5379 GitLab Servers are Vulnerable to Zero-Click Takeover Attacks
GitLab has released important security fixes for versions 16.7.2, 16.6.4, and 16.5.6 for GitLab Community Edition (CE) and Enterprise Edition (EE). The fixes include multiple…
Category: CyberSecurityNews
HP Hacked by Russian ‘Cozy Bear’ hacker Group
On December 12, 2023, Hewlett Packard Enterprise (HPE) received chilling news: the notorious nation-state actor Midnight Blizzard, also known as Cozy Bear, had breached its…
Researchers Exploited Tesla & Sony in Pwn2Own Automotive
Pwn2Own 2024 Automotive is a unique event aimed at identifying and fixing flaws in connected automotive technologies. Tokyo, Japan, hosts the Pwn2Own 2024 Automotive from…
Python based WIREFIRE web shell Attacking Ivanti VPN
Recently, QuoIntelligence’s research team unearthed a previously undetected variant of the notorious WIREFIRE web shell, a Python-based implant targeting compromised Ivanti Connect Secure (ICS) VPN…
Mass Exploitation of Ivanti VPN Exposes Networks to Hack Attacks
It was previously reported that Ivanti Connect Secure was vulnerable to an authentication bypass (CVE-2023-46805) and a command injection vulnerability (CVE-2024-21887) actively exploited by threat…
Exploit Released for critical GoAnywhere MFT auth bypass
Fortra-owned GoAnywhere MFT (Managed File Transfer) has been discovered with a new vulnerability that could allow an unauthorized threat actor to create an admin user…
LockBit Ransomware Gang Claims Cyber Attack on Subway
An infamous cybercriminal group known as LockBit Ransomware recently targeted Subway’s food chain, unleashing a vicious attack that could potentially lead to the exposure of…
Re-vamped Zloader Attacking Windows Users With RSA Encryption
Zloader, also known as Terdot, DELoader, or Silent Night, is a modular trojan that reappeared after nearly two years of absence but with significant enhancements to…
ThreeAM Ransomware Attacking Small & Medium Companies
For financial gain, hackers exploit ransomware through which they encrypt victims’ data and then demand a ransom payment in exchange for its release. It shows…
Apple Critical Zero-day Flaw Exposes iPhones & Macs
Apple has released its first zero-day vulnerability patch of 2024, which affected several Apple products, including tvOS, iOS, iPadOS, macOS, and Safari. The zero-day is…
Atlassian Confluence Servers Attacked From 600+ IPs
Atlassian disclosed a critical vulnerability last week related to Remote Code Execution (CVE-2023-22527). This particular vulnerability was reported to be affecting Confluence Data Center and…
What is Infrastructure as Code Security (IaC)?
Infrastructure as Code (IaC) is a popular DevOps practice that manages and provides IT infrastructure through code rather than manual processes. This shift streamlines operations…