Two critical vulnerabilities have been discovered in Apache Tomcat, the popular open-source web server, and servlet container, potentially allowing attackers to execute remote code and…
With critical SAP vulnerabilities being weaponized within 72 hours of a patch release, and unprotected SAP applications provisioned in cloud environments being discovered and compromised…
A sophisticated phishing campaign exploiting fake Microsoft SharePoint notifications to distribute the Xloader malware. This malicious operation, recently intercepted by Sublime Security, highlights the growing…
Google Calendar, with over 500 million active users worldwide and availability in 41 languages, has long been celebrated for its efficiency in organizing schedules and…
Google’s Mandiant FLARE team has unveiled XRefer, a cutting-edge tool designed to streamline the complex process of malware analysis. This innovative plugin for IDA Pro…
The Cybersecurity and Infrastructure Security Agency (CISA) has released Binding Operational Directive (BOD) 25-01, mandating federal civilian agencies to enhance the security of their Microsoft…
The AhnLab Security Intelligence Center (ASEC) has uncovered a new strain of DDoS malware, named cShell, targeting poorly managed Linux SSH servers (screen and hping3).…
A critical security vulnerability has been identified in Apache Struts, a popular open-source framework for building Java-based web applications actively used in attacks leveraging publish…
The Federal Bureau of Investigation (FBI) has issued a Private Industry Notification (PIN) alerting cybersecurity professionals and system administrators about a new threat targeting web…
Researchers uncovered new security vulnerabilities in the Azure Data Factory Apache Airflow integration dubbed “Dirty DAG”, which allow attackers to get unauthorized write permissions to…
A critical Remote Code Execution (RCE) vulnerability (CVE-2024-6386), affecting over 1,000,000 active installations of the WordPress Multilingual Plugin (WPML). This flaw, stemming from a Server-Side…
Securonix Threat Research team has uncovered a sophisticated tax-related phishing campaign that employs Microsoft Common Console Document (MSC) files and advanced obfuscation techniques to deliver…
