Malicious packages in the NPM designed for highly-targeted attacksSecurity Affairs
Researchers discovered a new set of malicious packages on the npm package manager that can exfiltrate sensitive developer data. On July 31, 2023, Phylum researchers…
Category: Securityaffairs
Attackers use dynamic code loading to bypass Google Play store’s malware detectionsSecurity Affairs
Threat actors rely on the ‘versioning’ technique to evade malware detections of malicious code uploaded to the Google Play Store. Google Cybersecurity Action Team (GCAT)…
CISA, FBI, and NSA published the list of 12 most exploited vulnerabilities of 2022Security Affairs
CISA, the FBI, and NSA, along with Five Eyes cybersecurity agencies published a list of the 12 most exploited vulnerabilities of 2022. CISA, the NSA,…
Decommissioned medical infusion pumps sold on secondary market could reveal Wi-Fi configuration settingsSecurity Affairs
Experts warn that decommissioned medical infusion pumps sold via the secondary market could expose Wi-Fi configuration settings. The sale of decommissioned medical infusion pumps through…
OWASP Top 10 for LLM applications is out!Security Affairs
OWASP released the OWASP Top 10 for LLM (Large Language Model) Applications project, which provides a list of the top 10 most critical vulnerabilities impacting…
Rapid7 found a bypass for the recently patched actively exploited Ivanti EPMM bugSecurity Affairs
Researchers discovered a bypass for a recently fixed actively exploited vulnerability in Ivanti Endpoint Manager Mobile (EPMM). Rapid7 cybersecurity researchers have discovered a bypass for…
Russian APT29 conducts phishing attacks through Microsoft TeamsSecurity Affairs
Russia-linked APT29 group targeted dozens of organizations and government agencies worldwide with Microsoft Teams phishing attacks. Microsoft Threat Intelligence reported that Russia-linked cyberespionage group APT29…
Hackers already installed web shells on 581 Citrix servers in CVE-2023-3519 attacksSecurity Affairs
Researchers warn that hundreds of Citrix servers have been hacked in an ongoing campaign exploiting the RCE CVE-2023-3519. Security researchers from the non-profit organization Shadowserver…
Zero-day in Salesforce email services exploited in targeted Facebook phishing campaignSecurity Affairs
Experts spotted a spear-phishing Facebook campaign exploiting a zero-day vulnerability in Salesforce email services. Researchers from Guardio Labs uncovered a sophisticated phishing campaign exploiting a…
Burger King forgets to put a password on their systems, againSecurity Affairs
The fast food giant Burger King put their systems and data at risk by exposing sensitive credentials to the public for a second time. Original…
CISA adds second Ivanti EPMM flaw to its Known Exploited Vulnerabilities catalogSecurity Affairs
US CISA added a second actively exploited Ivanti ‘s Endpoint Manager Mobile (EPMM) vulnerability to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security…
NodeStealer 2.0 takes over Facebook Business accountsSecurity Affairs
Researchers spotted a Python variant of the NodeStealer that was designed to take over Facebook business accounts and cryptocurrency wallets. Palo Alto Network Unit 42 discovered a…