Chipmaker Microchip Hit by Cyber Attack, Operations Impacted
Microchip Technology Incorporated, a leading semiconductor manufacturer, has been hit by a significant cyber attack that has disrupted its operations. The company, which supplies chips…
Category: CyberSecurityNews
Xeon Sender Abusing Nine SaaS providers For Massive SMS Attacks
Xeon Sender, a Python script, is a tool that enables threat actors to send spam messages through nine different SaaS providers. Initially observed in 2022,…
AWS Configuration Vulnerability Exposes Thousands of Web Apps
A recent discovery by Miggo Research has unveiled a critical configuration vulnerability in Amazon Web Services (AWS) that exposes thousands of web applications to potential…
TA453 Hackers Using Fake podcast To Deliver New BlackSmith Malware Toolkit
Iranian threat actor TA453 launched a phishing campaign targeting a prominent religious figure with a fake podcast invitation aiming to deliver a new malware toolkit,…
Critical Vulnerability In OpenBMCs For Servers, Leads To Full Compromise
BMCs are specialized microcontrollers embedded in servers and other devices, responsible for monitoring and managing hardware health, including temperature, voltage, and system logs. Cybersecurity researchers…
Hackers Exploit PHP Vulnerability in Windows for Remote Code Execution
Cybersecurity researchers at Symantec recently identified a new malware that exploits a PHP vulnerability(CVE-2024-4577) in the CGI argument injection flaw. This vulnerability affects all versions…
Hackers Exploited AWS ENV Files to Attack 110,000 Domains & Steal Credentials
A sophisticated extortion campaign targeted 110,000 domains by exploiting exposed .env files on unsecured web applications. The attackers obtained AWS IAM access keys from these…
New UULoader Attacking Users Via Weaponized PDF Documents
Malicious .msi installers disguised as legitimate software actively target Korean and Chinese speakers by dubbing UULoader, contain a loader likely developed by a Chinese speaker,…
Microsoft Launches Unified Teams App for Personal & Work Environments
Microsoft has unveiled a significant update to its popular collaboration platform, Microsoft Teams, by launching a unified app that brings together personal, work, and education…
Atlassian Bamboo Data Center & Server Flaw Let Attackers Execute Arbitrary Code
Atlassian has issued a security advisory for a newly discovered high-severity vulnerability affecting its Bamboo Data Center and Server products. The vulnerability, identified as CVE-2024-21689, has…
Outlook Zero-click RCE Vulnerability Technical Details Released
Researchers at Morphisec have uncovered critical technical details about the recently discovered zero-click remote code execution (RCE) vulnerability in Microsoft Outlook, identified as CVE-2024-38021. This…
Critical WordPress Plugin RCE Vulnerability Impacts 100k+ Sites
A severe security flaw has been discovered in GiveWP, a popular WordPress donation plugin with over 100,000 active installations. The vulnerability, classified as an unauthenticated…