How an Empty S3 Bucket Led to a Massive AWS Bill
AWS Customer Faces Massive Bill Due to Open-Source Tool Misconfiguration. In a startling incident, an AWS customer faced a staggering $1,300 bill for S3 usage,…
Category: CyberSecurityNews
Gemini 1.5 Pro For Malware Analysis to Detect Zero-day Malware
Google has introduced Gemini 1.5 Pro for malware analysis, an advanced AI tool capable of processing up to 1 million tokens. This tool revolutionizes automated…
$44.5 Million Stolen in Cryptos
Hedgey Finance, a prominent token infrastructure platform, has reported a massive theft of approximately $44.5 million in cryptocurrencies. This incident unfolded rapidly over two hours,…
A New Sophisticated Technique Evades EDR
In the rapidly evolving, complex threat landscape, EDR companies are constantly racing against new vectors. Recently, Helvio Benedito Dias de Carvalho Junior (aka M4v3r1ck) from…
Judge0 Security Vulnerabilities Let Attackers Run Arbitrary Code
Tanto Security has disclosed critical vulnerabilities in the widely-used open-source service Judge0, which could allow attackers to perform a sandbox escape and gain root access…
Telegram Web App Vulnerability Let Attackers Hijack Sessions
A new vulnerability has been discovered in Telegram, allowing a threat actor to hijack a Telegram user session via XSS (Cross-Site Scripting). This vulnerability exists…
29-Days From IcedID Infection to Dagon Locker Ransomware Deployment
In a sophisticated cyberattack that unfolded over 29 days, cybersecurity analysts have meticulously traced the steps of threat actors from the initial infection with IcedID…
Find Malware With ANY RUN Threat Intelligence YARA Search
YARA is a rule-based malware detection tool that utilizes regular expressions and textual/binary signatures to create descriptions (rules) for identifying malicious files. Within ANY.RUN TI,…
Dependency Confusion Vulnerability Found in an Archived Apache Project
Researchers discovered a vulnerability in an archived Apache project, highlighting the risk of using outdated third-party dependencies, where attackers can exploit the way package managers…
Hackers Abuse Autodesk Drive For Hosting Weaponized PDF Files
Autodesk Drive is a data-sharing platform for organizations to share documents and files in the cloud. It also supports 2D and 3D data files, including…
Cactus Ransomware Exploiting Qlik Servers Vulnerability
The Cactus ransomware gang has been exploiting vulnerable Qlik sense servers ever since November 2023 using multiple vulnerabilities such as CVE-2023-41266 (Path Traversal), CVE-2023-41265 (HTTP…
Chrome Critical Flaw Let Attackers Execute Arbitary Code : Patch Now
Google announced the release of Chrome 124, which fixes four vulnerabilities, including a critical security issue that allows attackers to execute arbitrary code. Over the next…