SolarWinds Platform XSS Vulnerability Let Attackers Inject Malicious Code
A critical security vulnerability has been recently disclosed by SolarWinds in its Platform product, a major player in IT management software. The flaw, identified as…
Category: CyberSecurityNews
HR & IT-Related Phishing Emails Are Top-Clicked Among Phishing Email Types
Phishing emails masquerading as HR and IT-related communications are the most likely to be clicked on by employees as unveiled in a recent study, posing…
HackSynth An Autonomous Penetration Testing Framework For Simulating Cyber-Attacks
The introduction of HackSynth marks a significant advancement in the field of autonomous penetration testing. Developed by researchers at Eotvos Lorand University, HackSynth leverages Large…
Cloudflare Developer Domains Abused For Cyber Attacks
Cloudflare developer domains are actively abused by the threat actors for several illicit malicious purposes, as reported by the security analysts at FORTRA. Recent investigations…
New TLDs Like .shop, .top And .xyz Attracting Phishers
A significant surge in phishing attacks has been unveiled by a recent study conducted by Interisle Consulting, with a nearly 40% increase in the year…
Google Chrome Type Confusion Vulnerability Let Attackers Execute Remote Code
A high-severity type confusion vulnerability in the V8 JavaScript engine of Google Chrome was recently discovered by independent researchers. As a result of this discovery,…
PoC Exploit Released For Progress WhatsUp Gold Vulnerability
A critical security flaw in Progress WhatsUp Gold, a popular network monitoring tool, has been exposed with the release of a proof-of-concept (PoC) exploit. The…
MobSF Vulnerability Let Attackers Inject Malicious Scripts
A critical security flaw has been discovered in Mobile Security Framework (MobSF), a popular pen-testing and malware analysis tool, potentially exposing users to significant risks.…
Veeam Service Provider RCE Vulnerability Let Attackers Execute Remote Code
Veeam, a leading provider of backup and disaster recovery solutions, has disclosed two significant vulnerabilities affecting its Service Provider Console (VSPC), including a critical remote…
CISA Releases Guidance For Network Monitoring to Detect Malicious Cyber Actors
The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), and international partners, has released…
Authorities Dismantle MATRIX Secret Chat Service Used by Cybercriminals
A joint investigation team (JIT) involving French and Dutch authorities, with support from Eurojust and Europol, has successfully dismantled an encrypted messaging service known as…
Storm-1811 Hackers Exploits RMM Tools to Deliver Black Basta Ransomware
Storm-1811, a financially driven threat actor that employs social engineering techniques, has recently been observed exploiting RMM tools to distribute the Black Basta ransomware. The…