle Database Scheduler to Gain Access to Corporate Environments
In recent weeks, security researchers have observed a surge in attacks exploiting Oracle Database Scheduler’s External Jobs feature to gain a foothold in corporate environments.…
New Inboxfuscation Tool That Bypasses Microsoft Exchange Inbox Rules and Evade Detection
Attackers increasingly exploit Microsoft Exchange inbox rules to maintain persistence and exfiltrate data within enterprise environments. A newly released tool, Inboxfuscation, leverages Unicode-based obfuscation to…
Subtle Snail Mimic as HR Representatives to Engage Employees and Steal Login Credentials
A sophisticated Iran-nexus espionage group known as Subtle Snail has emerged as a significant threat to European telecommunications, aerospace, and defense organizations through an elaborate…