Do Son, Author at Daily CyberSecurity • Page 372 of 732

Vulnerability Overload: 40,000+ CVEs in 2024 CVE 2024

Vulnerability Overload: 40,000+ CVEs in 2024

Do Son January 6, 2025

Security researcher Jerry Gamblin has released his annual CVE data review. 2024 saw an unprecedented surge in...

Beware of PhishWP: New WordPress Plugin Targets Online Shoppers WordPress Backdoor

Beware of PhishWP: New WordPress Plugin Targets Online Shoppers

Do Son January 6, 2025

Imagine browsing a seemingly legitimate e-commerce site, entering your payment details, and confidently completing a purchase, only...

EAGERBEE: Advanced Backdoor Targets Middle Eastern ISPs and Government Entities EAGERBEE backdoor

EAGERBEE: Advanced Backdoor Targets Middle Eastern ISPs and Government Entities

Do Son January 6, 2025

Kaspersky Labs has uncovered a sophisticated cyberespionage campaign deploying the EAGERBEE backdoor to infiltrate internet service providers...

Windows 11’s TPM 2.0: Free Software Foundation Fights Forced Upgrades and E-Waste Windows 11's TPM 2.0

Windows 11’s TPM 2.0: Free Software Foundation Fights Forced Upgrades and E-Waste

Do Son January 6, 2025

The Free Software Foundation (FSF) is fresh off a successful International Day Against DRM (IDAD), held on...

7.5 CVE-2024-43452: PoC Exploit Released for Windows Elevation of Privilege Bug CVE-2024-43452 PoC exploit

7.5 CVE-2024-43452: PoC Exploit Released for Windows Elevation of Privilege Bug

Do Son January 5, 2025

Security researchers published the technical details and a proof-of-concept (PoC) exploit code for CVE-2024-43452 (CVSS 7.5), a...

9.8 CVE-2024-9138 and CVE-2024-9140 (CVSS 9.8): Moxa Calls for Immediate Security Action Moxa Linux kernel vulnerabilities Moxa Vulnerability CVE-2024-12297 Moxa OpenSSH Vulnerability CVE-2023-38408 CVE-2023-5961 - CVE-2024-9138 and CVE-2024-9140

Moxa Linux kernel vulnerabilities Moxa Vulnerability CVE-2024-12297 Moxa OpenSSH Vulnerability CVE-2023-38408 CVE-2023-5961 - CVE-2024-9138 and CVE-2024-9140

9.8 CVE-2024-9138 and CVE-2024-9140 (CVSS 9.8): Moxa Calls for Immediate Security Action

Do Son January 5, 2025

Moxa, a leading provider of industrial networking and communication solutions, has issued a security advisory warning of...

NonEuclid RAT—A Sophisticated Tool in the Cybercrime Arsenal Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

NonEuclid RAT—A Sophisticated Tool in the Cybercrime Arsenal

Do Son January 5, 2025

The NonEuclid Remote Access Trojan (RAT), detailed in a report by CYFIRMA, represents a significant evolution in...

CryptBot Infostealer Returns with Sophisticated Tactics for Initial Access PHP RCE vulnerability

CryptBot Infostealer Returns with Sophisticated Tactics for Initial Access

Do Son January 5, 2025

CryptBot, an information-stealing malware first detected in 2019, has resurfaced with advanced tactics to target unsuspecting victims....

Critical GoCD Patches Critical Vulnerability Allowing User Privilege Escalation GoCD vulnerability

Critical GoCD Patches Critical Vulnerability Allowing User Privilege Escalation

Do Son January 5, 2025

Open-source CI/CD platform GoCD has released an urgent security update to address a critical vulnerability, CVE-2024-56320 (CVSS...

Malicious Packages Weaponize OAST for Stealthy Data Exfiltration and Reconnaissance GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

Malicious Packages Weaponize OAST for Stealthy Data Exfiltration and Reconnaissance

Do Son January 5, 2025

Researchers at Socket have uncovered a series of malicious campaigns exploiting Out-of-Band Application Security Testing (OAST) techniques....

