The Unsolvable Problem: XZ and Modern Infrastructure
The ongoing prevalence (and rise) of software supply chain attacks is enough to keep any software developer or security analyst...
Read more →News Archive
View All →
Scammers Exploit Fake Domains in Dubai Police Phishing Scams
SUMMARY: Researchers found a rise in phishing attacks in the UAE impersonating Dubai Police via SMS. Attackers use fake domains...
Read more →
Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS
Dec 12, 2024Ravie LakshmananVulnerability / Device Security Details have emerged about a now-patched security vulnerability in Apple’s iOS and macOS...
Read more →
Krispy Kreme Cyberattack Disrupts Operations & Online Orders
Krispy Kreme disclosed a cyberattack impacting its operations, most notably disrupting online ordering services in parts of the United States....
Read more →
Nova Keylogger – A Snake Malware Steal Credentials and Capture Screenshorts From Windows
Security researchers have uncovered Nova, a sophisticated evolution of the Snake Keylogger malware family, demonstrating advanced data stealing capabilities and...
Read more →
A Red Teamers Tool To Execute Commands on Hacked Hosts Via Microsoft Teams
A stealthy Command-and-Control (C2) infrastructure Red Team tool named ConvoC2 showcases how cyber attackers can exploit Microsoft Teams to execute...
Read more →
iOS Facebook Messenger Group Call DoS Vulnerability Exploited Using Emoji
A newly discovered vulnerability in Facebook Messenger for iOS has revealed a critical flaw that could disrupt group calls by...
Read more →
Cleo 0-day vulnerability Exploited to Deploy Malichus Malware
Cybersecurity researchers have uncovered a sophisticated exploitation campaign involving a zero-day (0-day) vulnerability in Cleo file transfer software platforms. This...
Read more →
Apple iOS devices are more vulnerable to phishing than Android
For years, there’s been a widely held belief that iOS devices—such as iPhones—are virtually immune to phishing attacks, largely due...
Read more →
27 DDoS-for hire platforms seized by law enforcement
As part of an ongoing international crackdown known as Operation PowerOFF, international law enforcement has seized over two dozen platforms...
Read more →
WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins
Dec 12, 2024Ravie LakshmananWebsite Security / Vulnerability Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for...
Read more →
Malichus Malware Exploiting Cleo 0-Day Vulnerability In Wild
Threat actors are actively exploiting a critical zero-day vulnerability (CVE-2024-50623) in Cleo’s file transfer products Harmony, VLTrader, and LexiComis. The...
Read more →