Writable File in Lenovo’s Windows Directory Enables a Stealthy AppLocker Bypass
A significant security vulnerability has been discovered in Lenovo’s preloaded Windows operating systems, where a writable file in the Windows...
Read more →Category: CyberSecurityNews
Instagram Started Using 1-Week Validity TLS certificates and Changes Them Daily
Instagram has adopted an unprecedented approach to web security by implementing daily rotation of TLS certificates that maintain validity periods...
Read more →
“CitrixBleed 2” Vulnerability PoC Released
Critical flaw in Citrix NetScaler devices echoes infamous 2023 security breach that crippled major organizations worldwide. The new critical vulnerability...
Read more →
Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
Russian Federal Security Service (FSB) officers have detained two hackers in Siberia who conducted cyberattacks on critical infrastructure facilities under...
Read more →
Threat Actors Turning Job Offers Into Traps, Over $264 Million Lost in 2024 Alone
Cybercriminals are exploiting the economic uncertainty and remote work trends to orchestrate sophisticated employment fraud schemes, with victims losing over...
Read more →
The Most Active RAT Uses New Stagers and Loaders to Bypass Defenses
XWorm has emerged as one of the most versatile and actively distributed remote access trojans in the current threat landscape,...
Read more →
Threat Actors Abused AV – EDR Evasion Framework In-The-Wild to Deploy Malware Payloads
Cybersecurity researchers have uncovered a concerning development as malicious actors began exploiting SHELLTER, a commercial anti-virus and endpoint detection response...
Read more →
Scattered Spider Upgraded Their Tactics to Abuse Legitimate Tools to Evade Detection and Maintain Persistence
The cybercriminal group known as Scattered Spider has significantly evolved its attack methodologies, demonstrating alarming sophistication in exploiting legitimate administrative...
Read more →
Hackers Exploit Legitimate Inno Setup Installer to Use as a Malware Delivery Vehicle
Cybercriminals have increasingly turned to legitimate software installation frameworks as vehicles for malware distribution, with Inno Setup emerging as a...
Read more →
Researchers Uncover New Technique to Exploit Azure Arc for Hybrid Escalation in Enterprise Environment and Maintain Persistence
Cybersecurity researchers have discovered a sophisticated attack technique that exploits Microsoft Azure Arc deployments to gain persistent access to enterprise...
Read more →
Hackers Exploiting Java Debug Wire Protocol Servers in Wild to Deploy Cryptomining Payload
A new wave of cyberattacks is targeting organizations that inadvertently expose Java Debug Wire Protocol (JDWP) servers to the internet,...
Read more →
Next.js Cache Poisoning Vulnerability Let Attackers Trigger DoS Condition
Key Takeaways1. Next.js versions 15.1.0-15.1.8 have a cache poisoning bug causing DoS attacks through blank page delivery.2. Needs affected Next.js...
Read more →