Hackers Exploit Social Security Administration Branding to Deliver ConnectWise RAT phishing-3390518_1280

Hackers Exploit Social Security Administration Branding to Deliver ConnectWise RAT

Do Son January 5, 2025

In a concerning escalation of phishing tactics, hackers are spoofing the United States Social Security Administration (SSA)...

Cybersecurity Alert: FireScam—The Android Malware Disguised as Telegram Premium BadBox 2.0, Android Botnet Alien spyware - CVE-2024-43093

Cybersecurity Alert: FireScam—The Android Malware Disguised as Telegram Premium

Do Son January 5, 2025

In an era where mobile applications dominate daily life, cybersecurity threats have reached unprecedented sophistication. A recent...

8.8 CVE-2024-10957 Exposes Over 3 Million WordPress Sites to Unauthenticated PHP Object Injection Exploits WordPress POP chain attack - CVE-2024-10957

WordPress POP chain attack - CVE-2024-10957

8.8 CVE-2024-10957 Exposes Over 3 Million WordPress Sites to Unauthenticated PHP Object Injection Exploits

Do Son January 4, 2025

A newly discovered vulnerability in the UpdraftPlus Backup & Migration Plugin, used by over 3 million WordPress...

MISP Unveils the Threat Actor Naming Standard Iranian Hacktivists Operation Epic Fury Cyber New Generation Warfare Russian Hybrid Escalation Plex data breach Water Systems Cybersecurity - Threat Actor Naming Standard

Iranian Hacktivists Operation Epic Fury Cyber New Generation Warfare Russian Hybrid Escalation Plex data breach Water Systems Cybersecurity - Threat Actor Naming Standard

MISP Unveils the Threat Actor Naming Standard

Do Son January 4, 2025

The MISP-standard.org has announced an advancement in cybersecurity information sharing with the release of the Threat Actor...

Atos Responds to Space Bears Ransomware Allegations Space Bears group

Atos Responds to Space Bears Ransomware Allegations

Do Son January 4, 2025

In a response to recent allegations made by the ransomware group “Space Bears,” Atos, a global leader...

Critical US Treasury Sanctions Chinese Cybersecurity Firm for Supporting Cyberattacks on Critical Infrastructure Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Critical US Treasury Sanctions Chinese Cybersecurity Firm for Supporting Cyberattacks on Critical Infrastructure

Do Son January 3, 2025

The U.S. Department of the Treasury has taken decisive action against a Chinese cybersecurity company accused of...

Data Centers Get an AI Upgrade: Microsoft’s $80 Billion Commitment Microsoft, pricing change Microsoft Server Pricing, On-Premises Price Hike Security Core Priority - Microsoft data centers

Microsoft, pricing change Microsoft Server Pricing, On-Premises Price Hike Security Core Priority - Microsoft data centers

Data Centers Get an AI Upgrade: Microsoft’s $80 Billion Commitment

Do Son January 3, 2025

In a recent blog post, Microsoft outlines a bold vision for the future of American technology and...

5.3 Next.js Patches Denial-of-Service Vulnerability (CVE-2024-56332) in Server Actions CVE-2024-56332 - CVE-2025-29927 Next.js, Cache Poisoning

5.3 Next.js Patches Denial-of-Service Vulnerability (CVE-2024-56332) in Server Actions

Do Son January 3, 2025

The popular React framework, Next.js, has addressed a security vulnerability that could have allowed attackers to launch...

8.7 CVE-2024-56513: Karmada Vulnerability Grants Attackers Control of Kubernetes Systems

Do Son January 3, 2025

A high-severity vulnerability (CVE-2024-56513) has been identified in Karmada (Kubernetes Armada), a management platform designed to facilitate...

India’s VPN Crackdown: Popular Apps Vanish from App Stores India VPN

India’s VPN Crackdown: Popular Apps Vanish from App Stores

Do Son January 3, 2025

In 2022, India began enforcing a new VPN policy mandated by the Indian Computer Emergency Response Team...