Category: Securityaffairs

Python URL parsing function flaw can enable command executionSecurity Affairs
12
Aug
2023

Python URL parsing function flaw can enable command executionSecurity Affairs

A severe vulnerability in the Python URL parsing function can be exploited to gain arbitrary file reads and command execution….

Bangladesh government website leaked data of millions of citizensSecurity Affairs
12
Aug
2023

UK govt contractor MPD FM leaks employee passport dataSecurity Affairs

UK govt contractor MPD FM left an open instance that exposed employee passports, visas, and other sensitive data MPD FM,…

Mockingjay process injection technique allows EDR bypassSecurity Affairs
12
Aug
2023

Power Generator in South Africa hit with DroxiDat and Cobalt StrikeSecurity Affairs

Threat actors employed a new variant of the SystemBC malware, named DroxiDat, in attacks aimed at African critical infrastructure. Researchers from…

From Commerce to CloudSecurity Affairs
11
Aug
2023

From Commerce to CloudSecurity Affairs

API (or Application Programming Interface) is a ubiquitous term in the tech community today, and it’s one with a long…

Gafgyt botnet is targeting EoL Zyxel routers
11
Aug
2023

Gafgyt botnet is targeting EoL Zyxel routers

Researchers warn that the Gafgyt botnet is actively exploiting a vulnerability impacting the end-of-life Zyxel P660HN-T1A router. A variant of…

Charming Kitten APT is targeting Iranian dissidents in GermanySecurity Affairs
11
Aug
2023

Charming Kitten APT is targeting Iranian dissidents in GermanySecurity Affairs

Germany’s Federal Office for the Protection of the Constitution (BfV) warns that the Charming Kitten APT group targeted Iranian dissidents…

Statc Stealer, a new sophisticated info-stealing malwareSecurity Affairs
11
Aug
2023

Statc Stealer, a new sophisticated info-stealing malwareSecurity Affairs

Experts warn that a new info-stealer named Statc Stealer is infecting Windows devices to steal a broad range of sensitive information. Zscaler…

CISA adds recently disclosed Apple flaws to its Known Exploited Vulnerabilities catalogSecurity Affairs
10
Aug
2023

CISA discovered a new backdoor, named Whirlpool, used in Barracuda ESG attacksSecurity Affairs

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) observed a new backdoor, named Whirlpool, in attacks on Barracuda ESG appliances….

US Govt launches Artificial Intelligence Cyber ChallengeSecurity Affairs
10
Aug
2023

US Govt launches Artificial Intelligence Cyber ChallengeSecurity Affairs

The US Government House this week launched an Artificial Intelligence Cyber Challenge competition for creating a new generation of AI…

CISA adds recently disclosed Apple flaws to its Known Exploited Vulnerabilities catalogSecurity Affairs
10
Aug
2023

CISA adds actively exploited flaw in .NET, Visual Studio to its Known Exploited Vulnerabilities catalogSecurity Affairs

US CISA added zero-day vulnerability CVE-2023-38180 affecting .NET and Visual Studio to its Known Exploited Vulnerabilities catalog. US Cybersecurity and…

Data of all serving police officers Police Service of Northern Ireland (PSNI) mistakenly published onlineSecurity Affairs
10
Aug
2023

Data of all serving police officers Police Service of Northern Ireland (PSNI) mistakenly published onlineSecurity Affairs

Police Service of Northern Ireland (PSNI) mistakenly shared sensitive data of all 10,000 serving police officers in response to a…

Experts discovered a previously undocumented initial access vector used by P2PInfect wormSecurity Affairs
09
Aug
2023

Balada Injector still at large – new domains discoveredSecurity Affairs

The Balada Injector is still at large and still evading security software by utilizing new domain names and using new…