PLAYFULGHOST, a Gh0st RAT variant, leverages distinct traffic patterns and encryption, which spread via phishing emails and SEO poisoning of bundled applications, enabling keylogging, screen…
The CVE-2024-49112 vulnerability in Windows LDAP allows remote code execution on unpatched Domain Controllers, as a zero-click exploit leverages this by crafting malicious LDAP requests,…
A cybersecurity researcher has demonstrated a method to bypass BitLocker encryption on Windows 11 (version 24H2) by extracting full volume encryption keys (FVEK) from memory.…
72 Hours to Audit-Ready API Security APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API…
SmuggleShield, a recently launched browser extension, is gaining attention in the cybersecurity space for its innovative approach to mitigating HTML smuggling attacks. With its stable…
Cloud security researchers have uncovered alarming trends in identity compromises within Amazon Web Services (AWS) environments. Among the most prolific threat actors is a group…
A 20-year-old U.S. Army soldier, Cameron John Wagenius, has been arrested and indicted by federal authorities for allegedly selling confidential customer call records stolen from…
D-Link warned users of several legacy router models about known vulnerabilities actively exploited by botnets. These devices, which have reached End-of-Life (EOL) and End-of-Service (EOS),…
Researchers recently discovered a malicious campaign targeting Ukrainian military personnel through fake “Army+” application websites, which host a malicious installer that, upon execution, extracts the…
The DrayTek Gateway devices, more specifically the Vigor2960 and Vigor300B models, are susceptible to a critical command injection vulnerability. Exploitable via the /cgi-bin/mainfunction.cgi/apmcfgupload endpoint, attackers…
Microsoft has issued a warning about a significant issue impacting devices running Windows 11, version 24H2, that could block essential Windows Security updates. The problem…
Security researchers have warned that a Proof-of-Concept (PoC) exploit has been publicly released for a critical vulnerability affecting Oracle WebLogic Server. The flaw tracked as CVE-2024-21182,…
